Security

Last updated: July 8, 2026

Distributors run their business on Minori Midori: their catalog, their customer list, their negotiated prices, their order history. This page describes, in plain language, how that data is protected. We would rather tell you exactly what we do than gesture at badges — so everything below is specific, and nothing is aspirational.

Tenant isolation is enforced by the database

Every distributor’s data lives behind row-level security policies in Postgres — the database itself refuses to return another tenant’s rows, regardless of what the application asks for. Isolation is not a convention in our application code; it is a rule the database enforces on every query.

Every release that touches the schema, authentication, or payments goes through an internal security audit before it ships: we probe cross-tenant access in both directions with real accounts, review every database policy, and run automated security advisors on the database. When an audit finds a weakness, fixing it blocks the release.

Card data never touches our servers

All card payments are processed by Stripe, a PCI DSS Level 1 certified payment processor. Card numbers are entered on Stripe-hosted payment pages and are never sent to, processed by, or stored on Minori Midori systems. Each distributor’s sales settle to that distributor’s own Stripe account — we are the platform, not the holder of your funds. Payment webhooks are signature-verified and processed idempotently.

Wholesale prices are confidential

Negotiated per-customer prices are commercially sensitive, and we treat them that way: a wholesale buyer can only ever read their own price list. Database policy prevents any customer — or anonymous visitor — from reading another account’s negotiated prices. This is the same isolation mechanism described above, applied to the data distributors care most about.

Accounts and sessions

Passwords are hashed with an industry-standard algorithm and are never stored or logged in plain text; Google sign-in is available if you prefer not to have a password at all. Email confirmation and password-reset links are single-use tokens. Sessions use short-lived signed tokens that refresh automatically. Login, signup, and password-reset endpoints are rate-limited to blunt credential stuffing, and money-adjacent actions carry their own limits.

Encryption and infrastructure

All traffic is encrypted in transit with TLS, on the platform and on every storefront, including custom domains. Data is encrypted at rest by our infrastructure providers (Supabase for the database and file storage, Vercel for hosting). Service credentials follow least privilege: privileged keys exist only in server-side code, are never shipped to browsers, and administrative database access is not used in normal request handling.

What we don’t claim

We are a young platform and we do not yet hold formal certifications such as SOC 2 or ISO 27001, and we have not yet commissioned an external penetration test. When that changes, this page will say so. In the meantime we publish exactly what we do, and if your security review needs more detail, talk to us — we will answer specifically.

Reporting a vulnerability

If you believe you have found a security issue, email [email protected] with enough detail to reproduce it. We read every report, we will respond promptly, and we will not pursue anyone who reports in good faith and gives us a reasonable window to fix the issue before disclosure. Machine-readable contact details are published at /.well-known/security.txt.