Our Commitment
Security is foundational to Platox. We handle sensitive commerce data — revenue, customer information, inventory levels — and we treat that responsibility seriously.
Infrastructure Security
Encryption
All data is encrypted in transit using TLS 1.2+ and at rest using AES-256. API keys and credentials are stored using industry-standard secret management.
Access Control
Role-based access control with JWT authentication. Rate limiting on all API endpoints. IP-based throttling on authentication routes.
Data Isolation
Each customer's data is logically isolated. Cross-tenant data access is architecturally prevented at the database and application layers.
Application Security
- JWT tokens with 128-character hex secrets, rotated periodically
- Rate limiting on authentication endpoints (10 requests per 15 minutes per IP)
- Input validation and parameterized queries to prevent injection attacks
- CORS policies restricting cross-origin access
- Regular dependency updates and vulnerability scanning
Integration Security
Connections to Shopify, NetSuite, Google, and other platforms use OAuth 2.0 or API key authentication. Credentials are encrypted at rest and never exposed in logs or error messages.
Reporting Vulnerabilities
If you discover a security vulnerability, please report it to security@platox.net. We take all reports seriously and will respond within 48 hours.