Sicherheit
Zuletzt aktualisiert: April 29, 2026
Hosting
MarginLock runs on Amazon Web Services (us-east-1). The marketing site is served from Vercel's global edge network. All production infrastructure is configured via code (Terraform / CDK) and reviewed in pull requests before applying.
Encryption
- In transit: TLS 1.2+ for all connections (browser ↔ web, web ↔ API, API ↔ database, API ↔ third-party services).
- At rest: AES-256 encryption for the application database and object storage. Backups are encrypted with the same key class.
Authentication
We use magic-link authentication backed by short-lived, hashed tokens. Sessions are HTTP-only, secure cookies. We do not store passwords.
Amazon SP-API permissions
We request the minimum SP-API roles required for the features you use. Inventory operations are read-only by default; write operations (e.g., creating fulfillment shipments) only run when you explicitly initiate them. Tokens are stored encrypted and never sent to client browsers.
Data retention
We retain customer Amazon data for as long as your account is active. On account deletion, customer data is purged within 30 days. Aggregated, non-identifying analytics are retained indefinitely.
Incident response
If you believe you've found a security issue, email security@marginlock.io. We acknowledge reports within one business day and follow a coordinated disclosure process.
Subprocessors
For the list of third-party services that may process customer data on our behalf, see our subprocessor list.