Security and trust
Built to be trusted with your business.
Running your operation — and your buyers’ details — through one system is a big ask. We do not take it lightly. Here is how ChannelWeave protects your data, in plain terms.
Encryption
Sensitive connection secrets are encrypted.
Marketplace credentials and selected connection secrets are encrypted before they are stored, using authenticated encryption. Public traffic to and from ChannelWeave runs over TLS (Transport Layer Security — the same encryption behind the padlock in your browser). In practice, credential fields remain encrypted in backup data too.
Private AI
Eden runs local-first for ChannelWeave.
Eden uses ChannelWeave-controlled local infrastructure for model-assisted replies. Your commercial data is not sent to a third-party AI provider for those answers or drafts.
Verification
Signed callbacks and webhooks are checked.
For supported marketplace and Website callbacks, ChannelWeave verifies signatures or HMACs (hash-based message authentication codes — a fingerprint that proves a message is genuine) before acting on the message. That helps reject forged or tampered requests.
Your data is yours alone
Operational records are scoped to your account throughout the application. Tenant scoping is part of the core data model, not an afterthought.
Recoverable
Your data is backed up daily and kept in multiple independent copies, so a fault means a quick restore — not a rebuild. Your operation comes back from a recent point, intact.
Responsible by practice
Access is kept tight, significant actions are recorded for audit and security controls are reviewed as ChannelWeave grows.
Marketplace access
Official authorisation flows, handled seriously.
Channel setup uses the official authorisation path for each supported marketplace or store platform. Credentials, callbacks and channel state are handled through ChannelWeave’s guarded connection workflows.
- OAuth-based marketplace connections where supported — you authorise ChannelWeave on the marketplace’s own site, so we never see your password
- Signed callback and webhook validation
- Connection health and verification state in-app
Reporting a concern
If you believe you have found a vulnerability, please tell us with enough detail to reproduce and investigate it. Use the contact form and choose a security-related subject so it reaches the right review path.
Report a security concern