How Stonegate Scribe Protects Your Catalog and Pricing Data

For a monument wholesaler, your catalog is more than a product list. It encodes your supplier relationships, your margin structure, the agreements you have with each retailer, and the order history that tells the story of your business. The same is true of your pricing rules and customer records. These are competitive assets, and treating them that way is the baseline for any platform that asks to hold them.

This post outlines how Stonegate Scribe is built to keep that data safe: what stays isolated to your business, who can see what inside the platform, and how the underlying infrastructure is set up.

A Separate Database for Every Wholesaler

Stonegate Scribe is single-tenant at the database layer. Every wholesaler we onboard gets their own database, with their own schemas and their own copy of the data. Your catalog, pricing rules, quotes, orders, and customer information live inside walls that no other wholesaler's account ever touches.

This is a deliberate departure from the more common multi-tenant model, where many customers share a single database and isolation is enforced only by row-level filters in application code. Database-level separation means a mistake in application logic cannot accidentally surface another wholesaler's data, because the other wholesaler's data is not in the same database to begin with.

Subdomain-Based Routing Keeps Connections Scoped

Every wholesaler runs on their own subdomain. When a request arrives at Stonegate Scribe, the origin of that request determines which wholesaler it belongs to, and the application connects only to that wholesaler's database for the lifetime of the request.

The practical effect is straightforward: a user authenticated against Wholesaler A's environment cannot query Wholesaler B's data. The application never opens that connection. There is no shared query surface where a misconfigured filter could leak data across customers.

Roles and Permissions You Control

Inside your wholesaler account, access is enforced at the application layer.

For your internal team, you assign roles and permissions that match how your business is structured. A sales lead might see quotes and orders across the company, while a production user might see only the queue relevant to their shop. You decide what each role can read, edit, and approve.

For your retailers, scoping is automatic. A retailer using your design tool only sees the designs, quotes, and orders they have created themselves. They never see your full pipeline, your other retailers' submissions, or the internal notes your team attaches to records. They get a focused, branded experience that shows only their own work.

Encrypted Storage on AWS

Stonegate Scribe runs on AWS. Catalog content, pricing rules, customer records, and generated documents are all encrypted at rest using the storage encryption provided by AWS managed services. Your data is protected on disk whether it is being actively used or sitting idle in a backup.

Daily Backups, 30-Day Retention

Every database is backed up daily, and we retain the last 30 days of backups. If something goes wrong, whether a bad import, an accidental deletion, or an operational issue, your environment can be rolled back to a known-good snapshot from any point in the past month.

For a wholesaler, this is the difference between losing a day of work and losing a quarter of work. The backup window is wide enough that problems discovered days later are still recoverable.

Audit Logging

Every significant action inside Stonegate Scribe is captured in an audit log: user logins, catalog edits, pricing rule changes, quote approvals, order status transitions, and more. Audit logs are retained for 30 days and can be reviewed to understand who did what, and when.

This is the safety net that turns "we think someone changed that price" into a definitive answer. When questions come up, whether internally or with a retailer, the record exists.

A Small, Vetted Set of Subprocessors

The platform uses a narrow, deliberate set of third-party services to handle work that is best left to specialists. Stripe handles billing so that payment card information never touches Stonegate Scribe's own systems. Resend handles transactional emails. We do not share customer data with services beyond what is required to deliver the platform, and we do not introduce new subprocessors without a clear operational reason.

Built With the Asset in Mind

Catalog and pricing data are the parts of a wholesale business that should never end up in the wrong hands. Stonegate Scribe is built around that assumption: each customer in their own database, traffic scoped by subdomain, roles you define for your team, automatic scoping for your retailers, encrypted storage, daily backups, and audit logs that hold the system to account.

If you are evaluating whether to put your operation onto a digital platform, the question worth asking is whether the system treats your data the same way you would. Stonegate Scribe is built so that the answer is yes.