SIZErise

Security

Last updated: April 30, 2026

SIZErise takes the security of your data seriously. Here's an overview of how we protect merchant and customer information.

Encryption

  • In transit: All data is encrypted using TLS 1.2+ (HTTPS everywhere)
  • At rest: Database storage is encrypted using AES-256
  • API tokens: Shopify access tokens are stored encrypted

Access Controls

  • Shopify OAuth 2.0 for merchant authentication
  • HMAC verification on all webhook requests
  • Minimal permission scopes — we only request access we need
  • No shared access tokens between merchants

Data Minimisation

  • We collect only foot length and optional reference size
  • No photos, no biometric data, no payment information
  • AI requests contain only anonymised measurement data
  • Customer PII is not sent to the AI provider

Infrastructure

  • Hosted on enterprise-grade cloud infrastructure
  • Automatic database backups
  • GDPR-compliant data deletion on uninstall
  • Incident response plan with 72-hour notification

Responsible Disclosure

If you discover a security vulnerability, please report it to [email protected]. We appreciate responsible disclosure and will work with you to resolve any issues.