Security
Security and data protection practices.
SellerPilot is designed around seller and vendor authorization, protected credentials, restricted operational access, and account-reviewed recommendations.
HTTPS and TLS
SellerPilot runs over HTTPS/TLS in production so browser-to-server and server-to-server communication is encrypted in transit.
Protected credentials
Sensitive credentials are stored server-side and are not exposed in browser-facing code.
Restricted support access
Operational access is limited to approved personnel using least-privilege permissions for support, security review, and account operations.
Stored-data protection
SellerPilot stores operational data with access controls, permission boundaries, and separated production credentials.
No selling or sharing account data
SellerPilot does not sell seller data, vendor data, or Amazon Information. Authorized data is used to provide analytics, reports, and recommendations to the connected account owner.
Revocation and control
Sellers and vendors can revoke application authorization through Amazon account authorization controls. SellerPilot does not require Amazon Seller Central or Vendor Central passwords.
Incident response
Security incidents involving Amazon Information are reviewed, contained, and reported according to the applicable Amazon data protection obligations.
Monitoring and audit trail
SellerPilot avoids logging sensitive secrets and uses operational logs to investigate errors, authorization issues, and security events.
Least-privilege data use
SellerPilot requests only the SP-API roles needed for account-facing catalog, listing, inventory, pricing, order, finance, report, and Brand Analytics workflows.
Deletion support
Account owners can request deletion of stored SellerPilot account data and Amazon Information by contacting hello@getsellerpilot.com.