Security & Transparency
Overview
We take security seriously. Below are the key practices we follow to protect your data, secure payments, and keep billing transparent.
Payments & Webhooks
Payments are processed by Creem as our Merchant of Record. We verify payments server-side using webhook signatures and only grant credits after a verified checkout.completed event to prevent fraud.
Credit batches are created only after verified payment events, and each batch carries its own expiry date. This helps us ensure that payment state, tax handling, and credit access stay aligned.
Encryption & Access
Data is encrypted in transit (TLS). Access to customer data is restricted to authorised systems and personnel. Secrets (API keys, webhook secrets) are stored only in server environment variables.
Billing Integrity
We keep payment records, webhook receipts, and credit-batch history so we can investigate disputes, confirm expiry dates, and prevent duplicate credit grants. This also allows us to support refund reviews without relying on client-side claims.
Incident Reporting
If you suspect a security incident, contact us immediately at security@learnexy.com.