Trust
Built to survive a security review.
You're routing revenue-grade data through us. We treat it like it's ours to lose — encrypted everywhere, scoped per store, and audited by people who don't work here.
How the data stays safe
Per-store isolation
Every query is scoped to a store id and the owning account. One workspace can never read another's touches — it's enforced at the data layer, not just the UI.
Encryption everywhere
TLS 1.3 on the wire, AES-256 at rest. Secrets live in a managed vault, never in source or logs.
Least-privilege access
Engineer access to production is role-gated, time-boxed, and logged. No standing keys to your data.
First-party by design
Because identity never leaves the originating domain, a breach can't expose a cross-site graph that we simply don't build.
Independent testing
Annual third-party penetration tests plus continuous automated scanning. Summaries available under NDA.
Vulnerability disclosure
A published security contact and a no-retaliation policy for researchers who report issues in good faith.
Need the full report?
SOC 2 Type II, pen-test summary, DPA, and subprocessor list are ready the moment your review kicks off.