SalesToAccounts

Security

Security posture is simple and explicit. This page is the public contact route for responsible disclosure and suspicious-message checks for SALES TO ACCOUNTS SOFTWARE LTD, company number SC881421. Registered in Scotland.

Responsible disclosure

Please report vulnerabilities to security@salestoaccounts.co.uk and include:

  • A clear description and reproducible steps
  • Endpoint or workflow affected
  • Proof-of-concept details where safe
  • Expected impact and any risk evidence

Please do not:

  • Run denial of service tests
  • Access data that is not yours
  • Expose customer data in reporting channels

We aim to acknowledge valid reports quickly and keep reporters updated.

Product security notes

  • Tenant isolation for each customer account.
  • Least-privilege access to eBay and Xero scopes.
  • Secret handling with rotation and secure storage controls.
  • Audit logging with correlation IDs for processing review.
  • Replay-safe write logic to reduce duplicate postings.

Email authenticity

  • SPF, DKIM and DMARC are published for our domain.
  • Verify sender domain as exactly @salestoaccounts.co.uk.
  • Report suspected impersonation to security@salestoaccounts.co.uk.