Security & Vulnerability Disclosure

Reporting a Security Vulnerability

If you discover a security vulnerability or suspect unauthorized access to or misuse of Amazon Advertising data processed by our platform, please report it immediately.

Security contact: security@baoks.de

Please include:

• A description of the vulnerability or incident
• Steps to reproduce, if applicable
• Your contact information for follow-up

Our Response Process

1. We acknowledge receipt of all security reports within 24 hours.
2. We assess the severity and scope of the reported issue within 48 hours.
3. We work to resolve confirmed vulnerabilities as quickly as possible, prioritizing issues that affect the security or integrity of Amazon Advertising data.
4. If a confirmed incident involves the actual or suspected misuse of Amazon Data, we notify affected users and Amazon within 72 hours of confirmation.

Data Security Measures

• Amazon Ads API refresh tokens are encrypted at rest using AES-256-GCM.
• Access to Amazon Data is restricted on a need-to-know basis.
• We use only essential cookies for authentication and session management.
• Infrastructure is hosted on Vercel for the application layer and Supabase for the database layer with industry-standard security controls.
• We review access patterns, audit logs, and API usage to detect anomalies.

Scope

This policy covers all Amazon Advertising data processed through our bid optimization platform, including campaign data, keyword data, search term data, performance metrics, and other data obtained via the Amazon Ads API.