EnreshipBack to Home
Security & Compliance

Enreship Security & Compliance

Last Updated: December 2024

Security Overview

At Enreship, the security of merchant data, marketplace integrations, customer shipping information, and fulfillment operations is our highest priority.

We protect all information flowing through Enreship—whether from Amazon, Shopify, Walmart, eBay, Etsy, WooCommerce, carriers, or internal warehouse operations—using industry-standard security controls, encryption, monitoring, and risk-management practices. This page describes Enreship's security posture in clear, human-readable form so that merchants, partners, auditors, and platform compliance teams can understand how we safeguard data across our infrastructure.

Table of Contents

1

Security Principles

Enreship's security framework is built on the following principles:

Minimize data access

Only collect and store what is necessary to deliver our services.

Least-privilege access

Internal access is controlled strictly by role and job necessity.

Encryption everywhere

Encrypt all data in transit and at rest.

Segregation of environments

Production, staging, and development systems are isolated.

Auditability and monitoring

Continuous logging, alerting, and anomaly detection.

Compliance-friendly architecture

Designed to meet requirements for Amazon SP-API, Shopify, Walmart, eBay, Etsy, carriers (FedEx, UPS, USPS), and general U.S. data protection standards.

2

Data Types Protected by Enreship

Enreship handles multiple categories of data from integrated platforms. All categories are protected equally and securely:

Marketplace Order Data

(From Amazon, Shopify, Etsy, Walmart, eBay, WooCommerce…)

  • • Order IDs, SKUs, quantities, timestamps
  • • Financial values (subtotal, shipping, tax, fees)
  • • Non-PII operational metadata provided by platforms

Customer Shipping Information (PII)

Used strictly for shipping, label creation, tracking, and fulfillment.

Includes:

  • • Name
  • • Shipping address
  • • Phone number / email (only if marketplace provides)

We never use end-customer PII for marketing or analytics.

Inventory & Warehouse Data

  • • Inbound shipments
  • • Stock levels
  • • Pick/pack/ship logs
  • • Returns and adjustments

Carrier Data

  • • Label creation details
  • • Tracking numbers
  • • Cost and rate metadata

Account & Authentication Data

  • • Enreship account details
  • • API credentials for marketplaces and carriers
  • • OAuth tokens generated via official platform flows

All credential information is encrypted and stored in isolated secrets vaults.

3

Encryption Standards

Data in Transit

All communication between browsers, mobile devices, APIs, and infrastructure uses:

TLS 1.2+
HSTS (HTTP Strict Transport Security)
Protection against downgrade attacks
Secure cipher suites only

Data at Rest

All sensitive data—warehouse data, order data, PII, API tokens—is encrypted using:

AES-256 encryption (industry standard)
Managed keys stored in secure KMS
Encryption enforced at application, database, storage, and logging layers

API Tokens & Credentials

Stored in encrypted secrets vaults with:

  • Envelope encryption
  • Automatic key rotation
  • No plaintext credential exposure in code or logs
4

Account & Credential Security

Password Security

Enreship enforces strong password rules:

  • Minimum length
  • Mixed character requirements
  • Encryption using modern password hashing (bcrypt/argon2)
  • Automatic lockout after repeated failed attempts

Multi-Factor Authentication (Optional)

Merchants may enable MFA for enhanced account security.

API Authentication

For platform integrations:

  • OAuth authorization (Amazon, Shopify, eBay, Walmart where applicable)
  • Secure credential storage
  • Token rotation and expiration handling

Credentials are never accessible to Enreship staff except in strictly controlled security operations.

5

Infrastructure & Network Security

Hosting Environment

Enreship runs on secure U.S.–based cloud infrastructure with:

Virtual private cloud (VPC) segregation
Private subnets for sensitive workloads
Firewalls and security groups
Network-level DDoS protection
Load-balancing and redundancy

Application Security

  • Secure coding standards
  • Automated dependency scanning
  • Regular penetration tests
  • Version-controlled CI/CD pipelines with code review
  • Secrets never stored in code repositories

Database Security

  • Encrypted volumes
  • Row-level access controls
  • Time-based snapshot backups
  • Automated failover

Backups

  • Encrypted backups stored in separate zones
  • Regular integrity validation
  • Limited retention aligned with Data Retention Policy
6

Monitoring, Logging, and Detection

Enreship uses continuous monitoring tools to detect anomalies and malicious behavior, including:

Authentication logs
API request logs
Integration failures
Warehouse operational logs
Suspicious IP and rate-limit detection
Brute-force login monitoring
Automated security alerts sent to the on-call team

Logs containing sensitive data are sanitized before storage.

7

Vulnerability Management

We maintain a formal vulnerability program:

  • Regular automated vulnerability scans
  • Dependency security audits
  • Third-party penetration tests
  • Prioritized remediation pipeline
  • Detailed tracking until every issue is resolved
  • Zero-tolerance policy for high-severity unpatched vulnerabilities
8

Incident Response

Enreship maintains an Incident Response Plan designed to quickly isolate, analyze, and resolve security issues.

Our incident workflow includes:

1

Detection

Automated systems or internal staff identify unusual behavior.

2

Containment

Limit access, rotate keys, isolate affected services, activate emergency procedures.

3

Investigation

Determine scope, vectors, affected systems, and forensic evidence.

4

Eradication & Remediation

Patch vulnerabilities, harden systems, restore unaffected backups.

5

Merchant Notification (If Applicable)

If any sensitive merchant or customer data is involved, we notify affected parties promptly.

6

Post-Incident Review

Lessons learned → permanent fixes → policy updates.

Our internal security team is available 24/7 for critical issues.

9

Access Control & Internal Security

To protect merchant information:

Role-Based Access Control (RBAC)

Only specific staff may access limited data for:

  • Technical support
  • Warehouse operations
  • Security analysis

Internal Restrictions

  • No engineer or staff can retrieve your marketplace API tokens.
  • Customer PII is only viewable by personnel who need it for operational purposes.
  • Warehouse staff cannot access your marketplace integrations or financial data.

Confidentiality Training

All employees undergo:

Security training
Confidentiality obligations
Data handling procedures
Background verification (where allowed)
10

Marketplace-Specific Security Alignment

To ensure cross-platform compliance, Enreship aligns with the security expectations of all major marketplaces:

Amazon Selling Partner API (SP-API)

Encryption, retention, logging, monitoring, credential management, and data minimization practices aligned with RDA + AUP.

Shopify

OAuth best practices, scope limitations, storefront token protections, webhook verification.

Walmart Marketplace

Token handling, encryption, and secure order ingestion.

eBay

Refresh-token flow handling, secure storage, and data minimization.

Etsy

OAuth handling and limited permission scopes.

WooCommerce

Token-based APIs + secure HTTPS communication.

Across all marketplaces: Enreship never uses PII outside fulfillment workflows.

11

Carrier Security Alignment (UPS, FedEx, USPS, DHL)

Carrier integrations follow:

  • Secure API authentication
  • Encrypted shipment data exchange
  • Limited disclosure of customer shipping PII
  • No reuse of data for any non-shipping purpose

Carriers receive only the data required to fulfill shipments.

12

Contact for Security Questions

If you have questions about our security practices:

Enreship Security Office

Address

727 Hylton Rd

Pennsauken, NJ 08110