Infrastructure

Sellertics runs entirely on Amazon Web Services (AWS) infrastructure across two regions: EU-West (Frankfurt) and AP-South (Mumbai). We use auto-scaling, multi-AZ deployments, and automated failover to ensure 99.9% uptime.

Data Encryption

• At Rest: All database data encrypted with AES-256 using AWS KMS-managed keys
• In Transit: All connections use TLS 1.3. We enforce HTTPS everywhere and apply HSTS headers.
• Marketplace Credentials: OAuth tokens stored encrypted with per-customer key derivation. We never store marketplace passwords.

Access Controls

Customer data is isolated at the database level. Engineers have zero standing access to production systems — all access requires approval, MFA, and is fully logged. We conduct quarterly access reviews and follow the principle of least privilege throughout.

Compliance

• SOC 2 Type II — Audited annually by an independent third-party auditor
• GDPR Compliant — Full DPA available for EU customers
• India PDPB — Aligned with India's Personal Data Protection Bill requirements

Vulnerability Management

We conduct quarterly penetration tests with an external security firm, run automated dependency scanning on every code deployment, and maintain a responsible disclosure program for security researchers.

Incident Response

We maintain a documented incident response plan. In the event of a data breach affecting customer data, we notify affected customers within 72 hours as required by GDPR.

Report a Vulnerability

If you discover a security vulnerability, please report it responsibly to security@sellertics.com. We investigate all reports and respond within 2 business days. We do not pursue legal action against good-faith researchers.