Amazon and Noon. One Intelligent Seller Workspace.Explore D3 Seller
Security at D3 Seller

Protect the Marketplace Connection, the Tenant Boundary and the Financial Record

D3 Seller applies practical controls in the product architecture without claiming certifications or audit statuses that have not been verified.

Encrypted commerce network connecting warehouses and marketplace operations
Implemented controls

Security Is Enforced at the Places That Carry Risk

These statements reflect the current application architecture and codebase.

01

Encryption in transit

Production traffic is served over HTTPS so data moving between the browser, application and external services is encrypted in transit.

02

Sensitive secrets at rest

Amazon and Noon connector credentials and tokens are encrypted before database storage and are not returned to the user interface.

03

Role-based access

Signed sessions identify the panel, user, role and tenant. Client roles are checked against operations, finance and administration areas.

04

Tenant isolation

Protected client routes resolve tenant context from the authenticated session, and tenant-scoped records require that context.

05

Managed secrets

Session keys, connector encryption keys, marketplace credentials and email keys are supplied through runtime environment variables, not source code.

06

Audit logging

The data model records tenant and platform actions for access, connectors, inventory, costing, purchasing, exports and owner operations.

07

Session protection

Session cookies are signed, HTTP-only, same-site and secure in production, with panel separation between client and SaaS owner controls.

08

Connection boundaries

Support and owner connector views expose status and job metadata without displaying decrypted marketplace credentials.

Operational practices

How D3 Seller Handles Reports, PII and Retention

01

Incident response

Security reports are triaged, access or connector credentials can be revoked, and affected services can be paused while an issue is investigated.

02

Vulnerability management

Dependencies, application changes and exposed routes are reviewed as part of maintenance. Responsible disclosures can be sent directly to the security team.

03

PII minimization

Marketplace buyer information is limited to the operational purpose for which it is received and is not sold or used for advertising.

04

Retention and deletion

Records are kept only for account operation, financial evidence, legal obligations and security needs, then deleted or anonymized when no longer required.

Responsible disclosure

Report a Security Concern Privately

Include the affected URL or feature, a clear description, steps to reproduce and the potential impact. Do not access or alter data that does not belong to you.

security@d3seller.com
What we do not claim

No Unverified Certification Language

This page does not claim ISO 27001, SOC 2, PCI DSS or government accreditation. When an independent certification or audit is completed, the exact scope and date can be published here.

Your next clear step

Security Questions Before You Connect?

Ask for a focused review of marketplace authorization, credential storage, tenant access and role boundaries.

Start Free Book a Demo