Security
Security & Compliance
SkuFx is built to meet Amazon's Data Protection Policy (DPP) for Selling Partner API. Below are the technical controls we maintain.
Encryption at Rest
All Amazon seller data encrypted with AES-256-GCM. Database disks encrypted with LUKS.
Encryption in Transit
TLS 1.3 enforced on every endpoint. HSTS preload pending. Legacy SSL disabled.
Access Control
MFA required for all internal accounts (TOTP). No password-only access. Role-based permissions audited monthly.
Infrastructure Isolation
Production database not accessible from public internet. Bastion-only SSH, key-based only, no passwords.
Audit Logging
Every data access logged with user, timestamp, and IP. Logs retained 90 days minimum (1 year for admin actions).
Breach Notification
Committed under Amazon DPP to notify within 24 hours of confirmed breach.
Data retention
SP-API data (Brand Analytics reports, Pricing, FBA inventory, Orders, Finances) is retained for as long as your active subscription. Upon revocation of SP-API access or account deletion, all SP-API data is permanently deleted within 24 hours.
Vulnerability disclosure
If you discover a security vulnerability, please email security@skufx.com with details. We acknowledge within 24 hours and aim to remediate critical issues within 7 days.