Trust

Security &
data handling.

MarketMonster operates on Amazon Selling Partner data under the authorization you grant us. This page describes how we protect that authorization, the data we retrieve under it, and how we respond when something goes wrong.

Last reviewed: May 11, 2026

SP-API credentials

Refresh tokens and access tokens issued by Amazon are stored in our application database and read only by the MarketMonster service role. Access tokens are refreshed on demand and never logged. We never display SP-API tokens in the application UI and never share them with any party other than Amazon itself.

Encryption in transit

Every connection to MarketMonster.co — browser to application, application to database, application to SP-API, application to Stripe, application to Clerk — is encrypted with TLS 1.2 or higher. We do not accept plaintext HTTP for any API surface.

Data isolation

Every record in our database is scoped to an Organization identifier. Application queries filter by the authenticated user’s organization before any data leaves the database, and roles and permissions are enforced server-side on every request. Members of one organization cannot read or write data belonging to another organization.

Authentication & access control

Authentication is handled by Clerk and supports Google OAuth as the primary identity provider. Inside the application, role and permission boundaries are enforced server-side on every protected route — never trusted from the client. Administrators can scope team members to least-privilege roles using built-in templates (Picker, Packer, Bookkeeper, Inventory Manager, Read-only) or custom roles on supported tiers.

Risk assessment & incident response

We maintain a written incident response procedure covering detection, triage, containment, investigation, notification, remediation, and post-incident review. Application-layer events (orchestration failures, permission and role changes, audit events) are recorded to our database and reviewed regularly. Infrastructure-layer events are surfaced from our hosting providers. On a confirmed incident affecting Amazon Selling Partner data or SP-API credentials, we notify Amazon at security@amazon.com within 24 hours and affected organization administrators within 72 hours.

Audit logging

Permission grants, role changes, and significant administrative actions inside an organization are recorded to an immutable audit log readable by organization administrators in Settings → Members. The audit log is the system of record for who-did-what inside your organization.

SP-API scope of access

When you connect your Amazon Seller account, the SP-API authorization screen presents the specific roles MarketMonster has requested. You can review and revoke that authorization at any time from Seller Central under Apps & Services → Manage Your Apps. Revoking authorization immediately invalidates any tokens MarketMonster holds for your account, after which we are unable to make further SP-API calls on your behalf.

We request only the SP-API roles required to operate the features you use. We do not request roles that grant access to Amazon Buyer Personally Identifiable Information (PII), and we do not retrieve, store, or display buyer PII.

Data retention & deletion

When you disconnect your Amazon account, close your MarketMonster account, or request deletion, we delete the associated SP-API tokens within 24 hours and the associated cached SP-API data within 30 days. Operational logs that reference your organization identifier may be retained for up to 90 days for incident response and abuse prevention, after which they are deleted or anonymized. Billing records are retained for the period required by applicable tax and accounting law.

Subprocessors

We rely on a small set of subprocessors to operate the service: Clerk (authentication), Stripe (payments), Supabase (database and realtime), and Netlify (web hosting). Each subprocessor is bound by its own data processing agreement. If we add or change a subprocessor that handles your data, we will update the list here and notify active organization administrators.

Incident response plan

Our incident response plan covers the full lifecycle of a confirmed security event affecting Amazon Selling Partner data, SP-API credentials, or infrastructure handling Amazon-derived data.

  1. Detection. Application errors, orchestration failures, authentication anomalies, and permission/role changes are logged to centralized application stores and an immutable audit log. Infrastructure-layer events from Netlify, Supabase, and Clerk are surfaced via their respective alerting channels.
  2. Triage and scoping. On detection of a credible incident, the responder confirms whether Amazon Selling Partner data, SP-API credentials, or buyer-adjacent fields are in scope, identifies the affected organizations, and classifies severity.
  3. Containment. Compromised SP-API access and refresh tokens are revoked immediately. Suspected credential exposure triggers rotation across affected subprocessors. Access to affected systems is restricted to the incident responder until containment is confirmed.
  4. Investigation. The responder reviews application logs, audit events, subprocessor logs, and infrastructure history to establish root cause, extent of access, and data potentially exposed.
  5. Notification. Amazon is notified at security@amazon.com within 24 hours of confirming an incident involving Amazon data or credentials. Affected organization administrators are notified within 72 hours with a description of what was affected and any required action. Regulators are notified where required by applicable law.
  6. Remediation. Underlying vulnerabilities are patched. Credentials, secrets, and access tokens for affected systems are rotated. Restored systems are re-verified against application invariants — organization-scoped queries, role and permission enforcement — before traffic is restored.
  7. Post-incident review. A written summary of the incident, root cause, response timeline, and corrective actions is produced within 14 days of resolution. Process gaps surfaced by the review are tracked to closure.

Notification of organizational changes

MarketMonster commits to notifying Amazon of material organizational changes — including changes of ownership, business contact, registered business address, or security-relevant infrastructure — within 30 days, in accordance with Amazon's Developer Profile requirements. Notification is sent through the channel designated by Amazon at the time of registration (Solution Provider Portal case or the contact address on file).

Reporting a vulnerability

If you believe you have found a security vulnerability in MarketMonster, please report it to security@marketmonster.co with a description of the issue and reproduction steps. We will acknowledge the report within two business days, work with you to confirm the issue, and credit you publicly if you would like. Please do not publicly disclose the issue until we have had a reasonable opportunity to address it.