Back to Home

Information Security Framework

Baseline daily operational standards & data safety guidelines.

Security Verified

Last Updated: June 28, 2026 | Next Review Scheduled: December 2026

At drepx, data safety and operational security represent our foundational commitment. We establish and enforce a strict Information Security Framework (ISF) as the baseline for our daily operations, ensuring the secure handling of products, orders, inventories, and external store integrations. This framework is regularly reviewed and updated semi-annually to incorporate industry best practices and respond to evolving threats.

1. Operational & Synchronization Security

Daily operations rely on secure automation to manage inventory and pricing updates across selling channels. To protect our networks and maintain secure connections:

  • Secure Cloud Connections: All API communication with integrated selling channels (Shopify, eBay, etc.) and sourcing suppliers goes through encrypted gateways and secure partner APIs.
  • Automated Synchronization Pipelines: Automated background workers process inventory updates and order fulfillments using secure queues, isolating platform actions from public access.
  • Distributed Cloud Sync: To avoid single points of failure, updates are distributed across cloud infrastructure, keeping store data isolated, reliable, and encrypted.

2. Identity & Access Management (IAM)

Access to the Drepx operating platform is restricted based on least-privilege principles:

  • Password Cryptography: All user credentials are encrypted using industry-standard hashing functions (bcrypt with active work factors) before persistence.
  • Tokenized Authorization: Integration credentials (such as Shopify OAuth tokens and marketplace API keys) are stored encrypted at rest and never shared in raw format.
  • Session Security: Platform sessions automatically rotate and expire to prevent unauthorized endpoint access or session high-jacking.

3. Data Encryption & Financial Masking

Customer data and financial transaction metrics are safeguarded in transit and at rest:

  • Encryption Standards: Data in transit is enforced with TLS 1.3. Data at rest is encrypted in securely isolated databases using AES-256.
  • Dashboard Revenue Masking: Sensitive metrics (such as daily sales, net profit, and gross revenue numbers) can be dynamically masked on the dashboard and header panels to prevent shoulder-surfing and visual data leaks.
  • Secure Payments: Payment details are processed exclusively through certified PCI-DSS compliant gateways (Stripe), meaning credit card credentials never touch or rest on our servers.

4. Periodic Reviews & Quality Audits

Security policies are living standards that we continuously test and review to ensure compliance:

  • Framework Iteration: Our internal security controls and partner policies are audited and updated semi-annually.
  • Vulnerability Scans: Continuous dependency audits and vulnerability scans run against our repository dependencies to identify and hotfix security threats.
  • Security Escalation: In the event of potential anomalies, isolated logs are escalated to platform engineering team members immediately.

5. Endpoint Safety & Device Protection

To protect internal access networks, developer systems, and administrative consoles, we enforce strict endpoint security baselines:

  • Endpoint Threat Prevention: All company workstations and endpoint devices must install active anti-virus software or host intrusion prevention systems (HIPS) to protect against unauthorized code execution and malicious payloads.
  • Regular Audits & Device Scans: Scheduled full-system security scans and real-time background scans are executed regularly on all endpoint systems.
  • Policy Updates: Security policies and virus signature databases are updated automatically on a daily basis to guard against newly identified zero-day threats and system vulnerabilities.

6. Workplace Security Baseline

We adopt daily operational baseline standards across all organizational devices and team workplaces to safeguard client environments:

  • Centralized Policy Controls: Workplace safety settings are governed by central administration and domain control tools to verify active compliance protocols.
  • Active Password Complexity: Minimum standard requirements enforce upper/lower case letters, digits, special characters, and minimum length controls for all employee accounts.
  • Workstation Auto-Locking: All screens must automatically lock after a maximum of 15 minutes of inactivity to protect workstations against physical security risks.
  • Multi-Factor Authentication (MFA): MFA verification is strictly mandated for login access into administrative environments, repository tools, and service dashboards.
  • Clear-Desk Policy: Confidential documents, API credentials, and client information must be locked away securely, and workstations must be kept clear of sensitive physical information.

7. Trust & Transparency

If you require additional information regarding our security guidelines, need assistance with store integration credentials, or wish to report a security vulnerability, please contact our Information Security Officer at:

Email: [email protected]

Compliance Reference: DREPX-ISF-2026-v2