Security & Privacy
SellerShorts takes security and privacy seriously. This guide explains how we protect your data, secure integrations, and what you need to know about handling buyer information.
Platform security
We implement multiple layers of security to protect your account and data:
- Secure authentication – Accounts are protected with industry-standard authentication and security practices
- HTTPS everywhere – All communication is encrypted in transit
- Webhook security – Required authentication headers for all integrations
- File security – All uploaded files are stored securely with signed URLs
- Payment security – Stripe handles all payment processing and sensitive data
Integration security requirements
When connecting your AI automations, you must follow these security practices:
HTTPS only
All webhook URLs must use HTTPS. We don't allow HTTP connections for security reasons.
Authentication headers required
You must add at least one authentication header to verify requests come from SellerShorts:
Authorization: Bearer YOUR_TOKEN – Best for OAuth/JWT tokensx-api-key: YOUR_KEY – Best for static API keysx-auth-token: YOUR_TOKEN – Alternative token header
Callback security
When sending results back to us, you must include the callback secret:
- Header:
x-callback-secret: YOUR_SECRET - We provide this secret during AI Tool setup
- This verifies the callback comes from your AI Agent automation
Data privacy
Buyer data handling
When processing orders, you may receive buyer inputs containing:
- Website URLs and business information
- Product data and inventory details
- Marketing content and customer data
- Financial information for analysis
Your responsibilities
- Use data only for the service – Process buyer inputs only to deliver the requested AI Tool results
- Don't store unnecessarily – Delete buyer data after processing unless required for service delivery
- Keep data secure – Protect any buyer data you process or temporarily store
- Don't share – Never share buyer data with third parties without explicit consent
API key management
Best practices for managing your integration credentials:
- Use environment variables – Store API keys securely in your automation platform
- Rotate regularly – Change API keys periodically for better security
- Limit permissions – Use the minimum required permissions for your automation
- Monitor usage – Watch for unusual API activity or unauthorized access
File handling security
When working with uploaded files from buyers:
- Scan for threats – Validate file types and content before processing
- Size limits – Our platform enforces file size limits for security
- Temporary storage – Delete processed files when no longer needed
- Access controls – Files are accessible only during order processing
Incident reporting
If you discover a security issue:
- Report immediately – Contact our support team right away
- Don't exploit – Don't attempt to exploit or test security vulnerabilities
- Provide details – Include steps to reproduce and potential impact
- Follow up – Work with our team to verify and resolve the issue
Security & Privacy Practices
SellerShorts implements robust security measures to protect your data:
- Data encryption – HTTPS for all connections, encryption at rest for sensitive data
- Privacy protections – We follow GDPR and CCPA privacy principles (data rights, no selling of personal data, deletion on request)
- Secure authentication – Industry-standard authentication and access controls
- Payment security – PCI DSS compliance handled by Stripe
- Access controls – Signed URLs and time-limited file access
⚠️ Important
Never share your callback secrets, API keys, or authentication tokens publicly. If you suspect a security compromise, rotate your credentials immediately and contact support.
