Security

Security at Plandalf

Checkout is one of the most sensitive surfaces in an internet business. Plandalf keeps payment data with Stripe or PayPal, while Offers, integrations, API paths, webhooks, invoices, and Automations stay inspectable.

The security review starts with the product surfaces

A useful security page should point buyers to the actual places where payment processors, API keys, webhooks, invoices, integrations, and purchase records are configured or inspected.

The Numi integrations settings page showing Stripe, PayPal, TaxJar, and Avalara connection options.

Processor connections stay visible

Operators can inspect Stripe, PayPal, TaxJar, Avalara, test-mode routing, and integration state before checkout traffic goes live.

The Numi API keys page showing API key management controls.

API and webhook paths are documented

Custom builds should use API authentication, SDK checkout, and signed webhooks instead of spreading purchase context across untracked scripts.

The Numi invoices records screen showing invoice entries and payment status.

Invoices and records remain traceable

Purchase records, invoices, products, payment state, and customer context should remain inspectable after the charge is complete.

The Numi offer editor automation tab showing sequence controls beside the checkout canvas.

Automations keep the handoff inspectable

Automations, sequences, and webhooks keep purchase events tied to buyer, product, invoice, payment, coupon, and fulfillment context.

The Numi team settings screen showing team members and access controls.
The Numi tax settings screen for checkout and invoice configuration.

Tax and invoice settings stay attached

Tax settings, Avalara, TaxJar, payment processors, PDF invoices, and invoice email behavior should stay connected to the offer and buyer record.

The Numi API documentation surface with endpoint navigation.

Implementation docs are part of the control surface

API references, SDK checkout, webhook fanout, customer identity, metadata, and custom API integrations give reviewers a path from claim to implementation.

Reporting a vulnerability

Found something? Email security@plandalf.com. We respond within one business day and credit researchers who report responsibly.

Feature detail