Data Processing & Security

Processing overview

EcomSolveBD ingests storefront events, order data, and advertising metrics; normalizes attribution; and delivers server-side conversions to platforms you enable. Processing occurs in secure cloud environments with logical tenant isolation per merchant.

Encryption

• In transit: TLS 1.2+ (HTTPS) for all web, API, and webhook traffic.
• At rest: database and object storage encryption provided by our cloud vendors.
• Secrets: OAuth refresh tokens and API keys encrypted at the application layer using industry-standard symmetric encryption before storage.

Access controls

• Role-based access within merchant teams (where enabled).
• Hashed passwords with modern key derivation for dashboard login.
• Session tokens with expiration and secure cookie flags on production domains.
• Principle of least privilege for production infrastructure access.

Monitoring and audit

We log authentication events, integration changes, API errors, and security-relevant actions. Logs are retained for troubleshooting and incident response. Merchants can review delivery logs for conversion sends in the Events Sent area.

Incident response

We investigate suspected breaches and notify affected merchants and regulators when required by law. Report security issues to report@ecomsolvebd.com.

Data minimization

We collect only data needed for features you use. Hashed email/phone for enhanced conversions are sent to ad platforms only when you enable those features and have a lawful basis.

DPA

Enterprise customers may request a Data Processing Agreement (DPA) by contacting privacy@ecomsolvebd.com. Our Subprocessors page lists infrastructure providers.