Security is built into QuicShop rather than left to you to configure. Here’s what’s protected for you, and the few things you control.
Protection against common attacks
QuicShop includes built-in defences against the most common web attacks:
- SQL injection (SQLi) — attempts to tamper with the database
- Cross-site scripting (XSS) — attempts to inject malicious scripts
- Cross-site request forgery (CSRF) — attempts to trick a logged-in user into unwanted actions
These protections apply across your storefront and seller surfaces without any setup on your side.
Secure payments
Payments run through Razorpay, which operates on PCI-compliant infrastructure. That means:
- Card details never touch your store — they’re entered and processed on Razorpay’s side.
- You don’t store, see, or have to safeguard raw card numbers.
HTTPS everywhere
Every storefront is served over HTTPS with SSL, including on your custom domain — the certificate is issued and renewed automatically (see Connect a custom domain). Customers see the secure padlock, which also helps conversions and SEO.
What you control
A platform can only do so much — protect your own account too:
- Use a strong, unique password for your QuicShop login.
- Give team members the right roles rather than sharing one login, so access matches responsibility.
- Remove access promptly when someone leaves your team.
In short: the platform handles attack protection, payment security and HTTPS; you handle good password and access hygiene.
Frequently asked
Is my QuicShop store secure?
Yes. QuicShop includes protection against common web attacks (SQL injection, XSS and CSRF), serves storefronts over HTTPS with SSL, and processes payments through Razorpay so card details never touch your store.
Do I store customers' card details?
No. Card and payment data is handled by Razorpay on PCI-compliant infrastructure — your store never sees or stores raw card numbers.