Merchant Data Protection Policy

Commitment

Merchants rely on EcomSolveBD for revenue-critical attribution and operations. We implement administrative, technical, and organizational measures designed to protect confidentiality, integrity, and availability.

Tenant isolation

Merchant data is logically segregated by merchant ID across databases and APIs. Staff access to production data is restricted, logged, and granted only when necessary for support with appropriate authorization.

Token and credential handling

OAuth refresh tokens for Google, Meta, and TikTok are encrypted before persistence. API secrets you provide (e.g., CAPI tokens) are encrypted at rest. Tokens are never displayed in full in the UI after initial entry.

Merchant controls

• Disconnect any integration instantly from Integrations.
• Revoke OAuth from Google/Meta/TikTok business settings.
• Export or delete data per Data Deletion Instructions.
• Configure which auto events and conversion actions are enabled.

Employee and vendor security

We require confidentiality commitments from personnel with data access and contractually require subprocessors to implement appropriate security measures.

Breach notification

If we become aware of a breach affecting merchant personal data, we will notify affected merchants without undue delay as required by applicable law and assist with regulatory obligations where we act as processor.