Security FAQ
Plain-language answers to the security questions sellers ask most.
Company: EcomSarthi Business Solutions LLP ("EcomSarthi", "we", "us", "our")
Product: Ecom10x — One Dashboard. Every Marketplace. (the "Platform" or "Service")
Effective Date: [EFFECTIVE_DATE — e.g., 1 August 2026] · Version: [VERSION — e.g., 1.0] · Next Review: [NEXT_REVIEW_DATE — e.g., 1 February 2027]
Does Ecom10x ever ask for my Amazon/Flipkart/Meesho password?
No — never. Connections use each Marketplace's official authorisation method (e.g., OAuth for Amazon SP-API and the Flipkart Seller API). You approve access on the Marketplace's own screen; we receive only scoped tokens.
How are my tokens stored?
Encrypted at rest, masked in the interface (only last characters visible), excluded from logs and exports, and deleted within 24 hours when you disconnect.
Can Ecom10x change things on my seller account without me knowing?
The Platform acts only on your instructions and the automations you enable. Every action (accept, label, price change, connection, disconnection) is written to an audit log you can review.
Who at Ecom10x can see my data?
Only personnel who need access for support, security or legal compliance — under confidentiality obligations, with access logged. Your own team sees only what their role and client-assignments permit.
Is my data isolated from other companies?
Yes. Every request is scoped to your organisation. Cross-tenant access is denied by design. Benchmarks, where shown, are anonymised aggregates with a minimum number of accounts.
Is data encrypted?
Yes — TLS for all traffic in transit and encryption at rest for databases and backups.
What happens if there's a breach?
Our Incident Response Policy applies: containment, investigation, notification to affected customers within 72 hours of confirmation, and reporting to CERT-In/authorities as required by Indian law.
Do you sell my data?
No. See the Privacy Policy — we do not sell personal data, and Customer Data is used only to provide the Service.
How do I report a security issue?
Email [SECURITY_EMAIL — e.g., security@ecom10x.in]. Good-faith researchers are protected under our Vulnerability Disclosure Policy.
What should I do to keep my account safe?
Use a strong unique password, give teammates least-privilege roles, remove leavers immediately, and treat export files as confidential.