Security Practices
ecomex (operated by Milanbhai Maheshbhai Jethva) implements technical and organizational controls to protect Amazon Information accessed through the Selling Partner API.
Encryption
We encrypt all Amazon Information in transit using TLS and store it in an encrypted database. All SP-API calls are made over HTTPS.
Access control
Access to Amazon Information is restricted by job function on a least-privilege basis. Only authorized personnel can access production data and credentials. Each customer's data is logically isolated; customers can access only their own data.
Credential management
API credentials, encryption keys, and secret keys are stored in environment-based secret storage. We do not hardcode credentials into application code, store them in public repositories, or share them.
Network security
Our infrastructure uses firewalls and network segmentation provided by our cloud hosting environment, separating the application and database layers. Devices used to operate the Service run anti-malware protection.
Authentication
We enforce strong authentication on accounts that access Amazon Information, including a minimum 12-character password with special characters, multi-factor authentication (MFA), and periodic credential rotation.
Incident response
We maintain an incident response plan with defined roles and responsibilities, reviewed at least every six months. We report security incidents involving Amazon Information to Amazon at security@amazon.com within 24 hours of detection.
Vulnerability management
We keep systems and dependencies updated and apply security patches promptly.
Contact
Security questions: milanjethva@gmail.com