Authentication
Two-factor authentication is mandatory for every role — owners, admins, and walkers. Sensitive admin actions (price changes, adding admins) can require step-up re-authentication.
Least-privilege access
Permissions are role-based and location-scoped: location admins and walkers only ever see and act on data for their own location. Every price, schedule, and role change is recorded in an immutable audit log.
Payments & PCI
Card data is handled entirely by Stripe via hosted payment elements, so cardholder data never touches Wiggles and Wags's servers — keeping your PCI scope to a minimum. Payment webhooks are the source of truth, so a booking is only confirmed once payment actually clears.
Data protection
- Encryption in transit (TLS) for all traffic.
- Database-level safeguards — including a constraint that makes double-booking impossible.
- Row-level security as defense-in-depth behind application authorization checks.
- Secrets kept in a managed vault, never in source.
Monitoring & resilience
Structured logging, error tracking, and alerting on payment failures and downtime help us catch issues early. Our infrastructure runs on managed, reputable cloud providers.
Reporting a vulnerability
Found something? We appreciate responsible disclosure — email security@wigglesandwags.dog and we'll respond promptly.