AliTok Privacy and Compliance Overview

Data handling principles

• AliTok processes data only for seller-authorized workflows and platform operations.
• Access to tenant data is limited to authenticated users with the required workspace permissions.
• AliTok assists with data access, update, and deletion requests submitted through the support channel.
• At the end of a customer relationship, AliTok will delete or anonymize stored data within a reasonable period unless retention is legally required.

Data classification

AliTok classifies information according to operational sensitivity so the appropriate protections can be applied.

• Public: marketing pages and material intended for open publication.
• Internal: routine operational content that is not intended for public release.
• Confidential: account data, support records, and business information requiring restricted access.
• Restricted: seller-authorized marketplace data, credentials, secrets, and other sensitive integration data requiring the strongest controls.

Subprocessors and service providers

Request handling

AliTok accepts the following request types through the public contact channel and reviews them manually:

• Access or correction request
• Deletion request
• Seller data update assistance
• Security or privacy complaint

Requests are validated before action is taken, and AliTok will coordinate with connected platforms where a request involves synchronized marketplace data.

Current posture

• AliTok publishes a privacy policy, terms of service, and information security program.
• AliTok does not currently claim ISO 27001, ISO 27701, SOC 2 Type II, or similar certifications.
• AliTok does not currently list a formal Data Protection Officer role. Privacy and security requests are handled through the support channel.
• Material security and privacy commitments are documented publicly and supported by internal operating procedures.

Related resources