Security
Last updated: 20 May 2026Account protection
SellerEngine accounts use email verification, mandatory two-step verification (TOTP) for every non-demo user, and short-lived pre-auth challenges that are signed to prevent tampering. Passwords are stored only as salted PBKDF2 hashes — never in plain text. Sign-in, verification and other sensitive endpoints are rate-limited with automatic lockout to blunt brute-force attempts. Sessions use secure, HTTP-only cookies with idle-timeout enforcement.
Workspace & data isolation
Every registered user has a private, partitioned workspace. Each record is scoped to its owner so that no other customer — and no other workspace — can read it. Demo accounts are fully isolated, reset on sign out and never call Amazon connections. Production apps stay empty until you connect Amazon and complete the first sync.
Data protection
All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Amazon refresh tokens receive an additional application-layer encryption with a key that our infrastructure providers never see. Sensitive endpoints require an authenticated session, and every sensitive account and sync operation is recorded in append-only audit logs.
Application security
Database access uses parameterised queries to prevent injection, dynamic output is escaped to prevent cross-site scripting, and exported files are sanitised against spreadsheet formula injection. A restrictive Content Security Policy and hardened HTTP response headers are enforced at the edge. Internal service-to-service calls between our edge and compute layers are authenticated with rotating HMAC signatures.
Backups & disaster recovery
SellerEngine performs automated periodic snapshots of your workspace. Snapshots are encrypted, append-only and replicated to an off-provider EU location using separate AES-256-GCM encryption that the off-provider does not hold. This is designed to survive the loss of any single infrastructure provider without exposing your data. The replication path and exact retention windows are not published for operational security reasons.
Data residency & compliance
Your data is processed and stored within the European Union across our edge and compute providers, each bound by a GDPR data-processing agreement. We follow data-minimisation and purpose-limitation principles and collect only what each tool needs to function.
Customer controls
From your account's danger zone you can export your data or delete your account permanently. Both actions require a valid authenticator code. The export is delivered as an encrypted download link valid for 24 hours. Deletion cascades across all subprocessors within 30 days, except for immutable financial and compliance records we are legally required to keep.
Responsible disclosure
For security questions or vulnerability reports, contact [email protected]. Our security contact is also published at /.well-known/security.txt. We appreciate coordinated disclosure and will work with you to verify and resolve valid reports.
