https://digitallistingassistant.com
Security
Last updated: June 7, 2026
Security Model
Digital Listing Assistant is a private internal listing-production tool used only by Roger Mitchell / Motiontography for Roger's own Etsy shop. It is not a public seller app, is not offered for public registration, and is not a commercial service for other Etsy sellers. The app helps organize original digital artwork ideas, generate listing assets, validate digital-download readiness, and support draft-first Etsy workflows with manual review and confirmation gates.
- The public website is informational only.
- The actual tool is private/admin-only and not open for public registration.
- There is no public signup.
- Etsy OAuth is admin-only, scope-minimized, and server-side when enabled.
- OAuth tokens and refresh tokens are never exposed to the browser.
- No automatic Etsy activation, renewal, deletion, or unsafe listing changes.
- The app does not collect Etsy passwords.
- Production must use HTTPS.
- Use least-privilege API scopes.
- Use environment variables for secrets.
- Use admin allowlisting where supported.
- Redact tokens and member data from logs.
Secret Handling
Etsy API keys, shared secrets, OAuth tokens, and refresh tokens must be stored server-side only. Secrets must never be included in frontend code, static files, browser JavaScript, logs, GitHub, documentation examples with real values, or screenshots.
Etsy Access Boundaries
Digital Listing Assistant does not scrape Etsy, use browser automation to access Etsy, collect Etsy passwords, resell API access, or automate listing activation. Private shop data and listing-write workflows must use exact redirect URI matching, PKCE, strong state validation, encrypted server-side token storage, draft-first behavior, and the minimum Etsy-approved scopes.
Etsy Disclaimer
The term 'Etsy' is a trademark of Etsy, Inc. This Application uses Etsy's API, but is not endorsed or certified by Etsy.
Report a Concern
Security concerns should be sent to the monitored support email fstop@motiontography.com. The target response time is within 2 business days.