Request a demo
+1 213 6469356

Decker Security

The Decker security model protects the platform controls, data flows, user permissions, monitoring tools, and recovery processes that customers rely on to manage accounts, content, integrations, devices, and screen networks.

As digital signage software, Decker secures the full operating chain: account access, role permissions, publishing control, data synchronization, device status, screen monitoring, and recovery after operational failures. For enterprise deployments, the security model supports distributed teams, multi-location networks, franchise operators, and organizations with stricter access and reliability requirements.

Security Overview

Decker Security is built around several layers of protection that work together inside one operating environment.

Security Layer What Decker Security Protects
Access Security User accounts, authentication, administrative access, and trusted network access.
Permission Security Roles, workspaces, user groups, contractors, franchise users, and different administration levels.
Publishing Security Menus, media, promotions, schedules, templates, configuration files, and screen updates.
Data Security POS, ERP, accounting, inventory, API data flows, synchronization events, logs, and platform information.
Device Security Connected devices, local configuration, local storage, playback recovery, and device operating settings.
Screen Network Reliability Screen status, image presence, HDMI recovery, power control, offline playback, and recovery workflows.

 

Platform Access Security

Platform access security protects the administrative environment where customers manage users, screens, content, schedules, integrations, and publishing rules.

Multi-Factor Authentication

Decker supports multi-factor authentication for administrative access. An additional verification factor helps protect accounts used to manage menus, screens, schedules, publishing rules, integrations, and network settings.

IP Address Restrictions

Administrative access can be limited to trusted IP addresses. IP allowlisting helps reduce unauthorized access from unknown networks and adds another control layer for head office teams, contractors, and distributed operators.

Role-Based Access Control

Decker uses role-based access control to separate permissions between central office teams, local teams, franchise operators, partners, and external contractors.

RBAC helps reduce excessive permissions and separates areas of responsibility. This makes daily administration safer and more predictable.

Workspace Segmentation

Workspaces separate access to content, devices, screen groups, operational tasks, and account sections inside the same account structure.

This control is useful for companies with multiple branches, several brands, regional teams, franchise models, or different administration levels.

Access Logging

Decker can record important actions inside the administrative environment. This helps teams understand who changed content, updated schedules, modified settings, or triggered publication events.

Publishing and Configuration Security

Publishing security protects the process of sending content, schedules, configuration files, and updates to screens.

Decker reduces operational risks that come from manual file replacement, USB updates, and local editing at each site. The platform creates a centralized publishing process where content, templates, schedules, and business data are managed from one place.

This helps maintain consistency between the source system, the template, and the screen.

Decker can receive data from POS, ERP, accounting, inventory, or API sources. The platform can detect changed items and send only the required updates to connected devices. This reduces the risk of outdated prices, incorrect menu items, mismatched promotions, or inconsistent content.

Segmented Publishing Zones

Screen groups, content zones, and publishing scenarios can be separated from each other.

Segmentation helps prevent changes in one brand, branch, or content zone from affecting another part of the network.

Trusted Configuration Delivery

Devices receive working files, schedules, and configuration data from the Decker management system. This helps protect the screen network from incorrect content delivery, unauthorized local changes, and mismatched publishing scenarios.

Data Protection

Data protection in Decker includes protected data transmission, controlled access, and structured data handling for platform information under the data practices described in the Decker Privacy Policy.

Data protection practices may include:

  • TLS 1.3 for secure data transmission.
  • AES-256 encryption for stored data where applicable.
  • Access control based on user roles.
  • Limited internal access to customer data.
  • Backup procedures.
  • Data retention rules.
  • Data deletion procedures.
  • Service provider review.
  • Separation of customer workspaces and operational data.

These controls help protect information used for account administration, content publishing, screen management, integrations, logs, and support workflows.

Synchronization Security

Synchronization security protects the data flow between customer systems and the Decker platform.

This matters when menus, prices, availability, promotions, or other business data are updated through POS, ERP, accounting, inventory, or API sources.

The synchronization process helps keep screen content aligned with the customer’s source systems. Decker can process updates, detect changed items, and deliver the required data to connected devices.

This reduces manual work and lowers the risk of outdated information appearing on screens.

Operational Reliability

Operational reliability is part of Decker Security because screen content must remain available during daily business operations.

The platform combines cloud infrastructure, device monitoring, local playback logic, and recovery procedures.

