Security & Trust

Your PPC data is sensitive. Here's exactly how we protect it.

🚫 We NEVER access your Amazon account. Ever.

You upload a CSV. We analyze it. Your Amazon credentials never leave your device.

🔒

Data Encryption

  • All data encrypted at rest using AES-256 — the same standard used by banks and governments
  • All data in transit encrypted with TLS 1.3
  • Uploaded CSV files processed in memory and not stored permanently
  • Database hosted on Supabase with SOC 2 Type II certified infrastructure
🛡️

Access Control

  • We use Supabase Row Level Security — you can only see YOUR data
  • Passwords hashed with bcrypt — we never store your password in plain text
  • Session tokens use industry-standard JWT with short expiry
  • Brute-force protection on all login endpoints
  • CSRF protection on all forms

Compliance

  • GDPR Compliant — EU data protection regulations fully observed
  • CCPA Compliant — California privacy rights respected
  • We never sell your data to third parties — your data is for running your analysis only
  • Data deletion requests honored within 48 hours
  • Infrastructure hosted in EU/US regions with data residency controls
🚫

What We DON'T Do

  • We do NOT access your Amazon Seller Central account
  • We do NOT store your Amazon login credentials
  • We do NOT make any changes to your campaigns
  • We do NOT share your data with competitors or advertisers
  • We do NOT use your data to train AI models without consent
🖥️

Infrastructure

  • Hosted on Webdock VPS + Supabase (SOC 2 certified)
  • SSL/TLS certificate issued by Let's Encrypt
  • Automatic daily database backups
  • Error monitoring via Sentry
  • Rate limiting and DDoS protection
  • Security audit log for all administrative actions
🔒

AES-256

Encryption at Rest

GDPR

Compliant

🔐

TLS 1.3

Encryption in Transit

🏛️

SOC 2

Infrastructure

Found a Security Issue?

We take security reports seriously. Please contact us directly and we'll respond within 24 hours.

Report Security Issue →

Responsible disclosure — we will not pursue legal action against good-faith security researchers.