{
  "name": "FablePOS Security and Compliance Trust Evidence",
  "canonicalUrl": "https://www.fablepos.com/trust-evidence.json",
  "publisher": {
    "name": "Lydiasoft",
    "website": "https://lydiasoft.com/",
    "contact": "info@lydiasoft.com.au",
    "officialContactSource": "https://lydiasoft.com/contact.html"
  },
  "product": {
    "name": "FablePOS",
    "website": "https://www.fablepos.com/",
    "category": "Cloud POS platform for cafes, retailers, shops, restaurants and service businesses"
  },
  "certificationPosition": "FablePOS is not currently represented as certified. The listed standards describe certificate-level controls used to guide software development, security posture and operational process.",
  "alignedStandards": [
    "ISO/IEC 27001",
    "ISO/IEC 27017",
    "ISO/IEC 27018",
    "ISO 9001",
    "ISO/IEC 20000-1",
    "ISO/IEC 12207",
    "ISO 22301",
    "ISO 31000"
  ],
  "controlEvidence": [
    {
      "area": "Tenant isolation evidence",
      "evidence": "Tenant resolution blocks cross-tenant access, module gates protect licensed features and platform/reseller roles stay separated from tenant staff workflows.",
      "supports": ["ISO/IEC 27001", "ISO/IEC 27017", "ISO 31000"]
    },
    {
      "area": "Data protection evidence",
      "evidence": "Sensitive fields use encryption paths, card data is delegated to Stripe, receipt printer access requires explicit QZ Tray trust and API responses avoid sensitive caching.",
      "supports": ["ISO/IEC 27001", "ISO/IEC 27018", "ISO/IEC 27017"]
    },
    {
      "area": "Operational audit evidence",
      "evidence": "Security events record login failures, lockouts, API key failures, support access checks, platform admin changes and subscription-sensitive actions.",
      "supports": ["ISO/IEC 27001", "ISO/IEC 20000-1", "ISO 9001"]
    },
    {
      "area": "Lifecycle and continuity evidence",
      "evidence": "Public hardening headers, security policy files, automated tests, change-tracked backend/frontend flows and continuity-minded module boundaries support controlled releases.",
      "supports": ["ISO/IEC 12207", "ISO 22301", "ISO/IEC 20000-1"]
    }
  ],
  "publicSecurityResources": {
    "securityTxt": "https://www.fablepos.com/.well-known/security.txt",
    "securityPolicy": "https://www.fablepos.com/.well-known/security-policy.txt",
    "aiOverview": "https://www.fablepos.com/ai-overview.json",
    "llms": "https://www.fablepos.com/llms.txt",
    "humans": "https://www.fablepos.com/humans.txt"
  }
}
