← Back to Restockly

Legal

Security

Last updated: July 14, 2026

Restockly is built to keep your OpoShop store's data safe by design. Here's how.

Data isolation

Every record — subscriptions, waitlists, pre-orders, settings — is scoped to a single store. Every request is filtered by store ownership, so one merchant's data can never be read by another. There is no shared, cross-store view.

Access & authentication

Shopper-facing safety

The public storefront endpoints (the “Notify me”, waitlist, and pre-order captures) are rate-limited, validate email format, and return the same generic response whether or not a store or item exists — so no one can enumerate who else subscribed or which stores use Restockly. We never return anyone else's data to a shopper.

Payments

Restockly never sees or stores payment card details. All checkout and payment happens inside OpoShop.

Reporting a vulnerability

Found a security issue? Please email brandon@tryfound.io with the details and we'll respond quickly. We appreciate responsible disclosure.