Least privilege
Access is limited to the data needed for the enabled workflow and assigned user role.
Security
Controls for seller-authorized operating data.
NotERP Seller Profit & Ads Control uses least privilege, data minimization, access controls, encryption, audit logging, and incident response practices to protect seller data.
Encryption
Seller data is encrypted in transit. Sensitive credentials are stored using protected secret-management practices.
Auditability
Governed actions record evidence, requester, approver, execution status, and outcome review.
Incident response
Security incidents are triaged, contained, investigated, and communicated according to documented response procedures.
Data minimization
The initial product scope avoids buyer PII and focuses on business operating evidence authorized by the seller.
Vendor boundary
The service does not sell seller data. Data sharing is limited to service providers needed to operate and secure the service.
Security contact
Report a security issue.
Email security reports to security@noterp.ai.
Please include the affected account, suspected impact, timestamps, and steps to reproduce when available.