Security and Data Protection
CanonicalPurpose
Marketplace handles sensitive commerce data, wallet interactions, payments, orders, seller profiles, course access, digital delivery, and dispute evidence.
Security Scope
Scope includes wallet connection, crypto payments, payment gateways if any, order records, seller payout data, digital asset delivery, course access, subscription access, dispute evidence, profile data, fraud detection, admin tools, API permissions, and webhook integrity if gateways are used.
Controls
Controls include transaction previews, network checks, address verification, approval warnings, payment reconciliation, duplicate payment detection, role-based access, seller and support limits, buyer access control, sensitive data minimization, protected dispute evidence, retention policy, secure delivery links, and fraud monitoring.
Incident Types
Incident types include payment mismatch, unauthorized access, data exposure, fake seller or listing, malicious digital asset, and smart contract or wallet issue.
User Responsibilities
Users should verify wallet transactions, listing details, seller status, payment asset, network, and refund terms before confirming a purchase.
