> ## Documentation Index
> Fetch the complete documentation index at: https://storekit.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Security Policy

> How storekit protects your data and maintains platform security including encryption, access controls, audit logging, vulnerability disclosure, and compliance.

storekit is committed to protecting the security of your data and maintaining a secure platform for merchants and their customers.

## Infrastructure Security

* **Encryption in transit**: All data transmitted to and from storekit uses TLS 1.2 or higher
* **Encryption at rest**: Customer and transaction data is encrypted using AES-256
* **Cloud hosting**: Infrastructure hosted on industry-leading cloud providers with SOC 2 compliance
* **Network security**: Firewalls, intrusion detection, and DDoS protection

## Application Security

* **Secure authentication**: Support for strong passwords and two-factor authentication (2FA)
* **Session management**: Automatic session timeouts and secure cookie handling
* **Input validation**: Protection against common vulnerabilities including SQL injection and XSS
* **Regular updates**: Continuous security patches and dependency updates

## Payment Security

* **PCI DSS compliant**: storekit is certified PCI DSS Level 1, the highest level of payment security certification
* **Tokenisation**: Card details are tokenised and never stored on storekit servers
* **3D Secure**: Support for Strong Customer Authentication (SCA) and 3D Secure 2

## Operational Security

* **Access controls**: Role-based access with principle of least privilege
* **Audit logging**: Comprehensive logging of administrative actions
* **Employee training**: Regular security awareness training for all staff
* **Incident response**: Documented procedures for security incident handling

## Reporting Security Issues

If you discover a security vulnerability, please report it responsibly by emailing **[security@storekit.com](mailto:security@storekit.com)**. We appreciate your help in keeping storekit secure and will acknowledge receipt within 48 hours.

<Warning>
  Do not publicly disclose security vulnerabilities until we have had an opportunity to address them.
</Warning>
