Trust Center

Our commitment to security, privacy, and infrastructure integrity.

Overview

Storita.ai is a SaaS analytics platform for WooCommerce merchants that uses AI-powered, multi-agent orchestration to provide operational and business insights. Trust, security, and responsible data handling are core to how the platform is designed and operated.

This Trust Center explains how Storita.ai approaches data protection, security, and compliance.

Data Roles

Storita.ai operates in two distinct roles depending on the data involved:

  • Data Controller
    For merchant account information such as names, email addresses, and company details required to operate the service.

  • Data Processor
    For merchant-controlled data processed through integrations (e.g. WooCommerce and Google Analytics), including customer orders, product data, and behavioral analytics.

Data Isolation

Storita.ai is a multi-tenant platform with logical tenant isolation enforced at the application and query level.

  • All data access is scoped by store_id
  • Repository and query layers enforce tenant boundaries
  • Cross-tenant access is not permitted

Backups may contain data from multiple tenants but are encrypted and access-restricted.

AI Processing

AI functionality is a core component of Storita.ai.

  • Storita.ai uses third-party AI providers (including OpenAI, Anthropic, and OpenRouter)
  • Data sent to AI systems is masked and aggregated where possible
  • Customer data is not used to train foundation AI models
  • AI processing cannot be disabled without discontinuing use of the service

AI interactions (prompts and responses) are stored for operational history and observability.

Subprocessors

Storita.ai relies on vetted third-party subprocessors to deliver its services, including AI processing and observability tools.

Subprocessors may process limited personal data solely for providing their contracted services. A current list of subprocessors is available in the Privacy Statement.

Security Measures

Storita.ai implements technical and organizational measures to protect data, including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest for sensitive fields (AES-256)
  • Role-based access controls (RBAC)
  • Logged administrative access
  • Restricted production access for authorized personnel only

Security audits and SOC 2 compliance are planned but not yet completed.

Logging & Monitoring

Operational logs are maintained to ensure system reliability and security.

  • Logs may contain limited personal data (e.g. IP addresses, request metadata)
  • Log retention is limited and access-controlled
  • Logs are not used for marketing or profiling purposes

Data Transfers

Storita.ai supports international customers and may process data outside a customer's jurisdiction.

Where required, Standard Contractual Clauses (SCCs) are used to govern cross-border data transfers.

Related Documentation

For detailed information, please refer to:

Contact

For privacy and security inquiries:
[email protected]