Security, Privacy & Trust

CorditeOS handles sensitive seller data — revenue, inventory, pricing, advertising spend. We're a small team, and we take that responsibility seriously. This page is our honest account of how we protect your data, who has access to it, and how our AI features work.

Last updated: April 9, 2026

How We Protect Your Data

Encryption

AES-256 encryption at rest for all stored data. TLS 1.2+ for every connection in transit. API credentials get an additional layer of application-level encryption before database storage.

Tenant Isolation

Every database query is scoped by tenant_id. Row-Level Security (RLS) policies in Postgres enforce isolation at the database level — not just in application code.

Authentication

Powered by Supabase Auth. We never store passwords ourselves. Session tokens are managed by Supabase's battle-tested auth infrastructure.

Infrastructure

Hosted on AWS — ECS Fargate for compute, S3 for storage. All infrastructure defined as code with AWS CDK, reviewed and version-controlled.

Amazon Data Handling

OAuth-Based Access

We connect via Amazon's Selling Partner API using OAuth. You authorize access through Amazon — we never see your Seller Central password.

Encrypted Credentials

Your SP API tokens are encrypted with AES-256 (KMS-backed) before storage. Decryption happens only at runtime during data ingestion.

Your Data, Only Yours

Your seller data is used solely to power your analytics and recommendations. We never share, sell, or aggregate it across tenants.

Scoped Permissions

We request only the SP API permissions needed for the features you use — reports, listings, pricing, advertising, and fulfillment.

AI Transparency

CorditeOS uses AI to help you make better decisions — not to make decisions for you.

  • We use Anthropic Claude for analysis, strategy recommendations, and listing optimization.
  • Your data is not used to train AI models. Anthropic's API terms prohibit using customer data for training.
  • We never send credentials, passwords, or API tokens to AI providers. Only aggregated business data relevant to your query.
  • AI outputs are recommendations. Automated actions require your explicit approval or pre-configured autopilot settings with guardrails.

Subprocessors

These are the third-party services that process data on our behalf.

AWSCloud infrastructureSupabaseDatabase, auth, RLSAnthropicAI analysisAmazon SP APISeller data (authorized by you)KeepaProduct & market data

Documents

Privacy PolicyTerms of ServiceCookie PolicyContact

Imprint

Cordite Labs Pvt Ltd

Flat 203, PSR Sai Arcade, Narsingi

Hyderabad, India 500075

contact@corditelabs.com

Questions about security?

We're happy to answer. Contact us