Security & Trust
Your store and your customers' data sit at the center of everything we build. Here's how the platform keeps them protected.
Encryption everywhere
Every shop — on every plan — is served over HTTPS with an automatically provisioned and renewed SSL certificate, including on your own custom domain. Traffic between your customers and ShopsWired is encrypted in transit.
Isolated plugin execution
Plugin and theme scripts run server-side in sandboxed JavaScript VMs. Each background task executes in its own isolated VM with scoped access to the sw.* bridges, so untrusted code can't reach outside its boundaries.
Secure payments
Card data is handled by your payment processor (such as Stripe), so sensitive payment details never touch your scripts. Build custom gateways through plugin hooks while keeping cardholder data with PCI-compliant processors.
Rate limiting & resilience
Per-shop rate limits and global edge caching absorb traffic spikes and abusive requests. Dynamic operations are throttled with graceful 429 responses while cached content keeps serving — protecting your backend during surges.
Audit & script logs
Administrative actions are recorded in an audit log with retention from 90 days up to a full year depending on your plan. Script execution logs give you visibility into what your plugins and background tasks are doing.
Fair-use safeguards
Anti-runaway limits cap background-task chains and per-minute enqueue rates, and storage usage is metered with clear warnings — keeping one shop's workload from affecting the platform or your bill.
Data & privacy
You stay in control of your store's data. We process it to operate the platform and never sell it. For details on what we collect, how it's used, and your rights, see our Privacy Policy and Terms of Service.
Reliability
Storefronts are edge-cached across a global CDN, so the content your customers browse is fast and highly available even if origin traffic spikes. Higher tiers add premium and performance compute along with greater concurrency for background work.
Reporting a vulnerability
We take security reports seriously and appreciate responsible disclosure. If you believe you've found a vulnerability, email [email protected] with details and reproduction steps so our team can investigate promptly — or reach us through any of our contact channels. Please don't publicly disclose an issue until we've had a chance to address it.