Your own custom checkout.See how it works

Security

Locked down, by default.

Your keys are encrypted, every request is verified, tenants are isolated, and card data never touches us. Security is not a setting here, it is the baseline.

Encrypted at rest HMAC-verified Tenant isolation

Locked down by default

Whop & Shopify keys Encrypted at rest
Every request HMAC-verified
Tenant data Row-level isolated
Card data Never touches us

The essentials

How your store is protected.

Encrypted at rest

Your Whop and Shopify credentials are encrypted and never logged or returned.

Verified webhooks

Every inbound event is HMAC-verified against your secret before it is trusted.

Tenant isolation

Row-level rules keep each merchant's data strictly separate, deny-by-default.

Card data stays out

Payments happen in the Whop embed, so raw card data never touches our servers.

Least privilege

Access is scoped tightly and admin actions are gated and recorded.

Audited actions

Sensitive operations are logged to an append-only trail you can trust.

Locked by default

Layers of defense around your data.

Every request passes rate limiting, then an HMAC signature check, then strict row-level tenant isolation. At the center sits the one thing we never touch: your customers' funds, which are processed by your own connected Whop account.

Rate limiting & abuse protection

HMAC-verified webhooks

Row-level tenant isolation

Your customers’ funds

Handled by your Whop account. We never touch them.

Every layer on by default, deny-first.

Deny-first

isolation by default

Verified

every webhook

$0

of funds held by us

Where money is involved

We build the checkout. We never touch the funds.

Your keys, encrypted and yours

Credentials are encrypted at rest with keys only the server can use, and are never exposed to the browser or logs.

  • Encrypted secrets
  • Never client-side
  • Never logged

Locked down by default

Whop & Shopify keys Encrypted at rest
Every request HMAC-verified
Tenant data Row-level isolated
Card data Never touches us

Funds stay with your Whop account

We create orders and record payments, but your customers' funds are processed by your own connected Whop account. There is nothing for us to hold.

  • No custody of funds
  • Verified payment events
  • Idempotent processing

Practices we hold ourselves to

  • Credentials encrypted at rest, never logged
  • HMAC signature checks on every webhook
  • Row-level tenant isolation, deny-by-default
  • Rate limiting and abuse protection on public routes
  • Least-privilege access with gated admin actions
  • Append-only audit trail for sensitive operations
  • Card data handled in the Whop embed, never by us
  • Idempotent money-path processing under load

Questions.

Do you ever hold my money?+

No. Sling is checkout-builder software. It is not a bank, payment processor, money transmitter, or merchant of record, and never holds or touches your customers' funds. Payments are processed by your own Whop account under Whop's terms.

How are my credentials stored?+

Encrypted at rest with server-only keys. They are never returned to the browser and never written to logs.

How do you stop cross-tenant access?+

Every query is tenant-scoped and enforced with row-level rules that deny by default, so one merchant can never see another's data.

Sell on infrastructure you can trust.

Start free

Secure by default, from the first click.