Security overview

Security and Data Protection

AZBoss is being designed to protect seller-authorized business data through scoped access, tenant isolation, encrypted credentials, and accountable operations.

Authorization model

Sellers authorize access through Amazon-managed authorization flows. AZBoss does not request or store seller Amazon usernames, passwords, or secret keys.

Data minimization

The application requests only the permissions required for advertising analytics, profit analysis, search-term diagnostics, and seller-owned reporting. Buyer personal information is not required for the first release.

Credential protection

API tokens and sensitive credentials are intended to be encrypted at rest, restricted by least-privilege access, and revocable when sellers disconnect their accounts.

Access control

Organization-level permissions limit user access by workspace, role, marketplace, and connected account. Administrative access is restricted to authorized personnel with operational need.

Monitoring and response

Production systems are intended to maintain audit logs, operational alerts, backup procedures, and incident response processes for security and reliability events.

Data deletion

Sellers may request account disconnection and deletion of stored business data by contacting hongzhetech@126.com. Company address: 浙江省杭州市上城区地铁东城1单元726室。