Security & Incident Response Policy

1. Overview

Online Enablers Inc ("Company") is committed to protecting the security, confidentiality, and integrity of all client data, Amazon seller information, and proprietary business data entrusted to us. This policy applies to all employees, contractors, systems, and third-party integrations operating under the Online Enablers brand.

This policy satisfies Amazon Service Provider Network (SPN) security requirements and aligns with industry best practices for eCommerce account management agencies.

2. Organization Structure

Online Enablers Inc is a family-owned business incorporated in California. We do not share ownership, data, or operational control with parent companies, subsidiaries, or partner organizations.

Client data is never shared with third parties, outside organizations, or other clients. All data is used solely to manage the client's accounts on their behalf.

3. Data Protection Principles

Client account credentials and Amazon Seller Central access are stored encrypted and never shared externally.
We do not gather Amazon customer, product, or business information from non-Amazon sources.
All client data is stored on secured, access-controlled infrastructure hosted within the United States.
Access to client accounts is limited to authorized Online Enablers personnel on a need-to-know basis.
All personnel with access to client data are subject to confidentiality obligations.

4. Risk Assessment

Online Enablers maintains an ongoing risk assessment process covering:

Regular review of system access logs and authentication activity
Monitoring for unauthorized access attempts on all managed systems
Periodic review of third-party integrations and API access permissions
Assessment of potential threats to client data confidentiality and integrity
Annual review of this policy and all related security procedures

5. Incident Response Plan

In the event of a security incident involving client data, Amazon information, or company systems, Online Enablers follows this six-step response plan:

1

Detection Real-time automated monitoring flags unauthorized access or anomalous activity immediately. All alerts are reviewed by authorized personnel without delay.
2

Containment Affected systems are isolated immediately. All active sessions on compromised accounts are terminated and all credentials are rotated as a precautionary measure.
3

Assessment The scope of the incident, affected data, and point of entry are identified within 2 hours of initial detection. A written incident record is created.
4

Notification Amazon is notified at security@amazon.com within 24 hours of detection. Affected clients are notified promptly with a clear summary of what occurred and what actions were taken.
5

Remediation All identified vulnerabilities are patched. Access logs are reviewed in full. Security controls are updated to prevent recurrence. New credentials and access keys are issued where applicable.
6

Post-Incident Review A root cause analysis is completed within 7 days. Documented corrective actions are implemented and reviewed. Policy updates are made if required.

Notification to Amazon: Within 24 hours of detection, we will notify Amazon at security@amazon.com for any incident involving Amazon seller data or credentials.

6. Organizational Change Notification

Online Enablers Inc maintains a policy requiring notification to Amazon within 30 days of any significant organizational change, including:

Change in business ownership or corporate structure
Change in primary contact or account administrator
Significant changes to data handling practices or third-party integrations
Any merger, acquisition, or dissolution activity

7. Contact

For security-related inquiries, incident reports, or questions about this policy: