Security

This page outlines the security principles and operational practices we follow when building and running Worn Edit.

Payments

Payments on Worn Edit are handled through Stripe. Stripe is a PCI-compliant payment provider and is responsible for securely processing card details.

Worn Edit does not store raw card numbers, CVC codes, or full payment credentials on our own systems.

Privacy

We do not sell personal data, and we do not disclose user information for unrelated third-party marketing use.

For more detail on how we collect, use, and protect personal information, see our Privacy Policy.

Infrastructure

Our application infrastructure runs on Amazon Web Services. We use AWS-hosted services for core compute, storage, and supporting systems, and we rely on their security and compliance controls as part of our platform foundation.

Development process

We use a combination of internal review, automated checks, and external services to reduce security risk during development and release.

This includes code review, dependency monitoring, vulnerability scanning, and engineering guidance around secure development practices.

Encryption

Data is protected in transit using HTTPS and TLS. We also use encryption controls provided by our infrastructure providers for stored data where applicable.

Incident response

We monitor the health, reliability, and operational signals of the platform so that issues can be investigated quickly.

Engineers are expected to follow incident-response procedures, escalate when needed, and work toward timely containment and recovery.

Security programme

We continue to strengthen our controls, policies, and documentation as the platform grows. Formal compliance work is an ongoing process, and we will update this page as that programme matures.

Contact

If you believe you have found a security issue or have a question about our security practices, contact us at security@wornedit.com.