Enterprise Security Overview
A due-diligence summary for enterprise and agency evaluators.
Company: EcomSarthi Business Solutions LLP ("EcomSarthi", "we", "us", "our")
Product: Ecom10x — One Dashboard. Every Marketplace. (the "Platform" or "Service")
Effective Date: [EFFECTIVE_DATE — e.g., 1 August 2026] · Version: [VERSION — e.g., 1.0] · Next Review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]
1. Company & Product
EcomSarthi Business Solutions LLP (LLPIN: [LLP_IDENTIFICATION_NUMBER]), India. Product: Ecom10x — multi-marketplace management SaaS for Amazon, Flipkart, Meesho and future marketplaces. Multi-tenant architecture with organisation-scoped isolation; agency mode supports per-client access scoping for restricted roles.
2. Data Flow Summary
- Customer connects a Marketplace via its official OAuth/authorisation flow or uploads official seller-panel report files. No passwords are collected.
- Scoped tokens are stored encrypted; data (orders, inventory, listings, shipments, returns, settlements) is ingested via official APIs/files.
- Data is processed for dashboards, synchronisation, analytics, reconciliation and automation configured by the Customer.
- Exports are Customer-initiated. Disconnection deletes tokens within 24 hours; deletion lifecycle per the Data Deletion and Data Retention Policies.
3. Control Summary
| Domain | Controls |
|---|---|
| Encryption | TLS in transit; encryption at rest; encrypted backups |
| Secrets | Encrypted token storage; masking; no tokens in logs/exports; 24h deletion on disconnect |
| Identity & access | RBAC (5 roles), per-client scoping, least privilege, login throttling, session timeout |
| Tenant isolation | Org-scoped queries enforced in application layer; cross-tenant denial by design |
| Auditability | Audit logs for security-relevant and destructive actions; 12-month retention |
| AppSec | Input validation, CSRF protection, rate limiting, periodic dependency updates |
| Monitoring | Availability and anomaly monitoring; fraud-detection heuristics |
| Resilience | Daily encrypted backups, ≤90-day rotation; RPO ≤24h, RTO ≤24h targets; restore testing |
| Incident response | Documented lifecycle; customer notification ≤72h; CERT-In reporting per directions |
| Privacy | DPDP-aligned Privacy Policy, DPA, consent records, data-principal rights handling |
| Vendor management | Named subprocessors, contractual security/confidentiality flow-downs, change notice |
4. Compliance Position
Aligned to the Information Technology Act, 2000 (including reasonable security practices), the DPDP Act, 2023, CERT-In directions, and Marketplace developer policies (Amazon SP-API Data Protection requirements; Flipkart Seller API terms). No third-party certifications are claimed at this time; see the Compliance Statement for the current position and roadmap.
5. Enterprise Options
For enterprise agreements we can discuss: custom DPA execution, security questionnaires, audit support per the DPA, agreed SLAs with credits, and region/retention preferences where technically supported. Contact [LEGAL_EMAIL — e.g., legal@ecom10x.in].
Governing Law & Dispute Resolution
This document is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, without regard to conflict-of-law principles.
Any dispute arising out of or in connection with this document shall first be attempted to be resolved amicably through good-faith negotiation within thirty (30) days of written notice. Failing amicable resolution, the dispute shall be referred to arbitration by a sole arbitrator appointed in accordance with the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be [JURISDICTION_CITY — e.g., New Delhi], India, and proceedings shall be conducted in English. Subject to the foregoing, the courts at [JURISDICTION_CITY — e.g., New Delhi], India shall have exclusive jurisdiction.
Contact
EcomSarthi Business Solutions LLP
[REGISTERED_OFFICE_ADDRESS OF ECOMSARTHI BUSINESS SOLUTIONS LLP]
Support: [SUPPORT_EMAIL — e.g., support@ecom10x.in] · Legal: [LEGAL_EMAIL — e.g., legal@ecom10x.in] · Phone: [SUPPORT_PHONE_NUMBER]