← Trust Center & Legal
API & Integrations

OAuth Permission Policy

The scopes we request, why, and the least-privilege rules we follow.

Company: EcomSarthi Business Solutions LLP ("EcomSarthi", "we", "us", "our")
Product: Ecom10x — One Dashboard. Every Marketplace. (the "Platform" or "Service")
Effective Date: [EFFECTIVE_DATE — e.g., 1 August 2026] · Version: [VERSION — e.g., 1.0] · Next Review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]

1. Least-Privilege Scoping

We request the minimum permissions required for the features you use — nothing more. Scope requests map to features as follows:

CapabilityWhy Ecom10x Requests It
Orders (read)Unified order dashboard, SLA tracking, analytics
Orders (write/acknowledge, where supported)Accept/confirm, ready-to-dispatch, cancellation on your instruction
Inventory & listings (read/write)Stock sync, listing health, price updates you initiate
Shipping/labels (where supported)Label generation and manifest workflows
Returns (read)Return management and returns intelligence
Reports/settlements (read)Settlement reconciliation, true P&L, GST registers

If a future feature needs a new scope, we request it separately with an explanation, and only when you enable that feature (see User Consent Policy).

2. Consent on the Marketplace's Screen

Authorisation always happens on the Marketplace's own domain and consent UI (e.g., Login with Amazon for SP-API). You can review the scopes there before approving. We never collect marketplace passwords and never simulate the consent screen.

3. Token Custody

Granted tokens are handled per the API Authentication Policy: encrypted, masked, unlogged, unexported, organisation-isolated, and deleted within 24 hours of disconnect or revocation.

4. Scope Reduction & Review

Where a Marketplace supports narrowing scopes, disabling a Ecom10x feature releases the related scope at the next authorisation refresh. We review requested scopes at least annually (next review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]) to remove any no-longer-needed permissions.

5. Revocation

You may revoke at any time from Ecom10x (disconnect) or from the Marketplace console; both paths end our access. Detected revocations stop syncs immediately.

6. Prohibited Practices — Our Own Rules

We will not: ask for broader scopes than features require; use tokens for any purpose other than serving the owning organisation; or retain tokens after disconnection beyond the deletion window.

Governing Law & Dispute Resolution

This document is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, without regard to conflict-of-law principles.

Any dispute arising out of or in connection with this document shall first be attempted to be resolved amicably through good-faith negotiation within thirty (30) days of written notice. Failing amicable resolution, the dispute shall be referred to arbitration by a sole arbitrator appointed in accordance with the Arbitration and Conciliation Act, 1996. The seat and venue of arbitration shall be [JURISDICTION_CITY — e.g., New Delhi], India, and proceedings shall be conducted in English. Subject to the foregoing, the courts at [JURISDICTION_CITY — e.g., New Delhi], India shall have exclusive jurisdiction.

Contact

EcomSarthi Business Solutions LLP
[REGISTERED_OFFICE_ADDRESS OF ECOMSARTHI BUSINESS SOLUTIONS LLP]
Support: [SUPPORT_EMAIL — e.g., support@ecom10x.in] · Legal: [LEGAL_EMAIL — e.g., legal@ecom10x.in] · Phone: [SUPPORT_PHONE_NUMBER]