Infinity & Beyond
Powered by Brilliant Displays
Trust

Trust & Security.

This page is maintained by the owner of Infinity & Beyond to answer common security and privacy questions about the storefront and Brilliant Displays production. It describes the controls currently in place; it is not an independent certification or third-party audit.

Accounts & sign-in

  • Accounts are protected by email + password or Google sign-in through our managed authentication provider.
  • Passwords are never stored in plaintext — only salted hashes managed by the auth provider.
  • Sign-in sessions use secure tokens with automatic refresh and revocation on sign-out.
  • The admin area is restricted to staff accounts and gated at both the page and API layers.

Payments

  • All payments are processed by Stripe. We never see or store full card numbers.
  • Checkout runs on Stripe's embedded checkout, which is PCI-DSS Level 1 compliant.
  • Webhook callbacks from Stripe are verified with a signed HMAC secret before any order state changes.
  • Refund and dispute handling is performed only by authorized staff.

Data protection

  • The database enforces row-level security: customers can only read and modify their own orders, requests, carts, wishlists, and reviews.
  • Internal fields (inventory counts, stock thresholds, admin notes, vendor data) are blocked from public API reads at the column level.
  • Connections between your browser and our servers use TLS (HTTPS) end-to-end.
  • Sensitive backend secrets and API keys are stored in a managed secrets vault — never in browser code or source control.

Email & communications

  • Transactional emails (order receipts, shipping updates, quote responses) are sent through our verified sender domain with SPF and DKIM signatures.
  • Customers can unsubscribe with one click; suppressed addresses are honored automatically on future sends.
  • Marketing-style emails are sent only with explicit opt-in.

File uploads

  • Artwork uploads for custom and bulk requests are stored in a private bucket. Only the submitting customer and staff can access them.
  • Public links are never generated for customer artwork.

Operational practices

  • Staff access is role-based; admin actions are recorded in an internal audit log.
  • Backend infrastructure is hosted on managed cloud providers with automatic patching and continuous monitoring.
  • Regular automated security scans review the application and database for common misconfigurations.

Your privacy rights

For details on what data we collect, how long we keep it, and how to request access or deletion, see the Privacy Policy. For terms of use, see the Terms of Service.

Reporting a security issue

If you believe you've found a vulnerability or have a security concern, please reach out through our contact page. We take responsible disclosure seriously and will respond as quickly as we can.

Shared responsibility: the controls above describe what Infinity & Beyond operates. Account security also depends on customers using a strong unique password, keeping their email account secure, and signing out of shared devices.