Operational security

Security Practices

We use practical administrative and technical controls to protect company systems, website information, Amazon API data, seller data, and internal operational records.

Access controls

Administrative and internal system access is limited to authorized personnel.
Accounts should use strong passwords and may be reviewed, rotated, suspended, or removed when access is no longer required.
Permissions are assigned based on business role and operational need.
Credential sharing, unauthorized exports, and access from unknown users are prohibited.

Technical safeguards

Public website traffic is served through HTTPS.
API credentials and tokens are restricted to approved systems and protected from public exposure.
System logs may be used to identify errors, suspicious activity, access patterns, and troubleshooting events.
Backups, exports, and reports are handled with access limitations where they contain seller, advertising, or operational data.

Incident handling

If we identify unauthorized access, credential exposure, suspicious API activity, or data loss, we may suspend access, rotate credentials, review logs, notify affected parties where required, and take corrective steps. Users should immediately report suspected security issues to bobby10407@163.com.

Employee and operator responsibilities

Authorized users must use company systems only for approved Amazon marketplace operations, avoid uploading unnecessary personal data, protect downloaded reports, and follow marketplace, legal, and company requirements.