Loading...
Warehouse Bridge Warehouse Bridge

Information Security Policy

Last Updated: December 17, 2025

1. Introduction

Warehouse Bridge, a trading style of Flag Eagle LLC ("we," "us," or "our"), is committed to protecting the confidentiality, integrity, and availability of our systems and the data entrusted to us by our customers. This Information Security Policy outlines our approach to information security and the measures we implement to safeguard data.

Company Information:

  • Operating Name: Warehouse Bridge
  • Legal Entity: Flag Eagle LLC
  • Contact Email: steven@dataface.uk
  • Website: warehousebridge.com

2. Scope

This policy applies to:

  • All Warehouse Bridge systems, applications, and infrastructure
  • All employees, contractors, and third parties with access to our systems
  • All customer data processed through our platform
  • All integrations with third-party platforms including TikTok Shop, Shopify, Amazon, Etsy, WooCommerce, BigCommerce, and 3PL providers

3. Information Security Objectives

Our security program is designed to:

  • Protect customer and business data from unauthorized access, disclosure, or modification
  • Ensure the availability and reliability of our services
  • Comply with applicable laws, regulations, and contractual obligations
  • Maintain customer trust through transparent security practices
  • Continuously improve our security posture

4. Access Control

4.1 Authentication

  • Multi-factor authentication (MFA) is required for all administrative access
  • Strong password policies are enforced across all systems
  • API authentication uses secure token-based mechanisms
  • Session management includes automatic timeout and secure token handling

4.2 Authorization

  • Role-based access control (RBAC) limits access to the minimum necessary
  • Access permissions are reviewed regularly
  • Privileged access is strictly controlled and monitored
  • Third-party access is limited and time-bound

4.3 Account Management

  • User accounts are promptly disabled upon termination
  • Shared accounts are prohibited
  • Service accounts use unique credentials with limited permissions

5. Data Security

5.1 Data Classification

We classify data based on sensitivity:

  • Confidential: Customer credentials, API keys, payment information
  • Internal: Business operations data, system configurations
  • Public: Marketing materials, public documentation

5.2 Encryption

  • Data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 or equivalent
  • Encryption keys are managed securely with regular rotation
  • Database connections use encrypted channels

5.3 Data Handling

  • Customer data is processed only as necessary to provide services
  • Data minimization principles are applied
  • Secure deletion procedures are followed when data is no longer needed
  • Data backups are encrypted and stored securely

6. Network Security

6.1 Infrastructure Protection

  • Firewalls protect network boundaries
  • Intrusion detection and prevention systems monitor for threats
  • Network segmentation isolates sensitive systems
  • Regular vulnerability scanning is performed

6.2 Cloud Security

  • Cloud infrastructure is configured following security best practices
  • Security groups and access controls limit network exposure
  • Cloud provider security features are utilized
  • Infrastructure changes follow change management procedures

7. Application Security

7.1 Secure Development

  • Security is integrated into the software development lifecycle
  • Code reviews include security considerations
  • Dependencies are monitored for known vulnerabilities
  • Security testing is performed before releases

7.2 API Security

  • API endpoints are authenticated and authorized
  • Rate limiting prevents abuse
  • Input validation protects against injection attacks
  • API activity is logged and monitored

8. Third-Party Security

8.1 Vendor Assessment

  • Third-party vendors are assessed for security practices
  • Contracts include security and data protection requirements
  • Vendor access is limited to necessary systems and data

8.2 Integration Security

  • Integrations with TikTok Shop, Shopify, Amazon, Etsy, WooCommerce, BigCommerce, and other platforms follow their security requirements
  • OAuth and secure token exchange mechanisms are used
  • Integration credentials are stored securely
  • Data exchanged with third parties is protected in transit

9. Incident Response

9.1 Incident Management

  • Security incidents are promptly identified and assessed
  • An incident response plan guides our response activities
  • Incidents are documented and investigated
  • Lessons learned are incorporated into security improvements

9.2 Breach Notification

  • Affected parties are notified of security breaches as required by law
  • Regulatory authorities are notified where required
  • Notification timelines comply with applicable regulations

9.3 Contact for Security Concerns

For security-related inquiries or to report a security concern: Email: steven@dataface.uk

10. Business Continuity

10.1 Availability

  • Systems are designed for high availability
  • Regular backups protect against data loss
  • Disaster recovery procedures are documented
  • Recovery capabilities are tested periodically

10.2 Resilience

  • Critical systems have redundancy
  • Failover mechanisms minimize service disruption
  • Recovery time objectives are defined for critical services

11. Personnel Security

11.1 Employee Security

  • Employees receive security awareness training
  • Security responsibilities are communicated
  • Confidentiality obligations are established
  • Access is revoked promptly upon separation

11.2 Acceptable Use

  • Acceptable use policies govern system and data access
  • Personal use of company systems is restricted
  • Security policies are acknowledged by all personnel

12. Physical Security

  • Data center facilities have physical access controls
  • Cloud infrastructure providers maintain physical security certifications
  • Office facilities have appropriate access controls

13. Compliance

13.1 Regulatory Compliance

We maintain compliance with applicable regulations including:

  • California Consumer Privacy Act (CCPA)
  • General Data Protection Regulation (GDPR) for EU data subjects
  • Other applicable data protection laws

13.2 Platform Compliance

We comply with security requirements of integrated platforms:

  • TikTok Developer Guidelines and Data Sharing Agreement
  • Shopify API Terms and Partner Requirements
  • Amazon Marketplace Developer Agreement
  • Other platform-specific security requirements

14. Policy Management

14.1 Review and Updates

  • This policy is reviewed and updated annually
  • Updates reflect changes in threats, technology, and regulations
  • Material changes are communicated to relevant stakeholders

14.2 Exceptions

  • Policy exceptions require documented approval
  • Exceptions are time-limited and reviewed regularly

15. Governance

15.1 Responsibility

Overall responsibility for information security rests with company leadership. Day-to-day security operations are managed by designated personnel.

15.2 Data Protection Officer

Data Protection Officer: Steven Sharp Email: steven@dataface.uk

16. Contact Information

For questions about this Information Security Policy:

Email: steven@dataface.uk Website: warehousebridge.com

Top