Security

How Stonegate Scribe Protects Your Business Data

May 21, 2026 · 5 min read

How guarded a wholesaler is about pricing varies. Plenty hand their catalog and price sheet to any serious buyer, and some post both on their website; others keep their numbers closer. Either way, the catalog is only part of what a platform holds on your behalf. Customer records, order history, and the specific quotes and terms tied to each retailer sit alongside it. Once your whole operation lives on shared software, two questions matter. Can another wholesaler on the same platform reach your data? And can you control who inside your own business sees it?

Stonegate Scribe is built to answer both. Your data stays isolated, encrypted, and auditable. Here is what stays walled off to your business, who can see what inside the platform, and how the infrastructure is set up.

A Separate Database for Every Wholesaler

Stonegate Scribe is single-tenant at the database layer. Every wholesaler we onboard gets a separate database, with its own schemas and its own copy of the data. Your catalog, pricing rules, quotes, orders, and customer records sit where no other wholesaler's account can reach them.

Most platforms take the multi-tenant route, where many customers share one database and isolation depends on row-level filters in application code. We separate at the database level instead. A bug in application logic cannot surface another wholesaler's data, because that data is not in the same database to begin with.

Connections Scoped by Subdomain

Every wholesaler runs on its own subdomain. When a request reaches Stonegate Scribe, its origin determines which wholesaler it belongs to, and the application connects only to that wholesaler's database for the life of the request.

So a user authenticated against Wholesaler A's environment cannot query Wholesaler B's data. The application never opens that connection. No shared query surface exists where a misconfigured filter could leak data across customers.

Roles and Permissions You Control

Inside your wholesaler account, access is enforced at the application layer.

For your internal team, you assign roles and permissions that match how the business is structured. A sales lead might see quotes and orders across the company; a production user might see only the queue for their shop. You decide what each role can read, edit, and approve.

For your retailers, scoping happens automatically. A retailer using your design tool sees only the designs, quotes, and orders they created. Your full pipeline, your other retailers' submissions, and the internal notes your team attaches to records stay hidden. What they get is a focused, branded view of their own work.

Encrypted Storage on AWS

Stonegate Scribe runs on AWS. Catalog content, pricing rules, customer records, and generated documents are encrypted at rest using the storage encryption provided by AWS managed services. Your data stays protected on disk whether it is in active use or sitting idle in a backup.

Daily Backups, 30-Day Retention

Every database is backed up daily, and we keep the last 30 days of backups. If something goes wrong, whether a bad import, an accidental deletion, or an operational issue, your environment can roll back to a known-good snapshot from any point in the past month.

For a wholesaler, that is the difference between losing a day of work and losing a quarter of it. A 30-day window means a problem found a week after it happened is still recoverable.

Audit Logging

Every significant action inside Stonegate Scribe lands in an audit log: user logins, catalog edits, pricing rule changes, quote approvals, order status transitions, and more. Logs are retained for 30 days and can be reviewed to see who did what, and when.

That record turns "we think someone changed that price" into a definite answer. When a question comes up internally or with a retailer, the evidence is there.

A Small, Vetted Set of Subprocessors

The platform relies on a narrow set of third-party services for work best left to specialists. Stripe handles billing, so payment card information never touches Stonegate Scribe's own systems. Resend sends transactional email. We share customer data only as far as delivering the platform requires, and we do not add new subprocessors without a clear operational reason.

How These Protections Fit Together

This data does not have to be secret to deserve protection. It is yours, it should stay separated from every other business on the platform, and only the people you choose should see it. Stonegate Scribe is built that way: each customer in a separate database, traffic scoped by subdomain, roles you define for your team, automatic scoping for retailers, encrypted storage, daily backups with 30-day retention, and audit logs kept for 30 days.

If you are weighing whether to move your operation onto a digital platform, the question worth asking is whether the system treats your data the way you would. Stonegate Scribe is built so the answer is yes.

See how Stonegate Scribe protects your data.

Walk through the platform with our team and see how catalog, pricing, and order data stay isolated to your business.

Book a Demo