Payments privacy for WooCommerce · Private beta

Private Stripe payments for WooCommerce.

VeilPay creates Stripe-hosted payment links from WooCommerce orders without exposing product names, SKUs, cart contents, or storefront URLs.

View demo → See how it works

Stripe-hosted checkout WooCommerce stays source of truth No card data touches VeilPay

woocommerce_order · #10492

4 items · THB 3,420.00 · pending

REDACT & FORWARD

veilpay.intent · minimized payload

Order Payment #10492 · THB 3,420.00

HMAC-SIGNED

stripe.checkout.session · hosted

Customer pays on Stripe · success_url callback

POST · stripe/checkout/sessions payload

// What VeilPay sends
{
  "description": "Order Payment #10492",
  "amount": 342000,
  "currency": "thb",
  "reference": "wc_10492"
  // line_items, product_data, metadata — omitted
}

Designed for stores that sell —

WHOLESALE / CO

Member Only

NORTH · 42

Atelier Nord

PRIVATE LIST

01 · The problem

Standard checkouts leak more order detail than they need to.

When a customer pays, the default Woo → Stripe handoff carries your whole cart: named line items, SKUs, product metadata, category hints, and storefront return URLs. That's fine for a generic catalog. It's a problem for everyone else.

Default Woo → Stripe payload verbose

description"Premium Bulk Rye Flour 25kg — WholesaleCo"

line_items[0]sku=RYE-BULK-25 · qty=12

line_items[1]sku=SALT-FLK-5K · qty=4

metadata.category"wholesale/restricted"

metadata.images[]https://shop.../rye-25kg.jpg

success_urlhttps://shop.example.com/order/10492

Product names end up in Stripe records.

Descriptor strings, line-item titles, and custom metadata all persist on the payment object — searchable by anyone with Stripe dashboard access.

SKUs and categories hint at your catalog.

Bulk quantities, restricted categories, and internal codes shouldn't be part of the payment trail. For wholesale and regulated sellers, that's operational metadata.

Return URLs disclose your storefront path.

Success and cancel URLs tie every payment back to a specific product page — even for member-only or invite catalogs you'd rather not index.

More surface area than you asked for.

Every extra field sent to a processor is a field to audit, rotate, and defend — for a flow that only really needs amount, currency, and reference.

02 · The layer

VeilPay is the quiet seam between WooCommerce and Stripe.

WooCommerce keeps the real order — products, customer, fulfillment, stock. VeilPay sends Stripe only what a payment processor needs: a generic description, a total, a currency, and a reference. Stripe sends a signed webhook back. Your catalog never leaves Woo.

POST · checkout/sessions · VeilPay → Stripe

{
  "mode": "payment",
  "payment_method_types": ["card"],
  "line_items": [
    {
      "price_data": {
        "currency": "thb",
        "unit_amount": 342000,
        "product_data": {
          "name": "Order Payment #10492"
        }
      },
      "quantity": 1
    }
  ],
  "client_reference_id": "wc_10492",
  "success_url": "https://veilpay.app/r/wc_10492",
  "cancel_url": "https://veilpay.app/c/wc_10492"
  // No SKUs. No catalog metadata. No storefront URLs.
}

Sent to Stripe

✓description: "Order Payment #10492"string

✓amount: 342000integer

✓currency: "thb"ISO-4217

✓reference: "wc_10492"opaque

Stripped before send

✕product names, images, SKUs—

✕cart line items & quantities—

✕categories, tags, attributes—

✕storefront success/cancel URLs—

03 · How it works

Four steps. No rewiring your store.

Drop in the VeilPay plugin, point your Stripe keys at it, and set it as your WooCommerce payment method. The rest of your checkout, fulfillment, and order flow stays exactly where it is.

Step 01

Customer checks out in WooCommerce.

Your existing Woo checkout — same theme, same fields, same shipping and tax calc.

Cart · 4 items—

Item A× 12

Item B× 4

TotalTHB 3,420.00

Step 02

Woo creates the real pending order.

Products, customer, shipping, stock — all recorded in WooCommerce as the source of truth.

wc_order · #10492

pending · 4 line items · THB 3,420.00

Step 03

VeilPay builds a generic Stripe-hosted page.

Amount, currency, opaque reference. No product data. Stripe hosts the actual payment.

description: "Order Payment #10492"

amount: 342000 thb

ref: wc_10492

Step 04

Stripe success updates the Woo order.

Signed webhook lands on your store, VeilPay resolves the reference, Woo marks the order paid.

payment.succeeded

wc_10492→ paid

HMACverified

04 · Capabilities

Purpose-built for Woo shops that care about what leaves the building.

Generic Stripe payment links

Every session carries a neutral description, a total, a currency, and an opaque reference — nothing more.

WooCommerce order sync

Two-way state: Woo creates the order, VeilPay reconciles the payment, Woo shows "paid" when Stripe confirms.

