How Goose Commerce keeps payment data safe and your customers protected.
Security is built into the Goose Commerce payment architecture from the ground up. No sensitive card data is ever stored on your server — all payment processing flows through your chosen gateway.
Goose Commerce never stores credit card numbers, CVV codes, or bank account details on your WordPress server or database. All payment data is handled entirely by your payment gateway (e.g. Stripe, PayPal), which is PCI-DSS compliant.
Goose Commerce enforces HTTPS on the cart and checkout pages. An SSL certificate is required for your domain. Most hosting providers include free SSL via Let’s Encrypt. Attempting to load the checkout over HTTP will redirect customers to HTTPS automatically.
All form submissions and AJAX requests in Goose Commerce use WordPress nonce verification to prevent CSRF (Cross-Site Request Forgery) attacks. Expired or invalid nonces are rejected and the user is prompted to reload the page.
Order data stored in the Goose Commerce database includes the last four digits of the card, card type, and transaction ID (for reference). This information is non-sensitive and is used only for display purposes in the admin. Full card details are never stored.
Download Goose Commerce free and sell with confidence from day one.
