Last updated July 4, 2026

Security

WireGum is built around a narrow trust boundary: Stripe handles payment details, merchants control their storefront, and WireGum stores the operational data needed to fulfill orders.

Security model

WireGum is a small commerce operations service. The dashboard is protected by account login, server-side sessions, HTTP-only cookies, and workspace-scoped database access. Public storefront endpoints only return active catalog data and require an authorized storefront domain before checkout can be created.

Payments and cards

Card collection, payment confirmation, refunds, disputes, and payout details stay in Stripe. WireGum stores Stripe IDs and checkout metadata so orders can be fulfilled, but it does not store card numbers.

Data and providers

The database connection is expected to use TLS. Provider webhooks are checked with signed Stripe events or workspace-specific webhook tokens. During the preview, connect test keys or low-risk provider accounts unless we have agreed on a production setup together.

Operational practices

We keep secrets out of the repository, review changes before production deploys, and prefer provider-hosted flows for sensitive steps such as payment and billing. We limit stored data to what is needed for checkout, shipping, email, support, and audit trails.

Report a vulnerability

Please report suspected vulnerabilities privately to [email protected]. Include the affected URL, steps to reproduce, and impact. Do not test against data or workspaces that are not yours, and do not publish details before we have investigated.