Security & Compliance
Your data is protected by bank-grade security.
We treat your financial data with the same rigor as banks treat yours. Enterprise-grade encryption, zero-trust architecture, and compliance with global standards.
Security by the numbers
Encryption at rest
Encryption in transit
Audit in progress
Tenant isolation
Security architecture
Six layers of protection for every byte.
From the wire to the disk, from the browser to the database — your data never exists in a vulnerable state.
Encryption at Rest
AES-256 encryption for all OAuth tokens stored in our database. Industry-standard symmetric encryption with per-record IVs.
Encryption in Transit
TLS 1.3 for all connections between your browser, our API, and marketplace endpoints. No plaintext data crosses the wire.
OAuth 2.0 Only
We never store your marketplace passwords. OAuth tokens are revocable, scope-limited, and can be disconnected anytime.
Multi-Tenant Isolation
Row-level security ensures your data is never accessible to other SellerBooks customers. Every query is scoped by company ID.
Audit Logging
Every data access, API call, and configuration change is logged with timestamps and user attribution for forensic analysis.
Access Control
Role-based access (Owner, Admin, Viewer) with JWT-based authentication and optional 2FA for all accounts.
Compliance
Certifications and regulations we follow.
Global privacy standards and Indian data protection laws — we're compliant today and investing in formal certifications.
GDPR-Aligned
Right to access, rectification, erasure, and data portability. All data subject requests handled within 30 days.
DPDP Act 2023
Compliant with India's Digital Personal Data Protection Act. Data fiduciary role clearly defined.
SOC 2 Type II
Security controls audited annually. Report available under NDA for enterprise customers.
Data Residency
All data stored in India (AWS Mumbai region). No cross-border data transfer without consent.
ISO 27001
Information security management system aligned with ISO 27001 standards.
PCI DSS
Payment processing via Razorpay (PCI DSS Level 1). We never touch card data.
Data sovereignty
Your data never leaves India.
All databases, backups, and processing run in AWS Mumbai (ap-south-1). No cross-border data transfer without your explicit consent. Your financial data stays under Indian jurisdiction, governed by Indian law.
Start free — data stays in IndiaOperations & transparency
Proactive security, transparent data handling.
Security isn't a checkbox — it's a continuous practice. We invest in tooling, training, and transparency to protect your data every day.
Security Operations
Continuous scanning, testing, and monitoring — not annual checkbox exercises.
What we collect
Marketplace order data (orders, fees, returns, ad campaigns) · Product information (SKUs, titles, prices, categories) · Your business details (company name, GSTIN, email) · Aggregate usage analytics (page views, feature usage)
What we never store
Marketplace passwords (we use OAuth tokens only) · Payment card details (processed by Razorpay) · Your customers' personal information beyond what's needed for order data · Data after you delete your account (30-day grace period, then permanent deletion)
Your rights
Access all your data anytime via dashboard or API · Export your data in CSV, JSON, or PDF formats · Request complete deletion of your account and data · Opt out of analytics and marketing communications
Found a vulnerability?
Email security@sellerbooks.in. We acknowledge all reports within 24 hours and reward responsible disclosure.
Security questions?
Enterprise customers can request our Security Whitepaper, SOC 2 report (under NDA), and DPA.