Free Amazon AI Audit — Will Amazon recommend your product?·No login · Score in 30 sec · Nobody else offers this.Try Free
Category

Research & Analysis

Find opportunities
TRUST & COMPLIANCE

Security & Compliance

Last updated: May 1, 2026

Your data security is our highest priority. Learn how niche.ltd protects your information with industry-leading practices, encryption standards, and compliance frameworks.

99.9% Uptime
SLA Guarantee
AES-256
Data Encryption
90 Days
Data Deletion SLA
GDPR + KVKK
Compliant
🔒
TLS 1.3
In Transit
🛡️
AES-256
At Rest
GDPR
Compliant
KVKK
Compliant
🏗️
SOC 2
Aligned
📋
ISO 27001
Aligned
🏗️

Infrastructure Security

niche.ltd operates on enterprise-grade cloud infrastructure with redundant data centers and automatic failover. All servers are hardened following CIS benchmarks, with automatic security patches applied within 24 hours of release.

Our infrastructure is protected by multiple layers of firewalls, intrusion detection systems (IDS), and distributed denial-of-service (DDoS) mitigation. Network traffic is continuously monitored and anomalous activity is automatically blocked.

🔐

Data Encryption

All data in transit is encrypted using TLS 1.3 — the highest available standard. REST API communications, dashboard sessions, and third-party API integrations (Keepa, Amazon SP-API, Etsy) are all protected by end-to-end TLS encryption.

Data at rest is encrypted using AES-256, the same standard trusted by governments and financial institutions worldwide. Database backups are also encrypted and stored in geographically separated secure locations.

🔑

Access Control & Authentication

Access to production systems follows the principle of least privilege. All internal access is role-based (RBAC), logged, and audited. Administrative access requires multi-factor authentication and is restricted to authorized personnel only.

User sessions are protected with secure HTTP-only cookies, CSRF tokens, and automatic session expiry. We support password-based authentication with bcrypt hashing and are actively developing OAuth2 and SSO integrations for enterprise plans.

📜

Compliance Frameworks

niche.ltd is fully compliant with GDPR (General Data Protection Regulation) and KVKK (Turkey's Personal Data Protection Law). We follow documented data processing procedures, maintain a Record of Processing Activities (ROPA), and have a designated Data Protection Officer responsible for compliance oversight.

We align with SOC 2 Type II principles for security, availability, processing integrity, confidentiality, and privacy — covering the five trust service criteria. Our ISO 27001-aligned information security management practices ensure systematic risk assessment and continuous improvement.

🗂️

Data Retention Policy

We retain your personal data only for as long as necessary to provide our services and meet legal obligations. Active account data is retained for the duration of the subscription. Upon account deletion, all personal data is permanently purged within 90 days from our systems, including backups.

The following retention schedule applies: marketplace research data (keywords, ASIN analytics) — retained while your account is active; payment records — 7 years for tax/legal compliance; support ticket history — 3 years; access and error logs — 90 days rolling. All data deletion requests are processed within 30 days.

🚨

Vulnerability Management & Incident Response

We conduct regular penetration testing and automated vulnerability scanning on all production systems. Critical vulnerabilities are patched within 24 hours; high-severity within 72 hours. We follow a responsible disclosure process and welcome security researchers to report findings at security@niche.ltd.

Our incident response plan defines clear roles, escalation paths, and communication protocols. In the event of a confirmed data breach affecting user data, we will notify affected users and relevant authorities within 72 hours as required by GDPR Article 33 and KVKK provisions.

🤝

Sub-processors & Third Parties

We use a limited set of vetted sub-processors to operate our platform. Each sub-processor is contractually bound by Data Processing Agreements (DPAs) aligned with GDPR Article 28. Key sub-processors include: cloud hosting (EU/US region), payment processing (PCI-DSS Level 1 certified), analytics, and marketplace data providers.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. All sub-processor relationships are reviewed annually and updated here. You may request a full list of current sub-processors by emailing privacy@niche.ltd.

✉️

Security Contact

To report a security vulnerability, contact us at security@niche.ltd. We follow responsible disclosure principles and respond to all valid reports within 48 hours. For general compliance inquiries, data subject requests (GDPR/KVKK), or to request our Data Processing Agreement template, email privacy@niche.ltd.

Questions about security or compliance? Contact security@niche.ltd