SARAH
DocumentationAPI Reference

Introduction to Security

Learn about Sarah's security measures and how to protect your information and that of your customers.

Last updated: 2025-01-26

Security is fundamental in Sarah. This guide explains the security measures implemented and how you can protect your information and that of your customers.

Security Principles

Data Protection

Sarah implements multiple security layers to protect:

  • Customer data: Personal and contact information
  • Financial data: Payment and transaction information
  • Commercial data: Inventory, sales, reports
  • Credentials: Users, passwords, tokens

Compliance

Sarah complies with security standards:

  • Encryption: Data encrypted in transit and at rest
  • Authentication: Robust authentication system
  • Authorization: Role-based access control
  • Audit: Logging of important activities

Security Features

Authentication

  • Strong passwords: Complexity requirements
  • Two-factor authentication (2FA): Optional but recommended
  • Secure sessions: Encrypted session tokens
  • Session timeout: Automatic after inactivity

Authorization

  • Roles and permissions: Granular access control
  • Per-company access: Each user only sees their company
  • Specific permissions: Control over what each user can do

Encryption

  • Data in transit: HTTPS/TLS for all communications
  • Data at rest: Encryption of sensitive data
  • Credentials: Encrypted passwords and tokens

Audit

  • Activity logging: Logs of important actions
  • Traceability: Who did what and when
  • Monitoring: Detection of suspicious activities

Roles and Permissions

Administrator (Role ID: 1)

Full system access:

  • ✅ Company configuration
  • ✅ User management
  • ✅ Access to all modules
  • ✅ Billing and reports
  • ✅ Integration configuration

Cashier (Role ID: 2)

Focused on cash operations:

  • ✅ Point of sale (POS)
  • ✅ Cash registers and shifts
  • ✅ Basic sales
  • ❌ Configuration
  • ❌ User management

Salesperson (Role ID: 3)

Focused on sales:

  • ✅ Point of sale (POS)
  • ✅ Customer management
  • ✅ Sales
  • ❌ Cash registers and shifts
  • ❌ Configuration

Best Practices

For Administrators

  • Use strong passwords: Minimum 12 characters, mix of uppercase, lowercase, numbers, and symbols
  • Enable 2FA: Two-factor authentication when available
  • Review users regularly: Remove users who no longer need access
  • Assign appropriate roles: Don't give administrator permissions unnecessarily
  • Monitor activities: Review logs regularly

For Users

  • Don't share credentials: Each user must have their own account
  • Log out: Log out when finished, especially on shared computers
  • Report problems: If you notice something suspicious, report it immediately
  • Update passwords: Change passwords periodically

For the Company

  • Password policy: Establish a clear policy
  • Training: Train your team on security
  • Regular review: Review users and permissions regularly
  • Backup: Ensure you have regular backups

Data Protection

Customer Data

  • Personal information: Stored securely
  • Contact data: Protected and only accessible by authorized users
  • Purchase history: Only visible to users with permissions

Financial Data

  • Payment information: Card data is not stored
  • Transactions: Processed securely
  • MercadoPago integration: MercadoPago handles all sensitive information

Commercial Data

  • Inventory: Protected and only accessible by authorized users
  • Sales: Complete history with traceability
  • Reports: Only authorized users can view reports

Secure Integrations

MercadoPago

  • Encrypted credentials: Tokens stored securely
  • Secure communication: All communications are HTTPS
  • No card data: MercadoPago handles all sensitive information

Correo Argentino

  • Encrypted credentials: Username and password stored securely
  • Secure communication: API calls are HTTPS
  • Validation: Credentials validated before use

AFIP/ARCA

  • Secure certificates: Digital certificates for authentication
  • Encrypted communication: All communications are secure
  • Traceability: All operations are recorded

Security Incidents

If You Suspect a Problem

  1. Change passwords: Change all passwords immediately
  2. Review users: Verify there are no unauthorized users
  3. Review activities: Review recent activity logs
  4. Contact support: Contact Sarah support immediately

Prevention

  • Monitor regularly: Review users and activities
  • Train team: Ensure everyone understands security
  • Update regularly: Keep system updated
  • Use best practices: Follow security best practices

Next Steps