PROTECT
Data protection controls
Controls are designed around inventory, order, margin, billing, and operator data that a retailer would not want exposed to competitors.
- Shopify access tokens are encrypted with AES-256-GCM before they are written to the database.
- Plaintext access tokens are not written to application logs, error reports, or analytics events.
- Browser, Shopify Admin API, Stripe API, and Supabase Postgres traffic uses TLS in transit.
- Session cookies are flagged HttpOnly and Secure, and authentication records are managed through Supabase Auth.
