COD Shield
Back to Home

Legal

Security Policy

Last updated: February 2026

1. Overview

Security is not a feature at COD Shield — it is the foundation. This policy describes the technical and operational measures we implement to protect your data and ensure the integrity of the fraud detection service.

2. Encryption

  • Shopify access tokens: Encrypted at rest using AES-256-GCM. The encryption key is derived from a server-side secret and never stored in the database.
  • Data in transit: All connections use TLS 1.2 or higher. HTTPS is enforced on all endpoints — no HTTP.
  • Passwords: Hashed using bcrypt. Plaintext passwords are never stored or logged.
  • API keys: Stored as SHA-256 hashes. The raw key is shown once at generation and never retrievable again.

3. Authentication

  • Dashboard access: JWT tokens signed with a server-side secret. Short-lived tokens require re-authentication.
  • API access: Bearer token via x-api-key header. Keys have a cfr_ prefix for easy identification.
  • No plaintext credentials are stored anywhere in the system.

4. Webhook Integrity

  • Shopify: Every webhook is verified via HMAC-SHA256 using the Shopify client secret. Requests without a valid x-shopify-hmac-sha256 header are rejected with HTTP 401.
  • WooCommerce: HMAC-SHA256 signature verification using a merchant-configured secret. Configurable from the Settings page.
  • Forged, tampered, or replayed webhook payloads are rejected before any processing occurs.

5. Tenant Isolation

  • Every database query is scoped by tenant_id. Cross-tenant data access is architecturally impossible at the application layer.
  • API keys are namespaced per tenant. A key from one tenant cannot query another's data.
  • Shopify connections, blacklists, and ML training data are fully isolated per tenant.

6. Infrastructure Security

  • Backend: Deployed on Railway.app with auto-restart, liveness probes, and health checks.
  • Frontend: Deployed on Vercel with security headers — CSP, HSTS, X-Frame-Options, X-Content-Type-Options.
  • Database: PostgreSQL with connection pooling. Not directly publicly accessible.
  • Rate limiting: 100 requests/minute per API key on dashboard APIs; 2,000 webhook requests/minute per key.
  • ML reliability: Circuit breaker prevents ML service failures from cascading — instant fallback scoring when ML is unavailable.

7. Zero Order Loss Architecture

Orders are written to PostgreSQL immediately upon receipt — before any scoring or queue processing. This guarantees data durability even if Redis, BullMQ, or the ML service is temporarily unavailable. A recovery cron re-queues unscored orders every 5 minutes.

8. Incident Response

  • Security incidents affecting your data will be communicated within 72 hours of discovery.
  • We will document the nature of the incident, data affected, and remediation steps taken.
  • In the event of a breach, affected API keys will be invalidated immediately.

9. Vulnerability Reporting

If you discover a security vulnerability in COD Shield, please report it responsibly. Do not publicly disclose vulnerabilities before we have had a reasonable opportunity to address them. Contact us directly on WhatsApp (+92 318 4184634) or via LinkedIn.

Questions? Contact us:

+92 318 4184634linkedin.com/in/hamza-hassan