Security
Last updated: June 11, 2026
Security is foundational to TenEightOne OP. Because OP connects to your Amazon business data, we take a conservative, defense-in-depth approach to protecting it. This page describes our current security posture.
Amazon Integration
- Official SP-API. OP connects to Amazon exclusively through Amazon's official Selling Partner API.
- No password sharing. We never ask for or store your Amazon Seller Central password. Access is authorized by you through Amazon's official flow and can be revoked by you at any time.
- Read-oriented access. OP is built around reading and organizing your operational data to provide visibility, where applicable to the integration.
Credential & Data Protection
- Encrypted credential storage. Authorization tokens are stored encrypted, and the platform is configured to refuse operating in production without valid encryption keys.
- Password protection. Account passwords are stored only as secure cryptographic hashes, never in plain text.
- Account separation. Each customer's data is isolated, and access is authorized on a per-account basis so customers cannot reach one another's data.
Authentication & Access
- Secure authentication with protections against repeated failed login attempts.
- Multi-factor authentication (MFA) is required for staff and administrator accounts.
- Role-based access controls limit what each account and team member can access.
- Password lifecycle management, including expiry notifications and self-service reset.
Application & Infrastructure
- Protections against cross-site request forgery and secure session cookies in production.
- Rate limiting on sensitive and resource-intensive endpoints.
- Secure payments processed through Stripe; we do not store full payment card details.
- Ongoing security review and continuous improvement of our controls.
We describe only the measures we actually maintain. TenEightOne OP does not currently claim SOC 2, ISO 27001, HIPAA, or other formal certifications. If and when we obtain any such certification, we will state so explicitly here.
Responsible Disclosure
If you believe you have found a security vulnerability, please report it responsibly. See our Responsible Disclosure Accessibility page for how to reach us and what to include.
Contact
Security questions or reports: security@teneightone.com.