Security
Locked down, by default.
Your keys are encrypted, every request is verified, tenants are isolated, and card data never touches us. Security is not a setting here, it is the baseline.
Locked down by default
The essentials
How your store is protected.
Encrypted at rest
Your Whop and Shopify credentials are encrypted and never logged or returned.
Verified webhooks
Every inbound event is HMAC-verified against your secret before it is trusted.
Tenant isolation
Row-level rules keep each merchant's data strictly separate, deny-by-default.
Card data stays out
Payments happen in the Whop embed, so raw card data never touches our servers.
Least privilege
Access is scoped tightly and admin actions are gated and recorded.
Audited actions
Sensitive operations are logged to an append-only trail you can trust.
Locked by default
Layers of defense around your data.
Every request passes rate limiting, then an HMAC signature check, then strict row-level tenant isolation. At the center sits the one thing we never touch: your customers' funds, which are processed by your own connected Whop account.
Rate limiting & abuse protection
HMAC-verified webhooks
Row-level tenant isolation
Your customers’ funds
Handled by your Whop account. We never touch them.
Every layer on by default, deny-first.
Deny-first
isolation by default
Verified
every webhook
$0
of funds held by us
Where money is involved
We build the checkout. We never touch the funds.
Your keys, encrypted and yours
Credentials are encrypted at rest with keys only the server can use, and are never exposed to the browser or logs.
- Encrypted secrets
- Never client-side
- Never logged
Locked down by default
Funds stay with your Whop account
We create orders and record payments, but your customers' funds are processed by your own connected Whop account. There is nothing for us to hold.
- No custody of funds
- Verified payment events
- Idempotent processing
Practices we hold ourselves to
- Credentials encrypted at rest, never logged
- HMAC signature checks on every webhook
- Row-level tenant isolation, deny-by-default
- Rate limiting and abuse protection on public routes
- Least-privilege access with gated admin actions
- Append-only audit trail for sensitive operations
- Card data handled in the Whop embed, never by us
- Idempotent money-path processing under load
Questions.
Do you ever hold my money?+
No. Sling is checkout-builder software. It is not a bank, payment processor, money transmitter, or merchant of record, and never holds or touches your customers' funds. Payments are processed by your own Whop account under Whop's terms.
How are my credentials stored?+
Encrypted at rest with server-only keys. They are never returned to the browser and never written to logs.
How do you stop cross-tenant access?+
Every query is tenant-scoped and enforced with row-level rules that deny by default, so one merchant can never see another's data.
Sell on infrastructure you can trust.
Secure by default, from the first click.