Security Policy

Individuals and companies trust Commissary to keep their personal and company data safe and secure every day, and we take that responsibility seriously.


Commissary will undergo SOC 2 Type 2 audits for controls relevant to security, availability, and confidentiality with no exceptions in entity-level testing. This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we’ve implemented.

Upon completion, copies of our SOC2 report can be obtained by emailing


Commissary hosting is with Gigalixir and Amazon Web Services. Access is limited to machines that need read and write access to the data.

Employee Access

Commissary employees do not see your customer data unless required to do so for support reasons. If you reach out with a support issue which requires us to access your customer data, we will request and wait for your written permission before doing so. We have an audit trail of customer data access to prevent misuse. We would only access your customer data without your permission in the event of a rare, emergency service incident that is causing system-level outage.

Maintaining Security

All passwords are one-way hashed in the database.

We intend to add multi-factor authentication, or 2FA, as an additional security measure when accessing your Commissary account. Enabling 2FA adds security to your account by requiring both your password as well as access to a security code on your phone to access your account.

Credit Card Safety

When you sign up for a paid account on Commissary, your credit card information is handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers. Our servers do not store or even see your credit card information.

For More Information

If you have any questions or concerns, please contact us at