EcoTraceITITEN

Security and incident response

EcoTraceIT applies technical and organisational controls proportionate to its minimised data set.

Last updated: 13 July 2026

Privacy policyTerms of serviceData Processing Addendum (DPA)SubprocessorsSecurity and incident responseEcoTraceIT support

Controls

  • TLS in transit and provider-managed protection at rest.
  • Secrets stored in a secret manager and never committed.
  • Least privilege, Shopify session tokens and webhook HMAC validation.
  • Structured logs without direct customer data, dependency checks and managed backups.
  • Separate environments and credentials where applicable; test data is not used commercially.

Incident handling

Report vulnerabilities to mikforlani@gmail.com with subject SECURITY. We acknowledge, contain, assess impact and root cause, recover safely, and notify merchants, Shopify and authorities within applicable deadlines. Please coordinate disclosure until remediation is available.

© 2026 EcoTraceIT · servizi alle PMI · mikforlani@gmail.com