Security & Data Protection

Payment Security

  • Stripe Payment Processing: All payments processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor (the highest level of security certification in the payment industry)
  • We NEVER See Your Card Data: Credit card information goes directly to Stripe - we never see, store, or transmit your card numbers
  • 256-bit SSL/TLS Encryption: All payment transactions use bank-level encryption
  • 3D Secure Authentication: Additional security layer for card verification when required
  • Fraud Detection: Real-time fraud monitoring and prevention measures
  • Secure Checkout: Tokenized payment methods prevent card data exposure

Data Encryption

  • Encryption in Transit: All data transmitted between your device and our servers uses 256-bit SSL/TLS encryption
  • Encryption at Rest: All data stored in our Supabase database is encrypted
  • Row-Level Security (RLS): Database policies ensure users can only access their own data
  • Secure Infrastructure: Hosted on SOC 2 Type II certified infrastructure
  • Regular Security Audits: Third-party penetration testing and vulnerability assessments

Security Measures

  • Password Hashing: Passwords encrypted using bcrypt (industry-standard hashing algorithm)
  • Two-Factor Authentication (2FA): Optional 2FA available for store owners and customers
  • Rate Limiting: Protection against brute-force attacks and abuse
  • Input Sanitization: All user inputs sanitized to prevent SQL injection and XSS attacks
  • CSRF Protection: Cross-Site Request Forgery protection on all forms
  • Session Management: Secure session tokens with automatic expiration
  • Request Signing: HMAC-SHA256 signed requests to prevent tampering

Incident Response

  • Data Breach Notification: We will notify affected users within 72 hours of discovering a breach (as required by GDPR)
  • Security Incident Reporting: Report security issues to Officialintershopgo@intershopgo.com
  • Continuous Monitoring: 24/7 threat detection and monitoring
  • Incident Response Team: Dedicated team for handling security incidents
  • Transparency: We will communicate openly about security incidents and remediation steps

Compliance

GDPR Compliant

Full compliance with EU General Data Protection Regulation

CCPA Compliant

California Consumer Privacy Act compliance for California users

PCI-DSS Compliant

Payment Card Industry Data Security Standard compliance via Stripe

SOC 2 Type II

Infrastructure hosted on certified secure platforms

COPPA Compliant

Children's Online Privacy Protection Act compliance

Your Security Responsibilities

  • Use strong, unique passwords (at least 12 characters with mix of letters, numbers, symbols)
  • Enable two-factor authentication (2FA) for added security
  • Keep your device and app updated to the latest version
  • Don't share your account credentials with anyone
  • Report suspicious activity immediately to Officialintershopgo@intershopgo.com
  • Log out on shared or public devices
  • Be cautious of phishing emails claiming to be from Intershop Go

Third-Party Security

We rely on industry-leading security providers:

  • Stripe: PCI-DSS Level 1 certified payment processing with advanced fraud detection
  • Supabase: SOC 2 Type II certified database with encryption and Row-Level Security
  • Firebase: Google Cloud Platform security for push notifications
  • Expo/EAS: Secure app infrastructure and build services

Contact Security Team

Security concerns: Officialintershopgo@intershopgo.com
Privacy questions: Officialintershopgo@intershopgo.com

Security Certifications

🔒

PCI-DSS Level 1

(via Stripe)

SOC 2 Type II

(infrastructure)

🇪🇺

GDPR Compliant

(EU users)

🇺🇸

CCPA Compliant

(CA users)