Legal version v1 · Last updated: July 13, 2026
Security Practices
AtlasCore Marketplace Hub is designed to protect seller accounts, OAuth credentials, and synced data across Etsy, Amazon, Shopify, eBay, Walmart, TikTok Shop, Facebook Marketplace, Instagram Shopping, Pinterest Shopping, Faire, WooCommerce, Squarespace Commerce, BigCommerce, custom and third-party marketplace integrations. This page summarizes our security controls and incident response approach.
1. Encryption
- All web traffic uses TLS 1.2+ (HTTPS) in production
- Sensitive credentials and OAuth tokens are encrypted at rest using industry-standard algorithms
- Database and backup storage use encrypted volumes where supported by our cloud provider
- Passwords are hashed; we never store plaintext passwords
2. OAuth & Token Handling
Marketplace connections use official OAuth 2.0 (or platform-equivalent) authorization flows. Access and refresh tokens are stored in protected storage, scoped to the minimum permissions required for requested features, and used only to perform actions you initiate in the dashboard.
OAuth tokens can be revoked at any time by disconnecting the marketplace in AtlasCore or revoking AtlasCore's access in the marketplace's app permissions settings. Revocation stops new API calls immediately.
3. Access Controls
- Role-based access for organization and team features where enabled
- Session management with automatic timeout for inactive browser sessions
- Administrative access restricted to authorized personnel on a need-to-know basis
- API rate limiting and abuse detection on sensitive endpoints
4. Seller Data Protection
We segregate tenant data in multi-tenant deployments, log access to sensitive operations, and apply least-privilege principles for internal tools. Marketplace data is never sold or used for unrelated advertising profiles.
5. Monitoring & Testing
- Continuous monitoring for anomalous authentication and API usage patterns
- Regular dependency updates and vulnerability patching
- Periodic review of OAuth scopes and third-party integration surfaces
6. Breach Notification
If we confirm a security incident that compromises your personal data, we will investigate promptly, mitigate ongoing risk, and notify affected users and regulators as required by applicable law. Report suspected vulnerabilities or unauthorized access to security@atlascore-market.com.
7. Your Responsibilities
- Use strong, unique passwords and enable two-factor authentication when available
- Do not share AtlasCore or marketplace credentials
- Review connected apps periodically in each marketplace's security settings
- Disconnect unused marketplace integrations promptly
8. Related Policies
See Privacy Policy, Data & Retention, and Disconnect Marketplace.