Reliability practices may include:

  • cloud-based infrastructure;
  • continuous device monitoring;
  • screen monitoring;
  • delivery status checks;
  • local offline cache on the device side;
  • autonomous playback during temporary connection loss;
  • automatic synchronization after connection recovery;
  • incident review;
  • backup and recovery procedures;
  • operational notifications for failures.

If a connection becomes unstable, connected devices can continue showing locally stored content and schedules. When the connection returns, Decker can synchronize updates, logs, and device statuses.

Backup and Recovery

Backup and recovery controls are designed to reduce data loss and shorten restoration time after incidents.

Recovery practices may include:

  • daily backups of platform data and logs;
  • backup storage in an isolated environment;
  • infrastructure recovery procedures;
  • controlled restore processes;
  • remote recovery workflows for connected devices;
  • restoration of publications, device states, and operational logs.

These practices support faster recovery after infrastructure, synchronization, or device-related incidents.

Vulnerability Management and Change Control

The Decker security process is supported by vulnerability review, platform updates, incident analysis, and controlled release practices.

Security and change management practices may include:

  • vulnerability scanning;
  • patching and software updates;
  • review of security findings;
  • controlled deployment of critical changes;
  • testing before release where required;
  • monitoring after deployment;
  • incident review;
  • corrective action.

This process helps reduce the risk of service disruption and protects screen network stability during platform updates.

Personnel and Internal Access Practices

Decker employees and contractors operate under internal access rules for systems, data, and service functions.

Internal access practices may include:

  • role-based internal access;
  • access based on business need;
  • confidentiality obligations;
  • review of sensitive system access;
  • logging of important administrative actions;
  • separation of responsibilities between teams.

These practices help reduce unnecessary access and support a controlled operating environment for customer projects.

Enterprise Security Controls

Enterprise security controls support larger organizations, distributed teams, and multi-location operations.

Enterprise security options may include:

  • dedicated implementation review;
  • access structure planning;
  • workspace and role design;
  • IP allowlisting;
  • support for multiple branches and brands;
  • integration review;
  • security documentation review;
  • dedicated technical support;
  • personal manager;
  • on-site assistance under agreed project terms.

Enterprise controls are defined based on the customer’s operating model, number of branches, integration needs, internal approval process, security requirements, and applicable customer obligations under the Decker Terms of Use.

Hardware and Screen Security

Hardware and screen security protect connected devices and actual screen operation at each site.

Remote Playback Recovery

A control device can help return a TV to the correct HDMI input after a power interruption or source change.

The infrared control module allows the team to send a remote command to the TV and restore content playback without manual action at the site.

Screen Status Monitoring

The hardware control layer can detect whether an image is actually present on the screen and send the status to the system.

This gives the team visibility not only into device connection, but also into real content display.

Power Management

Scheduled power control can turn screens on, turn them off, or restart them under defined rules.

This reduces hardware load, supports predictable operation, and may help extend the service life of TVs and display equipment.

Device Settings Protection

The device operating environment can be protected from accidental or unauthorized local changes.

This helps maintain consistent configuration across sites and reduces the risk of local errors that can interrupt playback.

Local Data Protection

Device data, settings, and service files can be stored in a protected form.

This limits access outside the intended operating environment and reduces the risk of unauthorized use of local information.

Reduced Network Exposure

Connected devices can operate without unnecessary inbound access from the public internet.

This reduces the attack surface and helps align deployment with corporate network security requirements.

Monitoring and Incident Response

Monitoring and incident response workflows help protect connected screens, devices, content delivery, and synchronization events.

Monitoring can help detect:

  • offline devices;
  • missing content playback;
  • delivery failures;
  • synchronization errors;
  • device status changes;
  • display recovery issues;
  • connection interruptions;
  • publishing inconsistencies.

When an issue is detected, the support process can include diagnosis, escalation, recovery steps, and follow-up with the customer team through the Decker software support.

Security Reports and Responsible Disclosure

If you need to ask a security question, request security documentation, or report a possible vulnerability, contact the Decker team; personal information submitted through security or website forms is covered by the Consent to Personal Data Processing.

Security contact: support@deckerapp.com

Please include:

  • a clear description of the issue;
  • affected account, system, or endpoint if applicable;
  • steps to reproduce the issue;
  • screenshots, logs, or technical details if available;
  • your contact information for follow-up.

Decker reviews security reports to understand potential impact, confirm technical details, and determine next steps.

Start Working with Decker

Decker Security helps teams protect platform access, user permissions, content publishing, data synchronization, device status, screen monitoring, and recovery workflows through a secure and reliable platform.