Security Policy

Last updated: January 9, 2026

Our Commitment to Security

At CNBS, security is at the core of everything we do. As a platform serving the cannabis industry, we understand the critical importance of protecting sensitive business data, customer information, and ensuring compliance with stringent regulatory requirements.

Data Encryption

We employ industry-leading encryption standards to protect your data:

  • TLS 1.3 encryption for all data in transit
  • AES-256 encryption for data at rest
  • End-to-end encryption for sensitive customer information
  • Encrypted database backups stored in multiple secure locations

Access Controls

We implement strict access control measures:

  • Multi-factor authentication (MFA) for all user accounts
  • Role-based access control (RBAC) to limit data access
  • Regular access audits and review of permissions
  • Automatic session timeouts for inactive users
  • IP whitelisting options for enhanced security

Infrastructure Security

Our infrastructure is built on secure, enterprise-grade platforms:

  • Hosted on SOC 2 Type II certified cloud infrastructure
  • 24/7 security monitoring and threat detection
  • Regular security patches and system updates
  • DDoS protection and traffic filtering
  • Isolated production and development environments
  • Regular penetration testing by third-party security firms

Compliance & Auditing

We maintain strict compliance with industry standards and regulations:

  • Cannabis-specific regulatory compliance tracking
  • Comprehensive audit logging of all system activities
  • Regular security audits and compliance assessments
  • PCI DSS compliance for payment processing
  • GDPR and CCPA compliance for data privacy
  • State-specific cannabis regulations adherence

Data Backup & Recovery

We ensure business continuity through robust backup systems:

  • Automated daily backups of all critical data
  • Encrypted backup storage in geographically distributed locations
  • Regular disaster recovery testing
  • 99.9% uptime SLA guarantee
  • Point-in-time recovery capabilities

Employee Security Training

Our team is trained to maintain the highest security standards:

  • Regular security awareness training for all employees
  • Background checks for all personnel with data access
  • Strict confidentiality agreements
  • Security-first development practices
  • Incident response training and procedures

Payment Security

We handle payment information with the utmost care:

  • PCI DSS Level 1 compliant payment processing
  • Tokenization of sensitive payment data
  • No storage of full credit card numbers
  • Secure payment gateway integration
  • Support for cannabis-compliant payment processors

Vulnerability Management

We proactively identify and address security vulnerabilities:

  • Regular vulnerability scanning and assessments
  • Bug bounty program for responsible disclosure
  • Rapid response to identified security issues
  • Security patches deployed within 24 hours of critical vulnerabilities
  • Third-party security audits conducted annually

Incident Response

In the unlikely event of a security incident:

  • 24/7 security incident response team
  • Immediate notification to affected parties
  • Detailed incident investigation and reporting
  • Coordinated response with law enforcement when necessary
  • Post-incident analysis and security improvements

Cannabis Industry-Specific Security

We understand the unique security challenges of the cannabis industry:

  • Integration with state tracking systems (METRC, BioTrack, etc.)
  • Secure handling of age verification data
  • Compliance with state-specific data retention requirements
  • Protection against industry-targeted cyberattacks
  • Secure inventory and sales tracking

Your Role in Security

Security is a shared responsibility. We recommend:

  • Use strong, unique passwords for your account
  • Enable multi-factor authentication
  • Keep your devices and software updated
  • Be cautious of phishing attempts
  • Report any suspicious activity immediately
  • Regularly review user access permissions

Report a Security Concern

If you discover a security vulnerability or have concerns about our security practices, please contact us immediately:

CNBS Security Team

Email: security@cnbs.com

Emergency Hotline: Available upon request

We appreciate responsible disclosure and will respond to all reports within 24 hours.

Updates to This Policy

We regularly review and update our security practices. Material changes to this policy will be communicated via email and posted on this page.