Signed webhook callbacks

HMAC-SHA256 on every inbound callback. Replay protection with timestamped nonces. Rejected at the edge.

No catalog data in Stripe

SKUs, product names, images, categories, tags, and attributes never leave WooCommerce. Nothing to redact later.

Test-mode sandbox

Separate Stripe test and live keys with a guarded toggle. Dry-run a full order before flipping production.

Works with existing Woo stores

Install as a WooCommerce payment method. No theme rewrite, no migration. Live in an afternoon.

05 · The difference

Side by side.

Same buyer, same Stripe-hosted checkout, same Woo back office. Different payload.

Data point	Standard Woo + Stripe	VeilPay
Product names sent to Stripe	● sent verbatim	○ omitted
SKU and variant metadata	● attached	○ stripped
Cart line-item details	● full breakdown	○ single total
Storefront return URL	● shop.example.com/...	○ veilpay.app proxy
WooCommerce order preservation	— kept in Woo	● kept in Woo
Stripe-hosted payment page	— yes	● yes
Webhook-driven order updates	— yes	● yes · HMAC-signed

06 · Trust model

Minimal metadata. Maximum signal.

VeilPay is a forwarder, not a vault. We don't store your orders, we don't see card numbers, and we don't hold funds. The security posture is simple because the surface is small.

HMAC-signed requests

SHA-256 signatures with timestamped nonces on every Woo ↔ VeilPay call. Replay-proof by construction.

Test / live separation

Separate keychains, separate endpoints, separate audit trails. Flipping environments is an explicit action.

Minimal metadata

Only amount, currency, reference, and a generic description ever cross the wire to Stripe. Audit is trivial.

Orders stay in Woo

Products, customers, addresses, and fulfillment detail remain in WooCommerce. VeilPay has no persistence of order data.

No card data, ever

Customers enter card details on Stripe-hosted pages. PAN never touches WooCommerce, never touches VeilPay.

07 · Who it's for

Built for catalogs that don't want to be indexed on their payment processor.

Wholesale catalogs

Bulk SKUs, tiered pricing, and internal codes that don't belong on every payment line.

B2B

Private member shops

Invite-only catalogs where product titles shouldn't appear in external records.

GATED

Sensitive categories

Regulated or discretion-first verticals where product names imply context you'd rather not share.

DISCREET

Multi-store operators

A single Stripe account behind many Woo stores, with consistent generic descriptors across all of them.

OPS

Cleaner Stripe records

Uniform descriptors for reconciliation, bookkeeping, and dispute narratives. Easier to read, easier to audit.

FINANCE

08 · Pricing

Flat monthly, no per-transaction fees.

Stripe's fees are Stripe's. VeilPay is a fixed subscription — priced by store count and private checkout volume, not as a cut of your revenue.

Starter

$59 / month

Small Woo stores testing the flow.

✓1 Woo site
✓500 private checkouts / month
✓Stripe test & live mode
✓Generic payment links
✓Signed webhooks

View Starter demo →

Growth Most popular

$129 / month

Active stores.

✓3 Woo sites
✓3,000 private checkouts / month
✓Webhook retry logs
✓Payment-link cleanup
✓Priority support

View Growth demo →

Scale

$349 / month

Multi-store / wholesale operators.

✓10 Woo sites
✓25,000 private checkouts / month
✓Advanced logs
✓Custom descriptors & templates
✓Slack & email alerts

View Scale demo →

All plans include sandbox mode · 14-day trial · Cancel any time · Stripe processing fees billed by Stripe directly.

08 · Plainly

What VeilPay is, and what it isn't.

Does VeilPay hide my Stripe business identity?

No. Stripe still sees your Stripe account, the payment amount, the customer's payment details, and any compliance data Stripe requires. VeilPay only minimizes the catalog and order detail sent from WooCommerce — not your merchant identity.

Does VeilPay process card data?

No. Customers enter their card on Stripe-hosted checkout pages. PAN, CVC, and authentication flow never touch WooCommerce or VeilPay. We're a forwarder, not a processor.

Does WooCommerce still keep the full order?

Yes. WooCommerce remains the source of truth for products, customer details, shipping, fulfillment, stock, and tax. Nothing changes in how you run the store or ship goods.

Is this for avoiding compliance?

No. VeilPay is a data-minimization and payment-architecture tool, not a way to bypass payment processor rules, sanctions screening, or card network policies. If Stripe doesn't permit a product category, VeilPay doesn't change that.

How does the install work?

VeilPay ships as a standard WooCommerce payment method plugin. You add your Stripe keys and a VeilPay signing secret, enable it at checkout, and test in sandbox mode before going live.

What about refunds and disputes?

Refunds are initiated from Woo or the Stripe dashboard as usual — the opaque reference links the two sides. Dispute evidence is handled on Stripe; because descriptors are uniform, dispute narratives stay crisp.