Elankai Stock Management

Security and Data Privacy Policy

Effective Date: October 2025

This policy outlines the security standards and operational procedures that **[Your Company Name]** employs to ensure the **confidentiality, integrity, and availability** of all client and customer data obtained via the TikTok Shop, Amazon, and eBay APIs.

I. Data Management and Protection

We adhere strictly to **Data Minimization**, collecting only the data necessary for real-time stock and order management.

  • Data Classification: All client and customer data (PII, API Credentials, Order Details) is classified as **Confidential** and protected by high security protocols.
  • Encryption at Rest: Sensitive PII stored in our database is protected using **AES-256 encryption** or higher.
  • Encryption in Transit: All communications with the TikTok Shop, Amazon, and eBay APIs, and between internal systems, must use **TLS v1.2** or higher.
  • Data Retention & Deletion: Client data is retained only as long as the service authorization is active. Data is **securely purged immediately** upon a client revoking API authorization.

II. Access Control and Authentication

We enforce strict access policies to ensure API credentials and sensitive data are protected.

  • Least Privilege: Access to API credentials and production data is strictly limited based on the **"Need-to-Know"** principle.
  • Multi-Factor Authentication (MFA): **MFA is mandatory** for all access to our production environments, databases, and systems holding client API credentials.
  • Password Policy: Strong password standards (minimum 12 characters, complex mix) are enforced for all personnel.

III. System and Incident Management

  • **Network Security & Segregation:** Network environments (Development, Staging, Production) are **logically segregated** to protect internal network access. We implement firewalls and security tools (such as NIDS/HIPS) to **monitor and prevent external threats.**
  • **Endpoint Protection:** We enforce mandatory endpoint protection by installing and maintaining industry-standard anti-virus and Host Intrusion Prevention Systems (HIPS) on all company-owned devices used to access client data and API credentials.
  • **Security Baseline:** We enforce a strict security baseline for all daily operations, including: **Automatic screen lock** after short periods of inactivity; adherence to a **clear-desk policy**; and mandatory **security awareness training** for all personnel.
  • **Vulnerability & Patch Management:** All operational systems are subject to continuous vulnerability monitoring and **immediate patching** to address security risks.
  • **Incident Response:** We maintain a documented Incident Response Plan to ensure rapid detection, containment, and **timely notification** to affected clients and marketplace partners in case of a data breach.

By partnering with us and authorizing our application, clients agree to the terms outlined in this Information Security Policy.

Back to Home