Security Standards
Caleffi Price Manager
Our commitment to protecting your data
Enterprise-Grade Security
Caleffi Price Manager, operated by Caleffi SPA, implements industry-leading security standards to protect your sensitive business data and Amazon Seller credentials. Our multi-layered security approach ensures your information remains confidential, available, and protected against unauthorized access.
1. Data Encryption
🔐 AES-256 Encryption at Rest
All stored data is encrypted using AES-256 (Advanced Encryption Standard), the same encryption standard used by governments and financial institutions worldwide.
- Database encryption: Azure SQL Database with Transparent Data Encryption (TDE)
- File storage: Encrypted blob storage with customer-managed keys
- Backup encryption: All backups encrypted with AES-256
- Redis cache: Encrypted data in memory with SSL/TLS connections
🌐 TLS 1.3 Encryption in Transit
All data transmitted between your browser, our servers, and Amazon SP-API is protected with TLS 1.3:
- HTTPS enforced for all web traffic (no HTTP allowed)
- Perfect Forward Secrecy (PFS) enabled
- Strong cipher suites only (no weak algorithms)
- HSTS (HTTP Strict Transport Security) with preload
2. Authentication & Authorization
✓ OAuth 2.0 with Amazon SP-API
Your Amazon credentials are never stored on our servers. We use Amazon's official OAuth 2.0 flow to obtain secure refresh tokens that are encrypted and stored separately from other data.
✓ Multi-Factor Authentication (MFA)
Admin accounts are protected with Time-based One-Time Passwords (TOTP) using industry-standard authenticator apps like Google Authenticator or Authy.
✓ Role-Based Access Control (RBAC)
Principle of least privilege: Users and processes only have access to the minimum data and operations required for their function.
✓ Secure Session Management
HTTP-only, secure cookies with short expiration times. Sessions are invalidated after 24 hours of inactivity.
3. Infrastructure Security
☁️ Microsoft Azure Cloud
Hosted on Microsoft Azure with industry-leading security certifications:
Certifications:
- SOC 2 Type II
- ISO 27001
- ISO 27018
- GDPR Compliance
- PCI DSS Level 1
Infrastructure:
- 99.9% uptime SLA
- DDoS protection
- Geo-redundancy
- Automatic failover
- EU data residency
4. Application Security
Input Validation & Sanitization
All user inputs are validated and sanitized to prevent injection attacks (SQL, XSS, CSRF)
Static & Dynamic Code Analysis
Automated security scanning with GitHub Advanced Security and SonarQube
Dependency Management
Automated vulnerability scanning with Dependabot; dependencies updated weekly
Rate Limiting & DDoS Protection
API rate limiting (100 req/min per IP) and Cloudflare DDoS mitigation
Comprehensive Logging
All API calls, authentication attempts, and price changes logged for audit trails
5. Data Protection & Privacy
🇪🇺 GDPR Compliance
Full compliance with EU General Data Protection Regulation (GDPR):
- Data Minimization: We collect only the data necessary to provide the service
- Purpose Limitation: Data used only for price synchronization and analytics
- Right to Access: Export your data anytime in machine-readable format
- Right to Erasure: Request complete data deletion within 30 days
- Data Portability: Download all your data in JSON/CSV format
- Breach Notification: 72-hour notification in case of data breach
- DPO Contact: Dedicated Data Protection Officer available
6. Backup & Disaster Recovery
💾 Automated Backups
- • Daily automated backups
- • 30-day retention period
- • Geo-redundant storage (3 copies)
- • Point-in-time recovery available
- • Encrypted with AES-256
🔄 Disaster Recovery
- • RTO: 4 hours (Recovery Time)
- • RPO: 1 hour (Data Loss Window)
- • Hot standby in secondary region
- • Tested monthly DR procedures
- • Business continuity plan
7. Monitoring & Incident Response
🚨 24/7 Security Monitoring
Real-time monitoring with Azure Security Center, automated alerts for suspicious activity, and immediate response protocols.
📊 Intrusion Detection
AI-powered threat detection with Azure Sentinel, behavioral analysis, and automated blocking of malicious IPs.
⚡ Incident Response Plan
Documented incident response procedures with defined escalation paths, containment strategies, and user notification protocols.
8. Third-Party Security
Vetted Service Providers
All third-party services undergo security review and are bound by Data Processing Agreements (DPAs):
Infrastructure:
- • Microsoft Azure (Hosting)
- • Vercel (Edge CDN)
- • Upstash (Redis Cache)
Services:
- • Amazon SP-API (Amazon)
- • Stripe (Payments)
- • SendGrid (Email)
All providers are SOC 2 Type II certified and GDPR compliant.
9. Security Testing
10. Your Security Responsibilities
To maintain security, you should:
- Use strong, unique passwords for your Amazon Seller account
- Enable Two-Factor Authentication (2FA) on Amazon Seller Central
- Regularly review OAuth authorizations in Amazon settings
- Verify product EAN/ASIN associations for accuracy
- Report suspicious activity immediately
- Keep your contact email secure and monitored
- Don't share your dashboard login credentials
11. Reporting Security Issues
🔒 Responsible Disclosure
If you discover a security vulnerability, please report it responsibly:
Security Team: security@caleffionline.it
PGP Key: Available on request
Response Time: 24 hours for critical issues
We appreciate responsible disclosure and will acknowledge security researchers in our hall of fame.
12. Security Certifications & Audits
SOC 2 Type II
Audited annually
ISO 27001
Information Security
GDPR
EU Compliant
Our security practices are continuously reviewed and improved to meet evolving threats and regulatory requirements.
Last security audit: January 2026 | Next audit: July 2026