Effective Date: January 1st. 2026

At AdVision eCommerce Inc., we understand that merchants depend on reliable and secure systems to operate their businesses. This page describes the security practices we use to help protect CatalogPilot, merchant accounts, and the data processed within the Service.

This Security Practices page is informational only and does not create contractual obligations, warranties, or guarantees. It complements our Privacy Policy and Terms & Conditions.

1. Security Principles

We follow a framework built around four core pillars:

1. Confidentiality – preventing unauthorized access
   
2. Integrity – maintaining accuracy and reliability
   
3. Availability – ensuring systems operate as intended
   
4. Accountability – maintaining auditable controls and responsible governance
   

2. Data Security

2.1 Encryption in Transit

Data transmitted between your browser, APIs, and our servers is protected with industry-standard encryption (HTTPS/TLS).

2.2 Encryption at Rest

Where supported by our hosting infrastructure, stored data may also be encrypted at rest.

2.3 Data Isolation

Each merchant’s environment is logically separated to prevent unauthorized access across accounts.

2.4 Access Restrictions

Only authorized personnel with a legitimate operational requirement are granted access to production systems.

Access requires:

• unique credentials
  
• role-based permissions
  
• authentication layers
  
• audit logging
  

3. Infrastructure Security

3.1 Hosting & Cloud Providers

We use reputable, industry-standard hosting providers for infrastructure. These providers maintain:

• physical datacenter security
  
• environmental controls
  
• redundant power and networking
  
• certification frameworks such as SOC 2, ISO 27001 (provider-specific)

3.2 Network Protections

Network policies may include:

• firewalls
  
• IP restrictions
  
• rate limiting
  
• DDoS mitigation (provider-dependent)
  

3.3 Monitoring & Logging

We use monitoring tools to track key aspects of system health, including:

• uptime
  
• load
  
• ingestion processes
  
• API requests
  
• unusual patterns
  

Logging helps with debugging, performance analysis, and security investigations.

4. Application Security

4.1 Secure Development Practices

Our development workflows incorporate:

• code reviews
  
• environment separation
  
• CI/CD pipelines
  
• dependency scanning
  
• vulnerability patching
  
• version control
  

4.2 Password & Account Security

Users are responsible for safeguarding login credentials.

We encourage:

• strong passwords
  
• unique account logins
  
• administrator permission control within merchant accounts
  

4.3 Session Management

Session timeouts and authentication rules help reduce risks associated with unauthorized access.

5. Third-Party Integrations & Api Security

5.1 Integration Controls

CatalogPilot integrates with platforms such as:

• Lightspeed
  
• Shopify
  
• WooCommerce
  
• BigCommerce
  
• Ecwid
  
• Google Merchant Center
  
• Other APIs and marketplaces
  

We authenticate via API keys or platform-specific authorization methods.

5.2 Dependency Awareness

Because third-party platforms control their API availability, changes, and performance, we cannot guarantee:

• uptime
  
• correctness of returned data
  
• compatibility
  
• stability of integrations
  

5.3 Restricted Access

Merchant API credentials are stored securely and only used to perform tasks required to deliver the Service.

6. Data Backups & Continuity

6.1 Regular Backups

We maintain regular backups of key system components where appropriate.

Backups help mitigate the risk of accidental data loss.

6.2 Recovery & Incident Handling

In the event of:

• service interruption
  
• infrastructure failure
  
• catastrophic hosting event
  

We may restore data from backups as reasonably possible.

However, we do not guarantee recovery times or data restoration, and merchants should maintain independent backups of critical data.

7. Incident Response

7.1 Detection & Investigation

We investigate potential security events and take steps to reduce risks.

7.2 Communication

If a data breach affects personal information, we will notify the Merchant in accordance with applicable laws.

7.3 Remediation

Post-incident steps may include:

• patching vulnerabilities
  
• modifying configurations
  
• infrastructure updates
  

8. Employee Access & Training

We restrict production-level access to select personnel trained in:

• operational security
  
• data handling
  
• privacy controls
  
• system maintenance
  

Employees must adhere to internal confidentiality and usage policies.

9. Merchant Responsibilities

Merchants are responsible for:

• ensuring catalog accuracy
  
• securing their own systems, devices, and networks
  
• maintaining backup copies of their data
  
• controlling internal user access
  
• reviewing AI-generated metadata before publishing
  
• complying with third-party platform policies
  

The security of your environment affects the security of your data.

10. Limitations

While we apply industry-standard practices, no system is completely secure.

We cannot guarantee:

• uninterrupted service
  
• absolute protection
  
• compatibility with all platforms
  
• immunity from attacks
  
• loss prevention in all scenarios
  
  

Our Terms & Conditions govern all limitations of liability.

11. Contact

If you believe you have discovered a security issue or vulnerability, please notify us at:

info@advision-ecommerce.com