Effective April 30, 2026

Security Policy

This Security Policy explains the shared responsibility model for protecting a commerce AI SaaS product and connected store/customer data.

1. Security program

Laris uses a risk-based security program designed to protect the confidentiality, integrity, and availability of the service. The program may include access controls, least-privilege permissions, encryption in transit, vendor review, backups, logging, monitoring, incident response, and secure development practices.

2. Shared responsibility

Merchants are responsible for account access, strong passwords, access reviews, device security, integration scopes, Shopify permissions, messaging platform permissions, and staff training.
Merchants must keep product data, customer policies, checkout rules, return rules, and support instructions accurate.
Merchants should avoid sending unnecessary sensitive data to Laris and should configure human review for sensitive workflows.

3. Incident response

If Laris confirms a security incident affecting customer data, Laris will take steps to investigate, contain, remediate, and notify affected customers as required by law and applicable agreements. Security notifications may be sent to account administrators or designated contacts.

4. Vulnerability reporting

Please report suspected vulnerabilities through the contact form on this website. Do not access, modify, delete, exfiltrate, or disclose data that does not belong to you. Give Laris reasonable time to investigate and remediate before public disclosure.

5. No absolute security guarantee

No service can guarantee absolute security. Laris does not warrant that the service will be immune from unauthorized access, vulnerabilities, interruptions, or attacks. Customers should maintain backups, incident response plans, and appropriate insurance for their own business operations.