Enterprise-grade security.
Zero compromises.

All stored data — product catalogs, shopper graphs, conversation logs, and merchant configuration — is encrypted using AES-256 with keys managed in a dedicated KMS.

Every connection between clients, our edge, and our services is encrypted with TLS 1.3. Older protocols are disabled. HSTS is enforced on all domains.

We are currently completing our SOC 2 Type II audit. Security, availability, and confidentiality trust service criteria are in scope. Report available on request.

StyleMind operates as a data processor for merchant data and a data controller for platform data. DPAs are available for all merchants on request. Data residency in EU is supported.

All internal access to production systems is role-based, requires MFA, and is logged to an immutable audit trail. No engineer has standing access to customer data.

We engage an independent third-party security firm to conduct penetration tests every quarter. Findings are remediated within SLA and summaries are available to enterprise customers.

Each merchant's data is stored in fully isolated namespaces. There is no shared database between merchants — your product catalog, shopper graphs, and conversation logs are logically and physically separated from every other StyleMind customer. Cross-merchant data leakage is architecturally impossible.

Incident response

• 1-hour acknowledgement SLA for all reported incidents
• Status updates shared with affected customers when relevant.
• Post-incident reports shared within 5 business days

Security contact

To report a vulnerability or request our security documentation, contact our security team directly.