DATE:
AUTHOR:
The Thanx team
Integrations Ordering Loyalty Guest Engagement Marketing Automation Toast ThanxAI Offers & Rewards Reporting & Insights Org Management & Settings App Experience

Behind the scenes: how we're leveling up security

DATE:
AUTHOR: The Thanx team

Most of the work our team does to keep your data safe is invisible by design, but we wanted to give you a peek behind the curtain at some of what's been happening lately to keep your program and your customers' data safe.

What we've been doing

We've made security a more structured, ongoing part of how we build and operate — not just a response to problems as they come up. That includes automated scanning across our codebase for known vulnerabilities and exposed credentials, stronger protections around who can access merchant accounts, and faster internal alerting when something looks off.

Why it matters

  • Fewer surprises, faster response — automated alerts mean our team catches and addresses issues quickly, often before they become anything you'd notice.

  • Tighter access controls — we've added new safeguards around merchant dashboard and API access, including better tools for revoking access when needed.

  • A heads-up when it counts — if someone tries to invite a new dashboard user from an unfamiliar email domain, you'll now see a warning, so you can catch unauthorized invites before they happen.

  • Traffic monitoring that works — unusual or abusive traffic patterns get flagged and addressed faster than before.

What you'll notice

Almost all of this runs behind the scenes. The one visible change: when inviting a new user to your Thanx dashboard, you may see a warning if their email domain hasn't been used on your account before. It's a quick check to help prevent unauthorized access.

FAQs

Did something happen that prompted this?

This reflects an ongoing, expanding investment in security as our platform and merchant base grow, not a reaction to a single event.

Do I need to do anything?

No action needed. These are backend and infrastructure improvements.

Are any of my systems or data affected by the security scanning?

Scanning covers our internal systems and codebase, not merchant data. Anything found was rotated or removed as part of standard hardening.

Powered by LaunchNotes