Security & Data Protection

SellerGuard AI is built with layered security controls to protect seller data and comply with Amazon SP-API Data Protection requirements.

Amazon SP-API Compliance

SellerGuard AI maintains the following controls required by the Amazon Selling Partner API Data Protection Policy:

  • Formal Incident Response Plan with 6-month review cycle
  • Security incidents reported to Amazon within 24 hours of detection
  • Active firewall (UFW) with default-deny inbound policy
  • Intrusion detection and brute-force prevention (fail2ban)
  • Weekly anti-malware scanning (ClamAV)
  • Network segmentation — application services not publicly exposed
  • 12-character minimum passwords with special characters required
  • MFA required on all administrator accounts
  • Annual credential rotation policy enforced

Infrastructure Security

  • All traffic encrypted via TLS 1.2+ (HTTPS enforced, HTTP redirects)
  • Application server not directly accessible — Nginx reverse proxy only
  • SSH key-based authentication; root password login disabled
  • Automated security log monitoring and alerting

Data Handling

  • No Amazon credentials or passwords are ever collected or stored
  • Sellers manually provide metrics or upload CSV exports — no account access
  • SellerGuard AI is a read-only reporting tool — no account actions taken
  • Data minimization: only information needed to generate risk reports is used

Contact

Security questions, vulnerability reports, or data inquiries:

support@sellerguardai.com

Operated by Mados Ventures Holding Co. LLC d/b/a SellerGuard AI