As former AWS engineers, we built Prism with the same security principles used by Fortune 500 companies. Your Amazon advertising data deserves enterprise-grade protection.
Multiple layers of security ensure your Amazon credentials and campaign data remain protected at every step.
We never see or store your Amazon password. You authorize directly through Amazon's secure login. All we receive is a revocable access token, encrypted with AWS KMS and automatically refreshed, that you can disconnect anytime.
All OAuth tokens and sensitive data are encrypted using AWS Key Management Service (KMS). Your credentials are never stored in plaintext. Even our own engineers cannot access your tokens.
All data transmitted between your browser, our servers, and Amazon's APIs is encrypted using TLS 1.2 or higher. No data ever travels unencrypted across any network.
Your data is completely separated from other users at every layer. Strict access controls ensure you can only access your own accounts. No cross-tenant data leakage is possible by design.
Every API request is validated against 114+ strict schemas before processing. We follow OWASP Top 10 2025 guidelines to protect against injection attacks, XSS, and other common vulnerabilities.
Our systems detect anomalies in real-time, from unusual login patterns to API abuse. Multi-layer rate limiting (auth, general, and expensive operations) blocks attacks before they gain traction. Comprehensive audit logging tracks all sensitive operations.
Manage team access with granular permissions. Assign roles like Viewer, Editor, or Admin to control who can view reports, make optimizations, or manage account settings. Perfect for agencies and growing teams.
Connect and manage multiple Amazon Seller accounts from a single dashboard. Each account's data remains isolated with dedicated encryption keys, ensuring complete separation while providing unified visibility.
We believe in transparency and user control. Your data is yours.
Revoke Prism's access from your settings or directly from Amazon. We'll stop accessing your data immediately.
Request a full export of your data in a portable format at any time.
Start with bid changes requiring your approval. Enable automation only for optimizations you trust.
Security isn't a single lock, it's layers of protection. Here's how we protect your data at every level.
We implement rigorous security practices and are continuously improving. No system is 100% secure. If you discover a security concern, please report it to security@calibratedintelligence.com.
We use OAuth 2.0 authentication, meaning you authorize directly through Amazon's secure login. We never see, store, or have access to your Amazon password. All we receive is a revocable access token you can disconnect anytime from your Prism settings or Amazon account.
Yes. All data is encrypted at rest using AWS KMS and in transit using TLS 1.2+. Our multi-tenant architecture ensures your data is completely isolated from other users. You can only access your own accounts.
Not without your explicit consent. You control whether bid changes require your approval or run automatically. We recommend starting in approval-required mode until you're comfortable with how Prism works.
We use a 3-tier rate limiting system backed by Redis. Authentication endpoints are limited to 5 requests per 15 minutes per IP. General API calls are capped at 100 requests per minute. Expensive operations (like bulk exports) are limited to 10 requests per 5 minutes. This multi-layer approach stops attacks before they can gain traction.
Your OAuth tokens are encrypted using AWS KMS with dedicated encryption keys. We use automatic key rotation to ensure keys are regularly refreshed. Tokens are never stored in plaintext, even in logs. When you disconnect your account, encrypted tokens are permanently deleted.
We log API requests for debugging and security monitoring, but sensitive data is automatically redacted. Our log sanitization system detects and masks 20+ patterns including JWTs, credit card numbers, SSNs, API keys, and cryptocurrency addresses. All logs are encrypted with AWS KMS and retained only as long as needed for operations.
All data is hosted on AWS infrastructure in the US (us-east-1 region). Our systems run in private VPC subnets with no direct internet exposure. There's no SSH access to any servers; we use AWS Systems Manager Session Manager for any administrative access. Network security groups enforce least-privilege access rules.
Campaign performance data is retained while your account is active to provide historical analysis and AI recommendations. If you disconnect your Amazon account, we delete synced advertising data within 30 days. Account deletion requests result in complete data removal within 30 days, except where legally required to retain records.
Yes. Prism uses AWS Cognito for authentication, which supports optional MFA via authenticator apps or SMS. We recommend enabling MFA for additional account protection. Your Amazon account's own MFA remains separate and unaffected by Prism.
We maintain comprehensive audit logging for all sensitive operations. In the event of a security incident, we would notify affected users promptly, explain what happened and what data was involved, and outline steps we're taking to prevent recurrence. You can report security concerns to security@calibratedintelligence.com.