Security built in,
not bolted on.
Two-factor authentication, role-based team access, an audit log you can search and export, tokenised payments — all hosted in the UK, on AWS in London. No add-ons, no plugins, no extra bill at the end.
Accounts & access
Who gets in, and what they can touch.
Two-factor
Two-factor authentication
Turn on 2FA with any TOTP authenticator app — Google Authenticator, 1Password, Authy — plus one-time backup codes to keep somewhere safe, in case the phone goes missing before the data does.
Permissions
Role-based team access
Staff get roles with three permission tiers: core permissions locked to the role, optional ones you toggle per person, and forbidden actions the role can never have — with the reason shown. Suspend or remove access in one click.
Audit log
Audit trail, not a black box
Account and store actions are logged with the user, the action, and when — searchable, and exportable to CSV when an accountant or investigator wants the record. See who changed the price, who refunded the order, who invited the new staff member.
Verified email
Email checked at every change
Every account verifies its email at signup — and verifies again whenever the address changes, so a hijacked session cannot quietly redirect the account. Password changes require the current password too.
Inviting staff, roles, seats and live presence all live on the team page. Explore team management
Data protection
Encrypted at rest, encrypted in transit.
Your data is protected at every layer — from the hash in the database to the TLS on the wire. Here’s where it matters.
Passwords hashed with bcrypt
Staff and customer passwords are hashed with bcrypt before they hit the database. Even we can't read them — a password reset is the only way back in.
Secrets encrypted at rest
TOTP secrets and other sensitive credentials are encrypted with AES-256-GCM before they are stored. A database snapshot on its own is not enough to impersonate a user.
HTTPS on every storefront
Every storefront gets TLS with certificates renewed automatically — subdomain or custom domain, same treatment. No expiry scares, no cron jobs to forget, no plugin to update.
Payments & compliance
The boring-but-important stuff, handled.
Payments never touch your server
Card details are tokenised by our payment processor at the point of checkout — your store database never holds the raw number, and neither do we. Our payment processor carries PCI-DSS Level 1 certification, so stores using our hosted checkout typically qualify for SAQ-A — the lightest-touch PCI bracket. Your specific obligations depend on how you accept payments.
GDPR tools built in
Export the data you hold on a customer (Article 15) straight from their profile. Removing a customer archives the record rather than hard-deleting it — for full Article 17 erasure, contact support and we'll action it properly rather than pretending one click does it.
Part of the deal
Security is never an add-on, at any tier.
Other platforms gate advanced security behind higher tiers, or leave you to bolt it on with plugins. Everything on this page — 2FA, audit log, encryption at rest, tokenised payments, GDPR tools — is in every Orbit plan, including the one you start on.
See pricingWhat we do — and don't do — yet.
The honest answers: what's covered today, what isn't, and where to reach us if you find something.
Run a secure store from the very first order.
Free to start — and every security feature on this page is in that plan too.