storekit is committed to protecting the security of your data and maintaining a secure platform for merchants and their customers.
Infrastructure Security
- Encryption in transit: All data transmitted to and from storekit uses TLS 1.2 or higher
- Encryption at rest: Customer and transaction data is encrypted using AES-256
- Cloud hosting: Infrastructure hosted on industry-leading cloud providers with SOC 2 compliance
- Network security: Firewalls, intrusion detection, and DDoS protection
Application Security
- Secure authentication: Support for strong passwords and two-factor authentication (2FA)
- Session management: Automatic session timeouts and secure cookie handling
- Input validation: Protection against common vulnerabilities including SQL injection and XSS
- Regular updates: Continuous security patches and dependency updates
Payment Security
- PCI DSS compliant: storekit is certified PCI DSS Level 1, the highest level of payment security certification
- Tokenisation: Card details are tokenised and never stored on storekit servers
- 3D Secure: Support for Strong Customer Authentication (SCA) and 3D Secure 2
Operational Security
- Access controls: Role-based access with principle of least privilege
- Audit logging: Comprehensive logging of administrative actions
- Employee training: Regular security awareness training for all staff
- Incident response: Documented procedures for security incident handling
Reporting Security Issues
If you discover a security vulnerability, please report it responsibly by emailing [email protected]. We appreciate your help in keeping storekit secure and will acknowledge receipt within 48 hours.
Do not publicly disclose security vulnerabilities until we have had an opportunity to address them.
