Is Nstock Secure? How Your Manufacturing Data Is Protected

Supplier pricing, vendor relationships, BOMs, and COGS are competitive information. Here's exactly how Nstock keeps that data isolated, access-controlled, and encrypted — in plain language, no jargon.

Your Recipes and Numbers Are Competitive Information

Putting your business into a cloud tool means putting your supplier list, negotiated pricing, bills of materials, and real margins somewhere outside a spreadsheet on your own laptop. That's a legitimate thing to think hard about — this data is often the most competitive information a manufacturer has. A supplier's pricing terms, a recipe's exact ratios, or a product's true cost of goods sold isn't something you want visible to the wrong person, whether that's a competitor or just someone on your own team who shouldn't need to see it.

That's the lens Nstock's security is built through: keep your data isolated from every other company on the platform, and give you the tools to control exactly who on your own team can see what. Below is the complete, honest list of what that means in practice — no marketing gloss, no claims Nstock can't back up.

Data Isolation

Company-level data isolation
Every account lives inside its own company workspace. Firestore security rules enforce that isolation on the server for every single read and write — it's not just hidden in the interface, it's blocked at the database level. Another company's users cannot query your data.

Account Security

Two-factor authentication
Every user can turn on two-factor authentication in Settings > Security — an authenticator app (TOTP) or SMS. It's self-enrolled, so you decide when to turn it on for your account.
Firebase-backed sign-in
Sign-in runs through Firebase Authentication, including Google sign-in, rather than a homegrown login system.

Team Access Control

Invite-only workspace access
No one can self-join your company. New users get in only when an admin sends them an invite — there's no public signup path into an existing workspace.
Role-based access control
Admins decide who on the team sees and does what. Higher tiers add custom roles and per-feature permissions, so you can scope access down to specific parts of the system rather than an all-or-nothing setting.
Audit log
Nstock keeps a log of who changed what and when, so admins can review activity across the account rather than relying on memory or guesswork. Extended audit log export is available on higher tiers.

Integrations & Payments

Integration credentials stay server-side
API keys for Shopify, ShipStation, and other integrations are stored on the server and never sent to the browser. The interface only ever shows the last four characters of a stored key.
Verified webhooks
Incoming Shopify webhook payloads are cryptographically verified with an HMAC signature before Nstock processes them, so a request has to prove it actually came from Shopify.
No stored card numbers
Payments run entirely through Stripe. Nstock never stores your credit card number.

Infrastructure

Google Cloud infrastructure
Nstock runs on Google Cloud and Firebase. Data is encrypted in transit (TLS/HTTPS) and encrypted at rest, using Google's infrastructure-level defaults.

See how these controls fit into the rest of what Nstock does on the features page, or compare tiers — including which access-control features are included at each level — on the pricing page.

Frequently Asked Questions

Is my data isolated from other companies using Nstock?

Yes. Every account belongs to a company workspace, and Firestore security rules enforce that isolation on the server for every read and write. Another company's users cannot query or see your data — it isn't just hidden in the interface, it's blocked at the database level.

Can I control what my team members see?

Yes. Admins control access through role-based permissions — deciding who can see supplier pricing, BOMs, costs, and other sensitive data. Higher tiers add custom roles and per-feature permissions for finer-grained control, plus an audit log so admins can see who changed what and when.

Do you store credit card numbers?

No. Payments are processed entirely through Stripe. Nstock never stores your card number.

How are integration credentials like API keys protected?

API keys for integrations such as Shopify and ShipStation are stored server-side and never sent to the browser. The Nstock interface only ever displays the last four characters of a stored key.

Is Nstock SOC 2 certified?

Not today. Nstock does not currently hold SOC 2, ISO 27001, or any other formal security certification. Instead, the platform relies on architectural measures — server-enforced company-level data isolation, role-based access control, two-factor authentication, an audit log, and Google Cloud's encryption-in-transit and encryption-at-rest defaults. Formal certifications are something Nstock expects to evaluate as the company grows.

Have a Security Question We Didn't Cover?

Talk to the Nstock team directly — we'd rather answer honestly than leave you guessing.

Security researcher? See our vulnerability disclosure policy.