Infrastructure Security
niche.ltd operates on enterprise-grade cloud infrastructure with redundant data centers and automatic failover. All servers are hardened following CIS benchmarks, with automatic security patches applied within 24 hours of release.
Our infrastructure is protected by multiple layers of firewalls, intrusion detection systems (IDS), and distributed denial-of-service (DDoS) mitigation. Network traffic is continuously monitored and anomalous activity is automatically blocked.
Data Encryption
All data in transit is encrypted using TLS 1.3 — the highest available standard. REST API communications, dashboard sessions, and third-party API integrations (Keepa, Amazon SP-API, Etsy) are all protected by end-to-end TLS encryption.
Data at rest is encrypted using AES-256, the same standard trusted by governments and financial institutions worldwide. Database backups are also encrypted and stored in geographically separated secure locations.
Access Control & Authentication
Access to production systems follows the principle of least privilege. All internal access is role-based (RBAC), logged, and audited. Administrative access requires multi-factor authentication and is restricted to authorized personnel only.
User sessions are protected with secure HTTP-only cookies, CSRF tokens, and automatic session expiry. We support password-based authentication with bcrypt hashing and are actively developing OAuth2 and SSO integrations for enterprise plans.
Compliance Frameworks
niche.ltd is fully compliant with GDPR (General Data Protection Regulation) and KVKK (Turkey's Personal Data Protection Law). We follow documented data processing procedures, maintain a Record of Processing Activities (ROPA), and have a designated Data Protection Officer responsible for compliance oversight.
We align with SOC 2 Type II principles for security, availability, processing integrity, confidentiality, and privacy — covering the five trust service criteria. Our ISO 27001-aligned information security management practices ensure systematic risk assessment and continuous improvement.
Data Retention Policy
We retain your personal data only for as long as necessary to provide our services and meet legal obligations. Active account data is retained for the duration of the subscription. Upon account deletion, all personal data is permanently purged within 90 days from our systems, including backups.
The following retention schedule applies: marketplace research data (keywords, ASIN analytics) — retained while your account is active; payment records — 7 years for tax/legal compliance; support ticket history — 3 years; access and error logs — 90 days rolling. All data deletion requests are processed within 30 days.
Vulnerability Management & Incident Response
We conduct regular penetration testing and automated vulnerability scanning on all production systems. Critical vulnerabilities are patched within 24 hours; high-severity within 72 hours. We follow a responsible disclosure process and welcome security researchers to report findings at security@niche.ltd.
Our incident response plan defines clear roles, escalation paths, and communication protocols. In the event of a confirmed data breach affecting user data, we will notify affected users and relevant authorities within 72 hours as required by GDPR Article 33 and KVKK provisions.
Sub-processors & Third Parties
We use a limited set of vetted sub-processors to operate our platform. Each sub-processor is contractually bound by Data Processing Agreements (DPAs) aligned with GDPR Article 28. Key sub-processors include: cloud hosting (EU/US region), payment processing (PCI-DSS Level 1 certified), analytics, and marketplace data providers.
We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. All sub-processor relationships are reviewed annually and updated here. You may request a full list of current sub-processors by emailing privacy@niche.ltd.
Security Contact
To report a security vulnerability, contact us at security@niche.ltd. We follow responsible disclosure principles and respond to all valid reports within 48 hours. For general compliance inquiries, data subject requests (GDPR/KVKK), or to request our Data Processing Agreement template, email privacy@niche.ltd.
Questions about security or compliance? Contact security@niche.ltd