Trust, Privacy & Security
Stitch Happens takes the security of your data and payments seriously. This page summarises the controls we have in place. It is maintained by us and is not an independent certification.
Payments
- All card payments are processed by Stripe. We never see or store full card details.
- Checkout supports 3-D Secure where required by your bank.
- Webhook events from Stripe are signature-verified before any order is updated.
Account & data protection
- Authentication is handled by our backend provider with industry-standard hashing.
- Row-level security policies restrict every record to its owner or authorised staff.
- Privileged actions (refunds, role changes, deletions) are limited to admin accounts and audit-logged.
- File uploads are scoped to the uploading user; cross-account access is blocked at the storage layer.
Transport & infrastructure
- All traffic is served over HTTPS.
- Secrets and API keys are stored server-side and never exposed to the browser.
Your rights
- You can request a copy or deletion of your personal data by emailing us.
- You can cancel a Premium subscription at any time; access ends at the current period end.
Reporting a security issue
If you believe you have found a vulnerability, please contact us at hello@stitchhappens.co.uk with details so we can investigate.