Your club’s data is yours. Always.

Private clubs handle sensitive member data, financial records, and vendor contracts. Pinnacle is built with structural data isolation, server-side access control, and enterprise-grade encryption, not bolted on after the fact.

🔒 Data Isolation

Structural org isolation
Every database query is scoped by organization ID at the ORM layer, not a permission setting, not a WHERE clause you can forget. Cross-org data access is architecturally impossible.
Multi-tenant by design
Pinnacle is built multi-tenant from the ground up. Your club's inventory, member records, and financial data are never co-mingled with another organization's data.
No shared tables without org scoping
Every table in the schema includes orgId as a non-nullable foreign key. Schema migrations require org isolation review before merge.

🛡️ Access Control

Server-side RBAC only
Role-based access control is enforced on every API endpoint via middleware, never client-side only. Five roles: Owner, GM, Department Manager, Staff, Read-Only.
Session-based authentication
NextAuth.js session tokens with 30-day expiry. CSRF protection on all state-changing endpoints. Secure, httpOnly cookies.
Rate limiting on auth endpoints
Sliding window rate limiting via Redis on all authentication and public endpoints. Brute-force protection on login and password reset.

🔐 Encryption & Transmission

TLS everywhere
All traffic encrypted in transit via TLS. Cloudflare terminates TLS at the edge. No plaintext HTTP accepted.
Passwords never stored in plaintext
All user passwords hashed with bcrypt. Salted, never reversible. Password reset invalidates all active sessions.
Payment data handled by Stripe
No raw card numbers ever touch Pinnacle servers. All payment processing handled by Stripe with PCI DSS Level 1 certification.

🏗️ Infrastructure

Cloudflare protection
DDoS mitigation, web application firewall, and bot detection via Cloudflare. No direct server exposure.
Managed database with automated backups
PostgreSQL on Neon managed cloud with point-in-time recovery. Daily automated backups with 7-day retention.
No secrets in code
All API keys, database credentials, and service secrets stored as environment variables. Codebase contains no hardcoded credentials.

🧹 Input & Query Safety

Parameterized queries only
All database operations use Prisma ORM with parameterized queries. SQL injection is architecturally impossible, no raw SQL in the codebase.
Input validation on all endpoints
Zod schema validation on every API endpoint. Malformed input is rejected before it touches the database layer.
XSS protection
React's JSX escaping prevents cross-site scripting by default. Content-Security-Policy headers configured at the edge.

Responsible Disclosure

If you discover a security vulnerability in Pinnacle, please report it responsibly before public disclosure. We commit to acknowledging reports within 48 hours and resolving critical issues within 7 business days.

Report to: security@pinnacleclubs.net

Please include: affected component, steps to reproduce, potential impact, and your contact information. We do not pursue legal action against good-faith security researchers.

Questions about data handling, compliance requirements, or enterprise security review? Contact security@pinnacleclubs.net. For data privacy questions, see our Privacy Policy.