top of page
Pink Poppy Flowers

Security Details

Effective Date: May 29, 2025

Last Updated: Oct 17, 2025

We are fully committed to protecting seller data and complying with Amazon's data usage policies (§4.4). Your trust is paramount, and transparency is our foundation. We do not aggregate data across Authorized Users' businesses or customers obtained through the Amazon Services API to provide or sell to any parties, including competing Authorized Users. We do not provide access to Amazon data or data aggregation from several sellers.

Encryption

  • Data in Transit: TLS 1.2+ encryption for all data transmission between your browser and our servers

  • Data at Rest: AES-256 encryption for all stored data in our databases and file systems

Access Controls

  • Role-Based Access Control (RBAC): Team members have access only to the resources necessary for their role

  • Multi-Factor Authentication: All administrative access requires multi-factor authentication

Data Isolation

  • Logical Tenant Separation: Each seller's data is logically separated with unique identifiers

  • Secure Backups: All backups are encrypted and use rotating encryption keys

Monitoring and Incident Response

  • Continuous Logging: All system activities are logged and monitored in real-time

  • 24/7 Infrastructure Monitoring: Round-the-clock monitoring of all critical systems

Compliance and Certifications

  • GDPR Compliance: European General Data Protection Regulation compliance

  • SOC 2 Type II: Annual SOC 2 Type II compliance audits

Data Processing and Retention

  • Purpose Limitation: Data is only used for the specific services you've requested

  • Data Minimization: We collect and process only the minimum data necessary

Infrastructure Security

  • Cloud Security: Hosted on enterprise-grade cloud infrastructure with built-in security controls

  • Regular Updates: Automated security patches and updates for all systems

Employee Security

  • Background Checks: All employees undergo comprehensive background checks

  • Security Training: Regular security awareness training for all team members

Third-Party Security

  • Vendor Assessment: Thorough security assessments of all third-party vendors

  • Data Processing Agreements: Contractual obligations for data protection with all vendors

Security Updates and Communication

  • Policy Updates: We will notify you of any material changes to our security practices

  • Security Notifications: Prompt notification of any security incidents that may affect your data

Contact Us

​For questions or concerns about this Privacy Policy, contact us at:

MBR Labs
3F, Suite 304, 38 Pangyobaekhyeon-ro,
Bundang-gu, Seongnam-si, Gyeonggi-do, KR
Email: hello@roa.global

bottom of page