Security & Privacy
SweetCode Cloud is designed with security and privacy as core principles. This page explains how your data flows through the system, how credentials are protected, and how customer privacy is maintained.
Data Flow Architecture
Section titled “Data Flow Architecture”SweetCode Cloud is a pass-through proxy — event data flows through the system and is forwarded to your configured destinations. No customer data is permanently stored.
Browser → ssp.yourshop.com → Cloudflare Edge Worker → Ad Platform APIs ↓ Temporary event log (retained per plan, then deleted)What Is Stored
Section titled “What Is Stored”| Data Type | Storage Duration | Purpose |
|---|---|---|
| Event logs | 1 hour – 30 days (per plan) | Debugging and monitoring |
| Destination credentials | Until domain is deleted | Forwarding events to APIs |
| Account information | Until account is deleted | Authentication and access |
| Usage metrics | Current billing period | Quota tracking and billing |
What Is NOT Stored
Section titled “What Is NOT Stored”- Raw customer personal data (emails, IP addresses, etc.) — passed through only
- Payment information — handled entirely by Freemius (our billing provider)
- Browser cookies or tracking data
Credential Encryption
Section titled “Credential Encryption”API credentials (access tokens, pixel IDs, ad account IDs) from your Pixel Manager for WooCommerce configuration are sensitive. SweetCode Cloud protects them as follows:
- Encrypted at rest — All credentials are encrypted using AES-GCM (256-bit) before being stored in the database. Even if the database were compromised, credentials would be unreadable without the encryption key
- Masked in the dashboard — Credentials are never displayed in full in the SweetCode Cloud UI. You’ll see masked values like
sk-****...7f3a - Encrypted in transit — All communication (browser to edge, edge to destinations) uses TLS encryption
- Sync tokens are hashed — The sync token used to connect Pixel Manager to SweetCode Cloud is stored as a SHA-256 hash, not in plain text
Request Verification
Section titled “Request Verification”SweetCode Cloud uses a two-tier verification system to ensure that proxy requests are legitimate and not from bots, scrapers, or unauthorized sources.
Tier 1: Token Verification
Section titled “Tier 1: Token Verification”Every proxy request includes an X-SSP-Token header containing a per-domain token. This token is generated during the Pixel Manager sync process and is unique to each domain. The Worker verifies the token against the stored value before processing the event.
This prevents unauthorized parties from sending fake events through your proxy endpoint.
Tier 2: Session Cookie Verification
Section titled “Tier 2: Session Cookie Verification”For enhanced security, SweetCode Cloud also supports a second verification layer using a server-signed session cookie (ssp_v). This cookie is issued by the Worker on verified requests and validated on subsequent requests. It provides an additional signal that the request originated from a legitimate browser session on your store.
Bot Filtering
Section titled “Bot Filtering”Known bot user agents are automatically rejected at the edge before any processing occurs. This includes common automation tools like curl, python-requests, Go-http-client, HTTPie, wget, and node-fetch.
Additionally, a per-domain token (generated during the sync process) binds each request to its domain configuration, helping to ensure that only genuine browser-originated events are forwarded to your destinations.
Authentication Security
Section titled “Authentication Security”Magic Link Authentication
Section titled “Magic Link Authentication”SweetCode Cloud uses magic link authentication — no passwords are stored or transmitted:
- A single-use magic link is emailed to your address when you log in
- Links expire after 15 minutes and can only be used once
- Login attempts are rate-limited to 5 per email per hour to prevent abuse
- Cloudflare Turnstile (a CAPTCHA alternative) is used on the login page to prevent automated login attempts
Session Management
Section titled “Session Management”- Customer sessions expire after 30 days of inactivity
- Sessions can be invalidated by logging out
- Each session is tied to a unique, cryptographically random token
Infrastructure Security
Section titled “Infrastructure Security”SweetCode Cloud runs entirely on Cloudflare’s infrastructure:
- Cloudflare Workers — Code executes on Cloudflare’s edge network across 300+ global locations. There are no traditional servers to compromise
- Cloudflare D1 — Database storage with automatic encryption at rest
- Cloudflare Custom Hostnames — TLS certificates are automatically provisioned and renewed for each customer domain
- WAF (Web Application Firewall) — Custom WAF rules are deployed to protect against malicious traffic patterns
Rate Limiting
Section titled “Rate Limiting”To protect both the platform and your account:
| Scope | Limit |
|---|---|
| Proxy events | 120 req/IP/minute |
| Login attempts | 5 req/email/hour |
| Management API | 60 req/session/min |
Rate-limited requests return a 429 status code and do not count toward your monthly quota.
GDPR Compliance
Section titled “GDPR Compliance”SweetCode Cloud is designed to be compatible with GDPR and similar data protection regulations:
- Cloudflare’s Data Privacy Framework — Cloudflare is listed in the EU-U.S. Data Privacy Framework program, providing a mechanism for complying with data protection requirements when transferring personal data from the EU to the U.S.
- Data minimization — We process only the data needed to forward events to your configured destinations. We don’t collect, analyze, or profile customer data for our own purposes
- Limited retention — Event logs are retained only for the duration specified by your plan (1 hour to 30 days), then permanently deleted
- No data sharing — Customer data is forwarded only to the destinations you configure. We never sell, share, or use your data for advertising, analytics, or any purpose beyond delivering it to your specified platforms
- Data processing only as instructed — SweetCode Cloud acts as a data processor, handling data only as directed by your configuration
First-Party Data Collection
Section titled “First-Party Data Collection”Because SweetCode Cloud operates through a first-party subdomain on your domain (e.g. ssp.yourshop.com), tracking requests appear as first-party traffic from the visitor’s perspective. This provides several benefits:
- Not blocked by ad blockers — Unlike third-party tracking domains, first-party subdomains are generally not blocked
- Better cookie handling — Browser restrictions on third-party cookies don’t apply
- Improved data accuracy — More events successfully reach your ad platforms, improving attribution and optimization
This is a key architectural advantage of server-side proxy tracking compared to direct server-to-server calls from your WooCommerce server.
Security Best Practices
Section titled “Security Best Practices”To keep your SweetCode Cloud setup secure:
- Keep Pixel Manager updated — Use the latest version for security patches and protocol improvements
- Regenerate tokens if compromised — If you suspect your Sync Token has been exposed, regenerate it from the domain detail page in the dashboard
- Review team access — Periodically review your organization members and remove anyone who no longer needs access
- Monitor the Events page — Unusual patterns in event volume or sources may indicate unauthorized use of your proxy endpoint
- Rotate destination credentials — Periodically regenerate access tokens in your ad platforms and update them in Pixel Manager