Security at Sellerside

SECURITY AT SELLERSIDE

Last Updated: 2025/06/30

Operated by LGC Innovations LLC

Address: 6407 Magnolia St, Milton, FL 32570

Website: https://www.sellerside.io

Contact: contact@sellerside.io

Phone: +33 6 98 23 03 53

At Sellerside, protecting your data — and your Amazon business — is our top priority.

We implement industry-standard security measures across our infrastructure, processes, and application to ensure confidentiality, integrity, and availability.

This page provides an overview of our security practices.

1. Infrastructure Security

1.1 Hosting

Sellerside is hosted on Amazon Web Services (AWS) in the United States.

AWS provides world-class physical and cloud security, including:

  • SOC 1 / SOC 2 / SOC 3 compliance
  • ISO 27001, 27017, and 27018 certifications
  • PCI DSS compliance
  • Redundant power, networking, and systems

1.2 Network Security

  • Firewalls and security groups restrict access to production systems
  • Network isolation for critical components
  • DDoS protection at the AWS infrastructure level
  • Regular security patches and updates

2. Data Protection

2.1 Data in Transit

All data transmitted between you and Sellerside is encrypted using TLS 1.2+.

2.2 Data at Rest

All application and Amazon SP-API data stored by Sellerside is encrypted using AES-256, an industry-standard encryption protocol.

2.3 SP-API Data Access

We only access non-restricted Amazon SP-API data.

We do not access or store any buyer PII (no names, addresses, emails, phone numbers).

We do not request or use Restricted Data Tokens (RDT).

2.4 Data Retention

  • Amazon SP-API data retained up to 18 months, per Amazon’s Data Protection Policy
  • Data deleted within 21 days after account termination
  • Account personal data deleted within 30 days
  • Users may request early deletion at any time

3. Application Security

3.1 Authentication

  • Secure password hashing
  • Optional/mandatory two-factor authentication (2FA)
  • Session management and token-based authentication
  • Automatic logout after long inactivity periods

3.2 Authorization

  • Role-based access controls (RBAC) for internal and user accounts
  • Separate permissions for sub-users
  • Access to Amazon data strictly limited to the owner’s account

3.3 Secure Development Practices

  • Code reviews
  • Separation of development and production environments
  • Secrets managed securely
  • Continuous improvement of security measures

4. Internal Security Controls

4.1 Access Management

Internal system access is strictly limited to authorized team members.

Access is granted on a least privilege basis.

4.2 Monitoring & Logging

  • Monitoring of API access patterns
  • Logging of authentication and authorization events
  • Alerting for suspicious or unusual behavior
  • Traceability for incident analysis

4.3 Employee Security

  • Confidentiality agreements for staff and contractors
  • Security training for technical personnel
  • No access to customer Amazon data unless explicitly required for support

5. Payment Security

Payments are processed through Stripe, a certified PCI DSS Level 1 provider.

Sellerside never stores:

  • full credit card numbers
  • CVV codes
  • full payment details

Stripe handles all sensitive billing information.

6. Data Breach Response

In the event of a confirmed data breach affecting your data:

  1. We will notify impacted users without unreasonable delay
  2. We will notify Amazon when required by the SP-API Data Protection Policy
  3. We will provide relevant details as they become available
  4. We will take corrective actions
  5. We will cooperate to mitigate any impact

We maintain internal incident response procedures to ensure rapid and transparent handling.

7. User Responsibilities

Security is a shared responsibility.

Users are responsible for:

  • Keeping login credentials secure
  • Using strong passwords and enabling 2FA
  • Restricting internal access to trusted team members
  • Revoking Amazon SP-API access if needed
  • Ensuring compliance with Amazon policies on their account

8. Compliance

Sellerside adheres to:

  • Amazon SP-API Data Protection Policy
  • Amazon Acceptable Use Policy
  • Amazon Developer Agreement
  • Industry-standard SaaS security practices
  • GDPR-aligned privacy practices for EU users (see our Privacy Policy)

9. Contact Our Security Team

If you believe you have discovered a security vulnerability or if you have any questions about security at Sellerside, please contact:

security@sellerside.io

We take all reports seriously.

Your Security Is Our Priority

Sellerside is committed to maintaining a secure environment for your data and your Amazon business. As our platform evolves, we continuously improve our security practices to stay aligned with best-in-class industry standards.

Continuer sans accepter
Politique relative aux cookies
Avec votre accord, nos partenaires et nous-mêmes utilisons des cookies pour le fonctionnement de notre site web, à des fins d'analyse et de publicité. Vous pouvez activer ou désactiver les cookies optionnels selon votre choix. Voir notre Politique de confidentialité pour plus d'informations.
Accepter et fermerChoisir mes cookies
Continuer sans accepter
J'accepte tous