Blabbe is built with a security-first architecture, designed to protect store data, shopper interactions, and system integrity at every layer. The platform combines store-level isolation, authenticated access, controlled execution, and rate-limited operations to ensure that all interactions remain secure and scoped.
1. Architecture Overview
Blabbe operates as a multi-tenant system with strict store isolation. Each Shopify store operates as an independent environment with its own scoped data access and cannot access or interact with data from other stores.
All requests are validated against the store identity before any processing occurs, ensuring data remains logically separated at all times.
2. Store-Scoped Access Control
All access to Blabbe is controlled through store-level authentication, session validation, and domain verification. Key principles include:
- Every request must be associated with a valid store
- Unauthorized or mismatched requests are rejected
- Store identity is enforced at the API and middleware layers
3. Separation of Access Layers
Blabbe enforces a strict separation between Storefront Access (Shopper Layer) and Merchant Admin Access. This ensures that shoppers cannot access merchant data and merchant systems remain isolated from public interaction.
4. Controlled Execution of Operations
Blabbe does not allow arbitrary execution of actions. All operations (product retrieval, policy access, cart flows) are predefined and pass through validation layers before intent and parameter checks.
5. API Protection and Rate Limiting
Blabbe enforces multiple layers of rate limiting (per-session, per-IP, per-store, and per-endpoint) to protect against:
- Spam and abuse
- Automated attacks
- Resource exhaustion
6. Streaming and Session Safety
Blabbe uses controlled streaming for assistant responses with safeguards like one active stream per session and automatic release of failed requests.
7. Data Isolation and Storage
Blabbe stores data in a structured, scoped manner where store data is partitioned per store and chat sessions are tied to a specific store. There is no shared data layer across stores.
8. AI Interaction Boundaries
Blabbe enforces strict boundaries on AI processing. AI receives only the data required for the current request, and context is limited to recent history.
- No unrestricted AI access to databases
- No exposure of raw system data to AI models
- No usage of shopper conversations for global training
9. Authentication and Token Handling
Blabbe uses secure token-based authentication for storefront sessions and merchant API access. Tokens are scoped and validated, and access is restricted to authorized requests.
10. Infrastructure and Reliability
Blabbe relies on modern cloud infrastructure with controlled environment access, secure storage, and monitoring for anomalies.
11. Monitoring and Abuse Prevention
Blabbe continuously monitors for unusual usage patterns, excessive request rates, and malformed requests. Protective actions include throttling and temporary blocking.
12. Data Protection Approach
Blabbe’s data protection model includes minimal data processing, purpose-limited usage, and scoped storage. Data is never shared across stores.
13. Incident Response
In the event of a security issue, systems are designed to isolate affected components and relevant parties will be notified where required.
14. Shared Responsibility Model
Security in Blabbe follows a shared responsibility model:
15. Continuous Improvement
Blabbe continuously evolves its security practices to adapt to new threats and improve system resilience. Security is treated as an ongoing process.
Our security team is available for deep-dive technical reviews.
Contact Security