Effective date: June 24, 2026

Information Security Policy

This policy describes the baseline controls Mingxingwan uses when operating merchant-authorized TikTok Shop listing and catalog workflows.

Purpose and Scope

The policy applies to authorized operators, development devices, configuration files, logs, and tools used for TikTok Shop product listing and related full-service operations.

Data Handling Principles

Data minimization: only required operational data is accessed.
Purpose limitation: data is used only for authorized workflows.
Least privilege: access is limited to personnel with a business need.
No unauthorized sharing: merchant data is not sold or rented.
Limited retention: temporary files are removed when no longer needed.

Access Control

TikTok Shop Partner Center access, API credentials, authorization codes, and access tokens are restricted to authorized personnel. Access is removed when it is no longer required.

Credential Protection

API keys, application secrets, authorization codes, and access tokens are treated as confidential. They are not placed in public documents or public code repositories, and credentials are rotated if unauthorized access is suspected.

Network and Endpoint Security

Authorized devices use updated operating systems and browsers, password-protected accounts, host firewall controls, and antivirus or equivalent endpoint protection. API communication uses HTTPS/TLS.

Logging and Retention

Logs are used for troubleshooting and security review. Sensitive credentials should not be written into logs. Local working files and logs are retained only as long as reasonably needed.

Incident Response

If a suspected security incident occurs, we investigate promptly, contain the issue, rotate credentials where appropriate, review relevant records, assess potential impact, and notify affected parties or platforms when legally or contractually required.