Security and trust

Built to be trusted with your business.

Running your operation — and your buyers’ details — through one system is a big ask. We do not take it lightly. Here is how ChannelWeave protects your data, in plain terms.

Encryption

Sensitive connection secrets are encrypted.

Marketplace credentials and selected connection secrets are encrypted before they are stored, using authenticated encryption. Public traffic to and from ChannelWeave runs over TLS (Transport Layer Security — the same encryption behind the padlock in your browser). In practice, credential fields remain encrypted in backup data too.

Private AI

Eden runs local-first for ChannelWeave.

Eden uses ChannelWeave-controlled local infrastructure for model-assisted replies. Your commercial data is not sent to a third-party AI provider for those answers or drafts.

Verification

Signed callbacks and webhooks are checked.

For supported marketplace and Website callbacks, ChannelWeave verifies signatures or HMACs (hash-based message authentication codes — a fingerprint that proves a message is genuine) before acting on the message. That helps reject forged or tampered requests.

Your data is yours alone

Operational records are scoped to your account throughout the application. Tenant scoping is part of the core data model, not an afterthought.

Recoverable

Your data is backed up daily and kept in multiple independent copies, so a fault means a quick restore — not a rebuild. Your operation comes back from a recent point, intact.

Responsible by practice

Access is kept tight, significant actions are recorded for audit and security controls are reviewed as ChannelWeave grows.

Marketplace access

Official authorisation flows, handled seriously.

Channel setup uses the official authorisation path for each supported marketplace or store platform. Credentials, callbacks and channel state are handled through ChannelWeave’s guarded connection workflows.

  • OAuth-based marketplace connections where supported — you authorise ChannelWeave on the marketplace’s own site, so we never see your password
  • Signed callback and webhook validation
  • Connection health and verification state in-app

Reporting a concern

If you believe you have found a vulnerability, please tell us with enough detail to reproduce and investigate it. Use the contact form and choose a security-related subject so it reaches the right review path.

Report a security concern