Security built into the core.

Retailos handles your customers' PII, payment references and business data. Here is exactly how we protect it.

Encryption in transit

All data between your browser and our API travels over TLS 1.2+. Caddy handles certificate provisioning automatically via Let's Encrypt — no manual rotation.

Role-based access control

Granular per-workspace RBAC: every API mutation checks the caller's role and permission before executing. Permissions are catalogued and auditable.

Audit log

Every create, update and delete action is recorded with actor, timestamp and before/after state. Tamper-evident — records cannot be edited once written.

Data isolation

All DB queries are scoped to the requesting workspace's ID. A workspace cannot read or write another tenant's data — isolation is enforced at the query layer, not just the route layer.

Credential encryption

Shopify, Razorpay, Stripe and telephony API keys are encrypted at rest using AES-256-GCM before being stored. The raw key never appears in logs or DB snapshots.

Session security

Sessions are stored as HttpOnly, Secure, SameSite=Lax cookies scoped to the retailcommerceos.com domain. Cross-subdomain sessions use a COOKIE_DOMAIN binding, not third-party cookies.

DPDP & GDPR alignment

We publish a Data Processing Addendum (DPA) covering DPDP Act 2023 (India) and GDPR requirements. Customers can request data export or deletion at any time.

Sub-processor transparency

We maintain a published sub-processor list (Shopify, Stripe, Razorpay, Brevo, Cloudflare, AWS S3, Anthropic, Twilio and Deepgram) and notify customers 30 days before adding new processors.

Security practices at a glance

These apply to the Retailos platform — not add-on options.

  • TLS everywhere

    All endpoints — REST, WebSocket and static assets — served over HTTPS.

  • No log PII

    Pino logger strips customer PII from structured logs before writing to disk.

  • Rate limiting

    Per-IP and per-workspace rate limits on all API endpoints prevent abuse.

  • Webhook verification

    All inbound webhooks (Shopify, Razorpay, Meta, Twilio) are HMAC-verified before any DB write.

  • Dependency freshness

    24-hour supply-chain guard enforced at install time via bunfig.toml minimumReleaseAge.

  • Secret scanning

    No secrets committed to source control — all production keys live in server-side .env.

Responsible disclosure

If you discover a potential security issue, please email security@retailcommerceos.com rather than opening a public issue. We respond within 48 hours and aim to patch confirmed vulnerabilities within 7 days.

For data-related requests (access, export or deletion) under DPDP or GDPR, contact privacy@retailcommerceos.com.

Privacy policy →Data Processing Addendum →Terms of service →

Your data is your business. We treat it that way.

Get your workspace live in under five minutes. 14-day trial, no card required.

Start free trial Talk to us