Sign inStart for free

Security

Last updated on June 9, 2026

Security is foundational to Eon: the platform serves many merchants from one runtime, so isolation, sandboxing, and auditability are built into the architecture rather than bolted on. This page describes the measures we take to protect your storefronts, catalog data, and account.

Infrastructure

  • Hosting. The platform runs on Vercel's managed infrastructure. All traffic is served over HTTPS with TLS; managed and custom domains are provisioned with certificates automatically.
  • Data storage. Application data lives in Neon Postgres with encryption at rest and in transit. Uploaded files are stored in private blob storage and served only through session-checked endpoints.
  • Secrets. Credentials and signing keys are stored as managed environment secrets, never in source control, and are scoped to the environments that need them.

Authentication and access

  • Passwordless sign-in. Authentication uses one-time email passcodes with short expiry and limited attempts — there are no passwords to leak or reuse.
  • Session security. Sessions are managed server-side with signed, encrypted tokens and trusted-origin checks.
  • Workspace scoping. Every API route and server action verifies the caller's session and confirms that the requested store, deployment, or domain belongs to the caller's workspace before answering. Cross-tenant access is denied by design.

Tenant isolation

  • Data isolation. All stores, catalogs, domains, and deployment records are scoped to a workspace identifier end to end — from the dashboard through the API layer to every database query.
  • Serving isolation. Storefronts are resolved by hostname to a single workspace's published content. One merchant's storefront can never read another's data.

Content sandboxing

Storefront content is authored by merchants, so the platform treats it as untrusted by default:

  • MDX compiles through a strict allowlist — imports, exports, raw JavaScript expressions, scripts, iframes, and event handlers are stripped before anything renders.
  • Only platform-provided commerce components and a safe subset of HTML tags are permitted; URLs in links and images are validated against a safe scheme list.
  • Theme CSS is sanitized to design tokens — arbitrary CSS cannot be injected into the platform.
  • Repository validation rejects forbidden files (lockfiles, env files, executables) before a deployment can build.

GitHub integration

  • Least privilege. The Eon GitHub App requests only the repository permissions needed to read your storefront source and open pull requests you initiate.
  • Verified webhooks. All webhook deliveries are verified with HMAC signatures and rejected when verification fails.
  • PR-based write-back. Dashboard edits flow back to your repository as branches and pull requests — Eon never force-pushes to your production branch.

Deployments and change control

  • Immutable releases. Every deployment is validated, built, and published as an immutable bundle tied to a commit SHA.
  • Instant rollback. Activation flips serving atomically between bundles, so a bad release can be superseded in seconds.
  • Audit trails. Deployment stages, logs, catalog changes, and imports are recorded with timestamps for review.

Data handling

  • We collect the minimum personal information needed to operate the platform — see our Privacy Policy.
  • We do not sell personal information.
  • You can delete your account and associated data at any time; your repository always remains the source of truth for your storefront content.

Compliance

Eon is in early access and our formal compliance program (including SOC 2) is in progress. Enterprise customers with specific security requirements — questionnaires, DPAs, or architecture reviews — can reach us at security@tryeon.ai and we will work through them together.

Responsible disclosure

We appreciate the work of security researchers. If you believe you have found a vulnerability in Eon:

  1. Email security@tryeon.ai with a description, reproduction steps, and impact assessment.
  2. Do not access other customers' data, disrupt the service, or publicly disclose the issue before we have had a reasonable opportunity to address it.
  3. We will acknowledge your report promptly, keep you informed of remediation progress, and credit you if you would like.

Good-faith research conducted under this policy will not result in legal action by Eon.

Contact

Eon, Inc.
Attn: Security
security@tryeon.ai