Do you store customer card details?

No. Payment data is handled by the merchant’s connected payment provider, not stored by ilanoShop.

How do you prevent cross-tenant data access?

Tenant isolation is enforced at the data layer and request context so each store can only access its own data.

Can I enable fraud protection filters?

Yes. Merchants can enable filters like AVS/CVC mismatch checks, IP mismatch detection, and order thresholds.

How are admin actions tracked?

Privileged actions are logged with timestamps, user identity, and context to provide a full audit trail.

How do I report a security issue?

Contact our support team and mark the request as a security report so we can prioritize investigation.

Security & Trust

Your store, your data, fully isolated.

Tenant-level data separation, secure sessions, role-based access, and audit logging — across every channel your store sells on.

Visit Help Center Contact Support

Platform Protections

Security is built into every layer

We combine technical controls, policy enforcement, and operational safeguards to protect your store and customers.

Tenant Isolation

Every store is scoped to its own tenant context. Data access is isolated by default to prevent cross-tenant leakage.

Secure Sessions

Authentication sessions use secure, httpOnly cookies with strict scoping to help protect against session theft.

Role-Based Access

Admin, staff, and super-admin roles are enforced across the platform with least‑privilege defaults.

Infrastructure Hardening

HTTPS enforced, domain verification, and layered protections to keep storefronts and APIs reliable.

Audit Logging

Privileged actions are logged to provide traceability and support compliance workflows.

Fraud Controls

Rule-based fraud checks (AVS/CVC/IP/thresholds) help reduce chargebacks and abusive orders.

Trust Commitments

Clear, transparent security practices

We don’t store card details

Payments are processed by connected payment providers. Card data is handled by the processor.

Transparent incident response

If an issue impacts data security, we notify affected merchants promptly and provide remediation guidance.

Continuous improvements

Security is treated as an ongoing program with testing, monitoring, and hardening over time.

Compliance & Standards

Security practices you can trust

These badges reflect platform safeguards and industry-aligned practices. Payment compliance is handled by Stripe, with Square available in select regions.

PCI‑DSS (via payment providers)HTTPS/TLS enforcedTenant data isolationAudit loggingWebhook signature checksFraud rules & review queue

FAQs

Security questions, answered

Responsible Disclosure

Found something? Tell us first.

If you believe you've found a security vulnerability, please contact our team with steps to reproduce. We investigate every report and keep you updated.

Report a Security Issue Browse Help Articles