Back to Home
Enterprise-Grade Security & Compliance

Security & Data Protection

At WorkerHub, security isn't an afterthought—it's the foundation of everything we build. Learn how we protect your Amazon seller data with enterprise-grade security measures, end-to-end encryption, and strict compliance standards.

Last updated: October 2025
SOC 2 Type II Certified

Table of Contents

1. Data Encryption2. Amazon Integration Security3. Data Storage & Infrastructure4. Access Control & Authentication5. Regulatory Compliance6. Security Monitoring7. Incident Response8. Data Usage & Privacy9. Third-Party Audits10. Security Team & Training

1. End-to-End Encryption

Military-grade encryption at every layer

Encryption in Transit

All data transmitted between your browser and our servers is protected using the latest encryption protocols:

  • TLS 1.3 Protocol: The most secure version of Transport Layer Security, ensuring all connections are encrypted with perfect forward secrecy.
  • HSTS (HTTP Strict Transport Security): Enforced to prevent downgrade attacks and ensure all communications use HTTPS.
  • 256-bit SSL Certificates: Industry-standard encryption strength validated by trusted certificate authorities.
  • Certificate Pinning: Prevents man-in-the-middle attacks by validating server certificates against known good copies.

Encryption at Rest

All stored data is encrypted using military-grade encryption algorithms:

  • AES-256 Encryption: All database records are encrypted using Advanced Encryption Standard with 256-bit keys, the same standard used by governments worldwide.
  • Encrypted Amazon Access Tokens: Your Amazon SP-API tokens are encrypted with unique per-user encryption keys derived from secure key management systems.
  • Key Rotation: Encryption keys are automatically rotated every 90 days to minimize exposure in case of a breach.
  • Encrypted Backups: All backup files are encrypted before storage and remain encrypted during transfer and at rest.

Application-Level Encryption

  • Field-Level Encryption: Sensitive fields like passwords and API keys are encrypted at the application level before being stored in the database.
  • Bcrypt Password Hashing: User passwords are never stored in plain text. We use bcrypt with high work factors to make brute-force attacks computationally infeasible.

2. Secure Amazon SP-API Integration

Compliant with Amazon's security requirements

OAuth 2.0 Authorization

We follow Amazon's strict OAuth 2.0 implementation guidelines:

  • Amazon-Hosted Login: You always log in directly through Amazon's secure portal. We never handle your Amazon credentials.
  • Secure Authorization Flow: Uses PKCE (Proof Key for Code Exchange) to prevent authorization code interception attacks.
  • State Parameter Validation: Cryptographically secure random state parameters prevent CSRF attacks during OAuth flow.

Minimal Permission Principle

We only request the minimum API permissions necessary:

Requested SP-API Scopes:
  • sellingpartnerapi::listings- Read and optimize product listings
  • sellingpartnerapi::reports- Access sales and performance data
  • sellingpartnerapi::finances- Not requested (no financial access needed)
  • sellingpartnerapi::orders- Not requested (no order modification)

We only access the data absolutely necessary to provide our services. No financial data, no customer PII, no order modifications.

Token Security & Management

  • Encrypted Token Storage: Access and refresh tokens are encrypted with unique per-user keys before database storage.
  • Automatic Token Refresh: Refresh tokens are used to maintain secure access without requiring repeated authorization.
  • User-Controlled Revocation: You can disconnect your Amazon account at any time from your dashboard, immediately invalidating all tokens.
  • Token Expiration Handling: Expired tokens are immediately deleted from our systems and cannot be reused.

API Request Security

  • Rate Limiting: Automatic throttling prevents API abuse and stays within Amazon's usage limits.
  • Request Signing: All API requests are cryptographically signed using AWS Signature Version 4.
  • Error Handling: Failed requests are logged securely without exposing sensitive data in error messages.

3. Secure Data Storage & Infrastructure

Enterprise-grade cloud infrastructure

Database Security

  • PostgreSQL with SOC 2 Compliance: Hosted on Supabase infrastructure with automatic security patches and compliance certifications.
  • Row-Level Security (RLS): Database policies ensure users can only access their own data, enforced at the database layer.
  • Automated Backups: Point-in-time recovery with 30-day retention. Backups are encrypted and stored in geographically diverse locations.
  • Geographic Redundancy: Data is replicated across multiple availability zones to ensure 99.99% uptime and disaster recovery.
  • SQL Injection Prevention: All database queries use parameterized statements to prevent injection attacks.

Infrastructure Security

  • Vercel Edge Network: Application hosted on Vercel's global edge network with automatic DDoS protection and SSL/TLS termination.
  • Isolated Runtime Environments: Each function execution runs in an isolated sandbox environment.
  • Network Security Groups: Firewall rules restrict access to databases and internal services to only authorized IPs.
  • Infrastructure as Code (IaC): All infrastructure configurations are version-controlled and audited for security vulnerabilities.

