We don't store your card
Card and UPI details go straight to Stripe and Razorpay. We only see the order amount and the tokenised payment ID.
Trust Center
This page is maintained by House of Vanya™ by Alice for security-conscious customers and procurement teams. The counters update live; everything below is aggregate-only and contains no usernames, IPs, or policy detail.
From package.json at deploy time.
The Git commit currently serving traffic.
UTC, captured by the Worker build pipeline.
Loading live posture…
Rolling 24-hour totals from our detection pipeline. A non-zero counter is healthy — it confirms the alert dispatcher (Batch 5 / D2) is firing. No row-level data is exposed.
Unauthorized / forbidden / rate-burst / RLS-violation / alert-dispatched signals.
Admin actions and refund attempts written to the append-only ledger.
Last quarterly trust review: —
Card and UPI details go straight to Stripe and Razorpay. We only see the order amount and the tokenised payment ID.
Third-party AI keys live in an AES-256-GCM vault. Decryption requires a WebAuthn passkey from a registered admin device.
Every admin action and refund attempt writes to an append-only table protected by triggers — rows cannot be edited or deleted.
Revoking another admin's access requires a second active admin to co-sign within the in-app panic-button workflow.
Access lists are reviewed every quarter; Renovate proposes weekly updates and security advisories auto-merge after CI.
CSP with frame-ancestors 'none', upgrade-insecure-requests, and a /api/public/csp-report sink. HSTS, COOP, CORP, Referrer-Policy, Permissions-Policy and X-Content-Type-Options applied at the Worker edge.
Prebuild guard fails the deploy if any tracked file contains a service-role key, vault key, payment secret, or HMAC secret. Only the publishable anon key remains in the auto-managed .env.
security_events stream into a Postgres-deduped dispatcher; HMAC-signed webhooks fan out to Slack and email subscribers every 60 s, with exponential backoff and an in-app /admin/security-events console.
Admin offboarding requires a second admin to co-sign. The panic button revokes all elevated sessions, freezes vault unlocks, and writes a tamper-evident audit row.
Monthly pg_cron produces a SOC-2 / DPDP access-review report; ferdi + alice sign off the active admin list and CSV exports are retained under docs/security/access-reviews/.
Renovate on a Monday cron, SECURITY.md with 72h/14d SLAs, scripts/check-deps.mjs rejects off-registry resolutions and reserved private scopes, GitHub Actions pinned to 40-char SHAs.
Vitest covers vault crypto, coupon math, refund eligibility, webhook HMAC, admin guards, auth middleware, and fast-check fuzz on 9 input validators. CI runs lint + test + build on every PR.
AES-256-GCM at-rest encryption for LLM keys; WebAuthn passkey gate on /admin; deny-all RLS on app_settings and admin_secrets; expired challenges purged hourly by pg_cron.
Released 2026-06-30 · 178 KB. Tamper-evident — verify the outer archive against the SHA-256 below, then verify per-file hashes with the bundled SHA256SUMS.txt.
Prior release: v3 retained for audit continuity.
/account/data-rights./.well-known/security.txt — disclosure contact and SLA.Email security@houseofvanya.com. We acknowledge within 72 hours and triage within 14 days. Please do not file a public GitHub issue; full disclosure policy is in SECURITY.md.
Hello — I'm Mika, your stylist at House of Vanya™. Take my 30-second style quiz and I'll pull three pieces for you.
Need help choosing? Ask Mika.