Legal · Effective May 1, 2026
Security
How we keep your store and customer data safe during the open beta.
Template notice. This document is a placeholder for the open beta. Adapt with your legal counsel before relying on it for production use.
1. Certifications
Razorpay (PCI-DSS upstream)
Google Cloud (ISO 27001 upstream)
Formal certs on the roadmap
Best-effort during beta
2. Defense in depth
Encryption
TLS in transit. Encryption at rest via Google Cloud. Razorpay handles card data — we never see it.
Access control
Least-privilege, MFA on operator accounts.
Hosting
Google Cloud (Firebase) — hardened infrastructure with managed patching.
Audit logging
Admin actions and important state changes are logged in the store's activity feed.
Incident response
Small team on call. Status updates go to the affected merchants directly.
Roadmap
Formal certifications (SOC 2, ISO 27001) will be pursued as the platform matures past the beta.
3. Data residency
Hosted on Google Cloud. We use regions appropriate to the merchant location.
4. Disclosure
Found a vulnerability? Email security@shopppio.com — we'll respond within a few business days.security@shopppio.com
5. Contact
Security questions: security@shopppio.com.
Questions? Email legal@shopppio.com.