Security

Mandalar is built with a security-first baseline, designed for small organisations and Shopify merchants.

Baseline controls

• HTTPS everywhere.
• Shop-level data isolation (each shop only sees its own data).
• Server-side validation for submissions.
• Spam controls (honeypot + rate limiting).
• Access control for the admin dashboard via Shopify OAuth.

What you should avoid collecting

Unless you have a clear legal basis and safeguards, avoid collecting payment card data, passport/ID details, health data, or other highly sensitive information.

Report a vulnerability

Email: security@mandalar.app (replace with your real address).