4. Access Control & Authentication

Multi-layered authentication and authorization

We implement multiple layers of security to protect your account:

  • Multi-Factor Authentication (MFA): Optional 2FA using authenticator apps for an extra layer of account protection.
  • Session Management: Secure session tokens with automatic expiration and refresh mechanisms.
  • Role-Based Access Control (RBAC): Team members have granular permissions based on their roles and responsibilities.
  • Password Requirements: Minimum 8 characters with complexity requirements enforced at registration.
  • Account Activity Monitoring: Suspicious login attempts trigger alerts and optional account lockdowns.

5. Regulatory Compliance

GDPR, SOC 2, and international standards

GDPR Compliance

Full compliance with the EU General Data Protection Regulation:

  • Right to Access: Request a complete copy of all personal data we hold about you.
  • Right to Deletion ("Right to be Forgotten"): Request permanent deletion of your data within 30 days.
  • Right to Portability: Export your data in machine-readable formats (JSON, CSV).
  • Right to Rectification: Update incorrect or incomplete personal information at any time.
  • Data Processing Agreements: Compliant DPAs with all sub-processors as required by GDPR Article 28.
  • Privacy by Design: Data protection integrated into all development processes from the start.

Data Retention & Deletion

  • Automatic Deletion Schedules: Inactive accounts and old data automatically deleted after defined retention periods.
  • Secure Data Destruction: Deleted data is cryptographically wiped and cannot be recovered.

6. 24/7 Security Monitoring

Real-time threat detection and response

Our systems are continuously monitored for security threats:

  • Intrusion Detection Systems (IDS): Automated monitoring for suspicious activities and attack patterns.
  • Application Performance Monitoring: Real-time tracking of system health and anomalous behavior.
  • Centralized Log Management: All security events logged and analyzed for threat intelligence.
  • Automated Alerts: Security team immediately notified of potential threats.

7. Incident Response Plan

Prepared for security events

We maintain a comprehensive incident response plan:

  • Rapid Detection & Containment: Security incidents detected and isolated within minutes.
  • User Notification: Affected users promptly notified in compliance with regulations.
  • Post-Incident Analysis: Thorough review to prevent future occurrences.
  • Regulatory Reporting: Compliance with breach notification requirements (GDPR, etc.).

8. Data Usage & Privacy

Complete transparency about your data

What We Do With Your Data

Optimize Product Listings: Use AI to improve titles, bullet points, and descriptions for better visibility.
Manage PPC Campaigns: Analyze campaign performance and suggest bid optimizations.
Generate Analytics: Provide real-time dashboards and performance insights.
AI-Powered Recommendations: Deliver personalized suggestions to grow your business.

What We NEVER Do

We NEVER Sell Your DataYour data is yours. We will never sell, rent, or trade your information to third parties under any circumstances.
We NEVER Share With CompetitorsYour business intelligence stays confidential. We never aggregate or share data with other sellers or competitors.
We NEVER Use Data for AdvertisingWe don't build advertising profiles or use your data for marketing purposes beyond our own service.
We NEVER Train AI on Your Data Without PermissionYour business data is not used to train AI models that benefit other users.

9. Independent Security Audits

External validation of our security practices

Regular third-party assessments ensure our security measures meet industry standards:

  • Annual Penetration Testing: Independent security researchers attempt to find vulnerabilities in our systems.
  • SOC 2 Type II Audits: Regular audits by certified public accountants verify our security controls.
  • Vulnerability Scanning: Continuous automated scanning for known security weaknesses.
  • Bug Bounty Program: Security researchers rewarded for responsibly disclosing vulnerabilities.

10. Security Team & Training

Dedicated security professionals

Our security culture starts with our team:

  • Dedicated Security Engineers: Full-time security professionals monitoring and improving our defenses.
  • Security Training for All Staff: Regular training on security best practices, phishing awareness, and incident response.
  • Secure Development Lifecycle: Security reviews required for all code changes before deployment.
  • Background Checks: All team members with data access undergo thorough background screening.

Questions About Security?

Our security team is here to answer any questions about how we protect your data. We're committed to transparency and are happy to provide additional information about our security practices.

Contact Security TeamRead Privacy PolicyView Terms of Service

Security Certifications & Compliance

256-bit SSL
Bank-Level Encryption
GDPR Compliant
EU Data Protection
SOC 2 Type II
Audited Security
Amazon Approved
SP-API Certified

WorkerHub - SR LOGISTICS

Brussels, Belgium

For security inquiries: security@workerhub.app