Skip to main content

Security & Privacy

SellerShorts takes security and privacy seriously. This guide explains how we protect your data, secure integrations, and what you need to know about handling buyer information.

Platform security

We implement multiple layers of security to protect your account and data:

  • Secure authentication – Accounts are protected with industry-standard authentication and security practices
  • HTTPS everywhere – All communication is encrypted in transit
  • Webhook security – Required authentication headers for all integrations
  • File security – All uploaded files are stored securely with signed URLs
  • Payment security – Stripe handles all payment processing and sensitive data

Integration security requirements

When connecting your AI automations, you must follow these security practices:

HTTPS only

All webhook URLs must use HTTPS. We don't allow HTTP connections for security reasons.

Authentication headers required

You must add at least one authentication header to verify requests come from SellerShorts:

  • Authorization: Bearer YOUR_TOKEN – Best for OAuth/JWT tokens
  • x-api-key: YOUR_KEY – Best for static API keys
  • x-auth-token: YOUR_TOKEN – Alternative token header

Callback security

When sending results back to us, you must include the callback secret:

  • Header: x-callback-secret: YOUR_SECRET
  • We provide this secret during AI Short setup
  • This verifies the callback comes from your automation

Data privacy

Buyer data handling

When processing orders, you may receive buyer inputs containing:

  • Website URLs and business information
  • Product data and inventory details
  • Marketing content and customer data
  • Financial information for analysis

Your responsibilities

  • Use data only for the service – Process buyer inputs only to deliver the requested AI Short results
  • Don't store unnecessarily – Delete buyer data after processing unless required for service delivery
  • Keep data secure – Protect any buyer data you process or temporarily store
  • Don't share – Never share buyer data with third parties without explicit consent

API key management

Best practices for managing your integration credentials:

  • Use environment variables – Store API keys securely in your automation platform
  • Rotate regularly – Change API keys periodically for better security
  • Limit permissions – Use the minimum required permissions for your automation
  • Monitor usage – Watch for unusual API activity or unauthorized access

File handling security

When working with uploaded files from buyers:

  • Scan for threats – Validate file types and content before processing
  • Size limits – Our platform enforces file size limits for security
  • Temporary storage – Delete processed files when no longer needed
  • Access controls – Files are accessible only during order processing

Incident reporting

If you discover a security issue:

  1. Report immediately – Contact our support team right away
  2. Don't exploit – Don't attempt to exploit or test security vulnerabilities
  3. Provide details – Include steps to reproduce and potential impact
  4. Follow up – Work with our team to verify and resolve the issue

Compliance

SellerShorts helps you maintain compliance with:

  • GDPR – European data protection regulations
  • CCPA – California consumer privacy laws
  • SOC 2 – Security and compliance standards
  • PCI DSS – Payment card security (handled by Stripe)

⚠️ Important

Never share your callback secrets, API keys, or authentication tokens publicly. If you suspect a security compromise, rotate your credentials immediately and contact support.

[SCREENSHOT HERE: Security settings in integration step]

SellerShorts - AI Shorts Marketplace | Specialized Selling Automation