Security
July 6, 2026
How Storevo protects your data, credentials, and connected store accounts.
Infrastructure
Storevo runs on hardened cloud infrastructure. Authentication and the primary database are provided by Supabase; payments are processed by Stripe — card data never touches our servers.
Encryption
- •All traffic is encrypted in transit with TLS.
- •Data is encrypted at rest by our infrastructure providers.
- •Marketplace API keys and tokens you connect are additionally encrypted at the application level before storage.
Authentication and Access
- •Sign-in via Supabase Auth: email/password, Google (global) or VK ID (Russia region).
- •Sessions are stored in httpOnly cookies; tokens are never exposed to page scripts.
- •Access to production systems is restricted to authorised personnel on a need-to-know basis.
Data Isolation
Your projects, connected stores, and generated content are scoped to your account and are not accessible to other users.
Responsible Disclosure
If you believe you have found a security vulnerability in Storevo, please email security@storevo.tech. We will acknowledge your report within 72 hours and keep you informed of the fix. Please do not access other users' data or disrupt the Service while researching.