Trust Center
Security & Trust
How Seller Copilot protects your data across every channel you sell on.
Last updated: March 2025
Our Commitment
Seller Copilot is built for UK e-commerce sellers who run their business across multiple marketplaces. We hold marketplace credentials, order data, and customer information on behalf of our merchants, and protecting that data is non-negotiable. This page summarises how we do it.
Security Highlights
Six controls that underpin how we run Seller Copilot every day.
Encryption
All data is encrypted in transit with TLS 1.2 or higher and at rest with AES-256. Marketplace API tokens and OAuth secrets are stored in dedicated secrets stores, never in source control.
Authentication
Customer passwords are hashed with industry-standard algorithms and per-user salts. Marketplace integrations use OAuth 2.0 where supported, and multi-factor authentication is mandatory for all administrative accounts.
UK & EU Hosting
Production infrastructure runs on Amazon Web Services within the United Kingdom and European Union regions. Customer data does not leave these regions in the course of normal operations.
Access Control
Access to production systems follows the principle of least privilege. All access is named, logged, and reviewed periodically. Shared accounts are prohibited and access is revoked promptly on role change.
Backups & Recovery
Encrypted backups are taken on a rolling schedule and retained according to our retention policy. Recovery procedures are documented and tested to support business continuity.
Incident Response
We maintain a documented incident response process covering detection, containment, investigation, and recovery. Confirmed personal data breaches are notified to affected customers and supervisory authorities in line with UK GDPR.
Compliance & Frameworks
Seller Copilot Ltd operates in alignment with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Our internal controls are designed in alignment with the principles of ISO 27001 and SOC 2. Formal certification is on our roadmap as the platform scales.
UK GDPR
Aligned
DPA 2018
Aligned
ISO 27001
Roadmap
SOC 2
Roadmap
Subprocessors We Use
Seller Copilot uses a small number of trusted subprocessors to deliver the service.
| Subprocessor | Purpose | Region |
|---|---|---|
| Amazon Web Services | Cloud infrastructure and data hosting | UK / EU |
| Stripe | Subscription billing and payment processing | UK / EU |
| eBay, Amazon, Shopify, Etsy, TikTok Shop | Marketplace API connections (merchant-authorised) | Per platform |
This list is reviewed periodically and updated when material changes occur. Material changes affecting active customers are notified in advance where required.
How We Handle Your Data
Customer data is processed solely to provide the Seller Copilot service — managing your orders, inventory, listings, and fulfilment across the marketplaces you connect. We never sell customer data, and we never use it for unrelated purposes. Marketplace API tokens are used only to perform the actions the merchant has authorised.
Customers may request export or deletion of their data at any time by contacting contact@seller-copilot.com, subject to identity verification and any applicable legal retention requirements.
Report a Security Issue
If you believe you've discovered a security vulnerability or have a security concern about Seller Copilot, please report it confidentially. We triage every report and respond promptly.
Documentation
Our full Information Security Policy and Data Processing Agreement (DPA) are available to enterprise customers and partners on request. To request a copy or discuss your security and compliance requirements, contact us at contact@seller-copilot.com.