SellerShorts takes security and privacy seriously. This guide explains how we protect your data, secure integrations, and what you need to know about handling buyer information.
Platform security
We implement multiple layers of security to protect your account and data:
Secure authentication – Accounts are protected with industry-standard authentication and security practices
HTTPS everywhere – All communication is encrypted in transit
Webhook security – Required authentication headers for all integrations
File security – All uploaded files are stored securely with signed URLs
Payment security – Stripe handles all payment processing and sensitive data
Integration security requirements
When connecting your AI automations, you must follow these security practices:
HTTPS only
All webhook URLs must use HTTPS. We don't allow HTTP connections for security reasons.
Authentication headers required
You must add at least one authentication header to verify requests come from SellerShorts:
Authorization: Bearer YOUR_TOKEN – Best for OAuth/JWT tokens
x-api-key: YOUR_KEY – Best for static API keys
x-auth-token: YOUR_TOKEN – Alternative token header
Callback security
When sending results back to us, you must include the callback secret:
Header: x-callback-secret: YOUR_SECRET
We provide this secret during AI Tool setup
This verifies the callback comes from your AI Agent automation
Data privacy
Buyer data handling
When processing orders, you may receive buyer inputs containing:
Website URLs and business information
Product data and inventory details
Marketing content and customer data
Financial information for analysis
Your responsibilities
Use data only for the service – Process buyer inputs only to deliver the requested AI Tool results
Don't store unnecessarily – Delete buyer data after processing unless required for service delivery
Keep data secure – Protect any buyer data you process or temporarily store
Don't share – Never share buyer data with third parties without explicit consent
API key management
Best practices for managing your integration credentials:
Use environment variables – Store API keys securely in your automation platform
Rotate regularly – Change API keys periodically for better security
Limit permissions – Use the minimum required permissions for your automation
Monitor usage – Watch for unusual API activity or unauthorized access
File handling security
When working with uploaded files from buyers:
Scan for threats – Validate file types and content before processing
Temporary storage – Delete processed files when no longer needed
Access controls – Files are accessible only during order processing
Incident reporting
If you discover a security issue:
Report immediately – Contact our support team right away
Don't exploit – Don't attempt to exploit or test security vulnerabilities
Provide details – Include steps to reproduce and potential impact
Follow up – Work with our team to verify and resolve the issue
Security & Privacy Practices
SellerShorts implements robust security measures to protect your data:
Data encryption – HTTPS for all connections, encryption at rest for sensitive data
Privacy protections – We follow GDPR and CCPA privacy principles (data rights, no selling of personal data, deletion on request)
Secure authentication – Industry-standard authentication and access controls
Payment security – PCI DSS compliance handled by Stripe
Access controls – Signed URLs and time-limited file access
⚠️ Important
Never share your callback secrets, API keys, or authentication tokens publicly. If you suspect a security compromise, rotate your credentials immediately and contact support.
sellershorts