Security & data protection

Seller data, protected by design.

SellerPulse is built on the principle that seller data must be secure, private, and used only to deliver the Service. This page describes the controls we apply today to protect your data, including data accessed via the Amazon Selling Partner API.

We intentionally list only controls that are in place today. Where an industry-standard item is not yet shipped, we don’t claim it — we’d rather you trust the list than discover an asterisk later.

Controls in place today

The controls that protect your data

Grouped by what they defend: your data at rest and in transit, who can reach it, how the application is hardened, and where it runs.

Data protection

Encryption everywhere it matters

  • Encrypted in transit

    All data in transit is encrypted with TLS 1.2 or higher, with TLS 1.3 preferred. Certificates are issued and auto-renewed by Let’s Encrypt via Caddy.

  • Per-data-class keys at rest

    Sensitive fields — marketplace refresh tokens, accounting integrations, and AI provider keys — are each encrypted at rest with AES-256-GCM under separate, per-data-class keys, so a compromise of one key does not expose the others.

  • Amazon SP-API tokens

    Amazon SP-API refresh tokens are encrypted at rest with AES-256-GCM using a dedicated encryption key that is never logged.

  • Passwords never stored in plaintext

    Customer passwords are hashed with bcrypt — never stored in plaintext, never reversible. Cloud volume storage is additionally encrypted at rest by the provider.

Access control

Least privilege, tenant by tenant

  • Tenant-isolated access

    Application access to customer data is scoped by tenant: every query is bound to the seller account that owns the data.

  • Short-lived sessions

    Customer accounts use JWT-based authentication with short-lived access tokens. Changing your password immediately invalidates all previously issued tokens.

  • Rate-limited sensitive actions

    Password change, account deletion, SP-API disconnect, and authentication endpoints are rate-limited to prevent brute-force and abuse.

  • Key-only server access

    Production server access is restricted to SSH key authentication only — password login is disabled.

Application security

Hardened at every request

  • Strict input validation

    All API endpoints enforce strict input validation before any request is processed.

  • OAuth state binding

    SP-API connection flows use OAuth state validation with short-lived (15-minute) one-time tokens to prevent CSRF.

  • Security response headers

    Every page ships HSTS with preload, X-Frame-Options DENY, X-Content-Type-Options nosniff, Referrer-Policy strict-origin-when-cross-origin, and a Permissions-Policy that disables sensors and payment APIs.

  • Secrets never in source control

    API keys and secrets are stored as environment variables on the production host with restrictive file permissions, never committed to source control.

Infrastructure

Built on managed EU infrastructure

  • EU-hosted, firewalled

    Production runs on managed cloud infrastructure in the EU (Hetzner Cloud, Falkenstein region), behind a managed cloud firewall plus a host-level firewall (ufw). Only HTTPS (443) and SSH (port 22, key-only) are reachable from the public internet.

  • Edge protection

    The marketing website is served by Cloudflare with global edge caching and DDoS protection.

  • Daily encrypted backups

    Daily automated PostgreSQL backups are stored on encrypted cloud storage, with a 14-day retention window before automatic purge.

  • Payments off our infrastructure

    PCI-DSS compliance for payments is maintained via Stripe; SellerPulse does not store or process raw payment card data.

Marketplace data

Amazon Selling Partner API data handling

The data you connect through Amazon SP-API is handled under least privilege and used only to run the Service for you.

Read-only by default
  • We use Amazon SP-API in accordance with Amazon’s Acceptable Use Policy and Data Protection Policy.
  • We request only the SP-API roles necessary to deliver the features you have enabled.
  • Read-only access by default; write operations require explicit per-feature opt-in.
  • SP-API data is used solely to operate the Service for the customer who provided it. It is never sold, never used to train AI models, and never shared with third parties for marketing or profiling.
  • Amazon buyer personally identifiable information (PII) is not stored unless strictly required by a service feature for which Amazon has granted us the corresponding restricted SP-API role.
  • You can revoke SP-API access at any time. Doing so immediately invalidates and deletes our stored refresh tokens.

Data ownership

Your data stays yours.

We hold your data to run the Service — nothing more. Retention is bounded, deletion is honored, and it is never repurposed.

  • SP-API data is used solely to operate the Service for you. It is never sold, never used to train AI models, and never shared with third parties for marketing or profiling.
  • Active customer account data is retained for the duration of the account.
  • On account closure, customer data is deleted within 30 days, except where retention is legally required (e.g., tax records).
  • SP-API refresh tokens are deleted immediately on disconnection.

Sub-processors

Who we work with, and why

A short, disclosed list of the infrastructure and service providers that help us operate SellerPulse.

ProviderPurpose
Hetzner Cloud EU (Falkenstein, Germany)Application hosting and database
Cloudflare Global edgeMarketing site delivery, edge caching, DDoS protection
Anthropic No training on your data United StatesAI advisor (Claude API)
Stripe GlobalPayment processing (PCI-DSS)

Compliance

Frameworks we align to

  • PCI-DSS — Payments handled by Stripe; no raw card data stored.
  • Amazon SP-API DPP — Data Protection Policy compliant.
  • GDPR-aligned — For EEA, UK, and Swiss customers — see the Privacy Policy.
  • CCPA / CPRA-aligned — For California residents.

Incident response

If something goes wrong

  • If a security incident affects your data, we will notify you within 72 hours of confirming the incident, in line with applicable law.
  • Vulnerability reports are accepted at the address below and acknowledged within two business days.

Responsible disclosure

Report a security issue

We appreciate the security research community. If you believe you’ve discovered a vulnerability, please report it responsibly. We aim to acknowledge reports within two business days. Please do not publicly disclose the issue until we’ve had reasonable time to investigate and remediate.

Read our Privacy Policy for the legal framework that governs how we handle your data.

SellerPulse

Multi-channel accounting, reconciliation, and AI for marketplace sellers.

© 2026 CASHSMITH L.L.C-FZ. SellerPulse is a product of CASHSMITH L.L.C-FZ. All rights reserved.

Contact: info@getsellerpulse.com

CASHSMITH L.L.C-FZ is a company registered at Meydan Free Zone, Dubai, United Arab Emirates. SellerPulse is not affiliated with, endorsed by, or sponsored by Amazon.com, Inc. or its affiliates. Amazon, the Amazon logo, and all related marks are trademarks of Amazon.com, Inc. or its affiliates.