M
MerchantLedgerSettlement Automation

Security & Data Practices

How MerchantLedger protects your data and maintains secure operations.

Security by Design

We prioritize security at every layer of our system

MerchantLedger is built with security as a foundational principle. We understand that we're handling sensitive financial and business data, and we've implemented industry- standard security practices to protect your information.

Data Flow Overview

Here's how data flows through MerchantLedger from authorization to accounting export:

  • 1. OAuth Authorization

    You grant access via Amazon Seller Central OAuth. We receive an authorization code (not your password).

  • 2. Token Exchange & Storage

    We exchange the authorization code for access tokens. Tokens are encrypted using Fernet (AES-128-CBC) and stored in our database, never logged or exposed in error messages.

  • 3. SP-API Calls

    Our backend uses stored tokens to call Amazon SP-API endpoints for settlements and financial events.

  • 4. Processing & Categorization

    Settlement data is processed and categorized in our secure backend environment.

  • 5. Accounting Export

    Categorized entries are posted to your accounting software via OAuth or exported as files.

Key point: At no point do we see or store your Amazon Seller Central password. All access is via OAuth tokens that you can revoke at any time.

Token Handling & Authentication

OAuth tokens are handled with strict security controls:

  • Secure Storage

    Tokens are encrypted using Fernet symmetric encryption (AES-128-CBC) and stored in our PostgreSQL database. Tokens are never written to logs or error messages.

  • Automatic Rotation

    Amazon access tokens are refreshed automatically as needed using the refresh token. We do not implement refresh token rotation at this time; refresh tokens are long-lived credentials stored encrypted.

  • Least Privilege Scope

    We request only the minimum SP-API roles required: • Current: Settlements and financial events (core feature) • If enabled: Limited catalog/listing metadata for COGS mapping • Optional (future): Inventory data, only when you enable inventory features and grant permission We do not request access to messages, order fulfillment operations, customer PII, or unrelated data.

  • User-Controlled Revocation

    You can revoke our access at any time from within MerchantLedger or directly in Amazon Seller Central.

Data Storage & Encryption
  • Encryption at Rest

    All data in our database is encrypted using AES-256 encryption or equivalent. Database backups are also encrypted.

  • Encryption in Transit

    All data transmitted between your browser, our servers, and external APIs uses TLS 1.2 or higher.

  • Tenant Isolation

    Each seller's data is logically isolated using tenant-specific access controls. Multi-tenant data access is prohibited by architecture.

  • Minimal Retention

    We retain data only as long as needed to provide the service. Settlement data is deleted within 30 days of account closure.

Operational Security
  • Access Control

    Developer access to production systems is restricted, logged, and uses just-in-time access requests. No permanent unrestricted access.

  • Audit Logging

    All data access, administrative actions, and API calls are logged with timestamps and user context for security monitoring.

  • Secrets Management

    API keys, database credentials, and other secrets are stored in environment-specific secret managers, never in code.

  • Vulnerability Scanning

    Dependencies are scanned for known vulnerabilities. Critical security patches are deployed within 7 days.

  • Infrastructure as Code

    Infrastructure is provisioned via Terraform with security controls codified and reviewed.

Incident Response

We maintain an incident response plan to address security events:

  • Detection

    Continuous monitoring and alerting for suspicious activity, unauthorized access attempts, and anomalies.

  • Response Process

    Confirmed incidents are investigated, contained, and remediated following established procedures.

  • Notification

    Affected users will be notified if their data was involved in a security incident within 72 hours of confirmation.

  • Amazon Information Incidents

    Security incidents involving Amazon Information (settlement data, financial events, seller identifiers) will be reported to security@amazon.com within 24 hours of detection.

  • Post-Incident Review

    All incidents are followed by a retrospective to improve processes and prevent recurrence.

Responsible Disclosure

If you discover a security vulnerability, we encourage responsible disclosure:

  • Report Privately

    Email details to security@merchantledgerapp.com. Do not publicly disclose vulnerabilities before giving us time to respond.

  • What to Include

    Provide a description of the vulnerability, steps to reproduce, and if applicable, proof of concept.

  • Timeline

    We will acknowledge receipt within 48 hours and provide an update on remediation status within 7 days.

  • Recognition

    Responsible disclosure is appreciated. We credit researchers who follow this process (with permission).

Compliance & Standards

While we are not formally certified under specific frameworks, we design our practices in alignment with:

  • SOC 2 Trust Principles: Security, availability, and confidentiality controls
  • OWASP Guidelines: Secure coding practices and vulnerability prevention
  • NIST Cybersecurity Framework: Identify, protect, detect, respond, recover

We are pursuing formal security certifications and will update this page as we achieve them.

Security Contact

For security inquiries, vulnerability reports, or compliance questions:

Email: security@merchantledgerapp.com

We respond to security-related inquiries within 48 hours.

Security is a Journey

We continuously improve our security posture. If you have questions or suggestions about our security practices, we'd love to hear from you at security@merchantledgerapp.com.