Trust & protection

Security of your HACCP App data

Your temperature logs, daily checks and allergen records are business-critical — the evidence you show an inspector. HACCPapp is built to keep them encrypted, backed up and available when you need them.

📅 Last updated: 18 June 2026
🔒 Encryption: TLS in transit
📱 App: HACCPapp (Android)

Why security matters

Your food safety records are business-critical. They protect your customers, satisfy your legal record-keeping duties, and stand as your defence in an audit or an Environmental Health Officer (EHO) visit. We treat them accordingly.

HACCPapp is a digital HACCP app trusted by cafés, restaurants, takeaways and pubs to keep their compliance evidence safe. Security isn't a feature we bolted on — it shapes how the app is built, from on-device storage to the encrypted connections that sync your records to the cloud. This page explains exactly how we protect your data and what you can do to keep your account secure.

🛡️ Our security promise

Your records belong to you. We encrypt them in transit, store them securely, back them up automatically, and we never sell or advertise off your data. You can export or delete everything at any time.

How we protect your data

Every layer of the HACCP app is designed with the protection of your records in mind. Here is how we build that protection in:

Encryption in transit

Every connection between the app and our servers is protected with TLS, so your records can't be read as they travel over the network.

Encrypted cloud storage

Records synced to the cloud are held in encrypted storage on managed, access-controlled infrastructure.

Offline-first on-device

Your checks save locally on your device first — so a dropped signal in a cold room never loses a record, and nothing is held hostage by the network.

Secure authentication tokens

Sign-in uses secure tokens rather than storing your password on the device, keeping your session protected as it syncs.

Access controls

Your data is scoped to your account. Internal access to infrastructure is restricted to what's needed to run and support the service.

Automatic backups

Your synced records are backed up automatically, so a lost or broken phone never means lost compliance history.

2-year secure retention

Records are retained securely for the 2-year window food authorities expect, ready to produce whenever you're inspected.

No selling or ads

We never sell your data and never use it for advertising or profiling. Your records exist only to serve you.

How your data flows

Understanding where your records live makes the security model clear. The HACCP app is offline-first:

  1. Saved locally first. When you log a temperature, complete a daily check or attach a photo, it's written to secure storage on your device immediately — even with no internet connection.
  2. Synced over an encrypted connection. As soon as you're back online, the app syncs those records to the cloud over a TLS-encrypted connection, authenticated with secure tokens.
  3. Stored in encrypted cloud storage. In the cloud your records sit in encrypted, access-controlled storage and are backed up automatically.

This means your data is never solely dependent on one device or one network. If your phone is lost, your history is safe in the cloud; if the network drops, your records are safe on the device until it reconnects.

✓ Why offline-first is also more secure

A record that's captured on-device the moment a check happens can't be lost to a flaky connection — and it's only ever transmitted over an encrypted channel. Reliability and security reinforce each other.

Account security

The strongest protections work best when paired with good habits at your end. We recommend that you and your team:

  • Use a strong, unique password for your HACCPapp account — ideally generated and stored in a password manager, and never reused from another service.
  • Keep your device locked with a PIN, pattern or biometric lock. Because the app stores records on-device, a locked phone is your first line of defence.
  • Sign out on shared devices. If a tablet at the counter is used by multiple staff or shifts, sign out when you're done so the next person can't act under your account.
  • Keep the app updated so you always have the latest security improvements from Google Play.
  • Tell us quickly if you suspect your account has been accessed by someone else, so we can help you secure it.

Data residency & retention

Your records are stored securely in managed cloud infrastructure with encryption and access controls. We keep your food safety records for the 2-year period that food safety authorities expect — the window in which an EHO or EU inspector may ask you to produce your history — plus a short grace period.

You stay in control throughout. You can export your records at any time using the app's PDF export, and you can request full deletion of your account and records whenever you choose.

For exactly what data we hold and why, see our Privacy Policy. To remove your data, see Account & Data Deletion.

Reliability & backups

Compliance evidence is only useful if it's there when you need it. Your synced records are backed up automatically so that a lost, stolen or broken phone never costs you your history — sign in on a new device and your records are restored from the cloud.

Because the app is offline-first, day-to-day reliability doesn't depend on a perfect connection: checks are captured locally and sync when the network returns. The combination of on-device storage, automatic cloud backups and encrypted sync is designed to keep your inspection-ready history available and intact.

Responsible disclosure

We welcome the security research community. If you believe you've found a vulnerability in the HACCP app, our website or our infrastructure, we'd genuinely like to hear from you so we can fix it.

🔎 Report a vulnerability

Please email [email protected] with the details and steps to reproduce. We commit to acknowledging your report, investigating in good faith, and keeping you updated. We ask that you give us reasonable time to remediate before any public disclosure, and that you avoid accessing or modifying other users' data during your research.

Compliance context

HACCPapp is designed to help food businesses meet their data-protection duties under the EU GDPR and UK GDPR, alongside their own HACCP record-keeping obligations. We practise data minimisation, encrypt records in transit, restrict access, and honour your rights to export and deletion.

To be clear about what these protections are: this page describes how we build and operate the service, not a claim of specific external certification. For the full detail on the data we collect, the legal bases we rely on, and your rights, please read our Privacy Policy.

Contact us

Have a security question, or want to report something? We're here to help.

📧 Security contact

Security & vulnerability reports: [email protected]  ·  General support: haccpapp.net/support

This Security overview was last updated on 18 June 2026 and is published at https://haccpapp.net/security/. It describes how the HACCPapp Android application protects your data and complements our Privacy Policy and Terms of Service.