How we secure your Shop data.
Foregrade connects to your TikTok Shop with read-only OAuth and encrypts everything it syncs. Here's the detail a serious buyer needs before connecting.
OAuth scopes we request
Read-only access to the minimum endpoints needed to compute profit and return lifecycle. We never request write access to inventory, listings, or pricing. When TikTok deprecates a scope, we re-authorize with the replacement and surface the new consent prompt.
- orders.read — per-order revenue + fee breakdown used for profit calculation
- returns.read — return status + deadlines for the auto-approval alerting
- products.read — SKU metadata for COGS attribution
- finance.read — settlement + payout feed for the Cash Flow page
You can revoke these at any time from TikTok Seller Center → Apps. Doing so freezes your dashboard at its last sync and stops future imports within seconds.
Encryption
- In transit: TLS 1.2+ everywhere, HSTS preloaded on foregrade.io. No mixed-content.
- At rest: AES-256-GCM on every row. OAuth access/refresh tokens are encrypted with a key held in hosting-provider env vars, never written to database in plaintext.
- Sessions: iron-session cookies sealed with AEAD, httpOnly, SameSite=lax, 7-day inactivity timeout plus 30-day hard cap.
Data isolation
Every query is scoped by user_id at the database layer. There is no shared-table pattern where a missing clause could leak another seller's rows — every read is pre-filtered, every write is pre-authorized against the session user. A bug that forgot the filter would surface as an empty result set, not cross-tenant exposure.
Deletion SLA
You can delete your account from Settings → Security. We revoke the TikTok OAuth grant immediately, purge your orders / returns / products / buyers tables within 24 hours, and expunge encrypted backups on a 30-day rolling window. A deletion confirmation email goes out the moment the primary purge completes — not after the backup expiry.
Subprocessors
Every service that processes your data on our behalf. No marketing pixels, no analytics sold to third parties, no advertising cookies.
| Vendor | Purpose | Region |
|---|---|---|
| Supabase | Primary database (Postgres) and auth helpers | EU (eu-west-2 / London) |
| Railway | App hosting, Nixpacks build runtime, asset delivery | EU (Amsterdam) |
| Stripe | Billing, invoices, payment processing | EU + US |
| Resend | Transactional email delivery | EU + US |
| Upstash Redis | Rate limiting, session revocation flags, cache | EU (eu-west-2) |
| Sentry | Server-side error monitoring (always on); client-side replay/perf opt-in via cookie consent | EU + US |
| Cloudflare | DNS, edge TLS, basic DDoS / bot mitigation. Request metadata only — not used for caching responses with PII. | Global edge |
We notify you before adding or changing a subprocessor. New vendors with access to seller data require an SOC 2 Type II or equivalent third-party attestation.
Data controller & GDPR representatives
Controller: Foregrade, MB — a private limited company registered in Lithuania (EU) — is the data controller for UK sellers using the Service.
UK GDPR Art. 27 representative: Required before accepting UK personal data. Appointment is being finalised ahead of UK TikTok Shop App Store launch. Placeholder until appointed: [to be listed]. UK data subjects can reach the representative in parallel with contacting us directly at privacy@foregrade.io.
EU GDPR representative: Not required — the controller is itself EU-established (LT).
Responsible disclosure
Found a vulnerability? Email security@foregrade.io with a description and reproduction steps. We acknowledge within 48 hours and aim to resolve high-severity reports within 14 days. No public disclosure until the issue is patched, please.
Questions, compliance review, or procurement docs? Contact us.