SECURITY & PRIVACY
Your data stays yours.
OAuth 2.0 — No password access
We never see your Amazon password. You authorize via Amazon's official OAuth flow — Amazon issues a scoped token directly to TrackIQ.
Token auto-renews for 12 months
Revoke access anytime from Seller Central
We cannot modify your listings or account settings
Data encryption in transit and at rest
All communication between you, TrackIQ, and Amazon is encrypted with TLS 1.3. Data at rest is encrypted with AES-256.
TLS 1.3 for all API calls
AES-256 for stored data
Keys managed via AWS KMS
No training on your data
Your Amazon data is never used to train AI models. We don't share it, sell it, or feed it into anyone's LLM.
Your data is yours — period
No cross-customer aggregation
Delete anytime from account settings
Short-lived caching
We cache API responses for performance and rate-limiting. Caches expire within 24 hours.
24-hour max cache lifetime
Cached data encrypted at rest
Cache cleared on token revocation
Write actions require confirmation
All write actions (bid changes, budget moves, negative keywords) require explicit confirmation in your AI assistant before execution.
No auto-execution of write tools
Audit log maintained for 24 months
Rollback support for most actions
Role-based access control
For agencies: assign read-only or full-access roles per user. Admins can revoke access instantly.
Per-user permission levels
Activity logs per account
Instant revocation
SOC 2 Type II
Amazon Verified
GDPR Compliant
CCPA Compliant
FREQUENTLY ASKED QUESTIONS
Security FAQ
What data does TrackIQ access?
Can TrackIQ change my product listings or prices?
How long do you store my data?
Do you train AI models on my Amazon data?
What happens if I revoke access?
Is TrackIQ PCI compliant?
We don't handle payment card data. Billing is via Stripe (PCI DSS Level 1). We never see your card number.
Where is my data stored?
How do I report a security issue?
