Follow The Spend
Privacy & Compliance

Security

How Follow The Spend protects what we collect.

Coming soon. This article will document our security posture, controls, and incident response.

Topics this article will cover

  • Encryption: TLS 1.3 in transit, AES-256 at rest
  • Database access controls
  • Secret management and access tokens
  • The encryption envelope for Shopify access tokens (already implemented — see commit 894109e)
  • Webhook HMAC verification
  • API rate limiting (100 req/min/user)
  • Sentry-driven error monitoring (when WS7 ships)
  • Incident response policy
  • Penetration testing schedule (post-v1)

Data retention

How long Follow The Spend keeps data after various lifecycle events.

Troubleshooting

Diagnostics for the most common issues — pixel, webhooks, login, billing.

On this page

Topics this article will cover