Security / Data Protection
安全与数据保护Security and Data Protection
| Tenant-level data isolation | 每个 organization、店铺、站点和授权账号在数据模型中独立隔离。Each organization, store, marketplace, and connected account is scoped independently in the data model. |
|---|---|
| Encrypted credential and token storage | 敏感凭证、refresh token 和 API key 使用加密存储,并支持撤销和轮换。Sensitive credentials, refresh tokens, and API keys are stored encrypted and can be revoked or rotated. |
| Role-based access control | 工作区访问按角色、组织和授权范围控制。Workspace access is controlled by role, organization, and authorization scope. |
| Audit logs for advertising actions | 广告建议、执行、观察和复盘动作保留审计记录。Advertising recommendations, executions, observations, and reviews are recorded in audit logs. |
| Data deletion and authorization revocation process | 卖家可请求断开账号、撤销授权和删除存储的业务数据。Sellers can request account disconnection, authorization revocation, and deletion of stored business data. |
| No public exposure of seller advertising data | 公开页面不会展示任何卖家广告数据、token 或 secret。Public pages do not expose seller advertising data, tokens, or secrets. |