Frequently asked questions
Secure & Compliance
Built to protect your data. We're fully compliant with Amazon's strict Data Protection Policies (DPP) for both the Amazon Selling Partner and Advertising APIs.
Data Protection & Privacy:
We strictly adhere to Amazon's Data Protection Policies, which supplement our own Privacy Policy and other agreements. We are transparent about what data we access and for what purpose.
We only request access to the information that is necessary for our tool's functionality.
We handle two main types of data:
Amazon Information: This includes any data exposed through Amazon's APIs.
Personally Identifiable Information (PII): A sensitive subset of Amazon Information, including a user's name, address, email, and payment details.
We retain Personally Identifiable Information (PII) for no longer than 30 days after an order has been delivered, as required by the Amazon Selling Partner API policy. This data is retained solely for the purposes of fulfilling orders, calculating taxes, and creating tax invoices.
When PII is no longer needed, it is permanently and securely deleted in accordance with industry-standard sanitization processes, such as NIST 800-88. For legally required tax data, we utilize encrypted cold storage to securely archive the information.
Security Measures:
Our infrastructure is designed with multiple layers of security to protect your data at all times.
All Amazon Information is encrypted when it traverses a network. We use secure protocols, including HTTPS with TLS 1.2+, for all external and internal communication channels.
All PII is encrypted when stored on our servers and databases using strong cryptographic standards, such as AES-128 or RSA-2048. We do not store PII on any personal devices or unsecured cloud applications.
Access to Amazon Information is strictly limited to authorized personnel on a "need-to-know" basis. Every person with access is assigned a unique ID, and we do not use any shared or generic accounts. We conduct regular quarterly reviews of all accounts to ensure access is promptly revoked when no longer necessary.
We have implemented network protection controls, such as firewalls, to restrict public access and deny access from unauthorized IP addresses.
Authentication & Authorization:
We never ask for or store your Amazon login credentials. Our authentication process is based on Amazon's official, secure OAuth 2.0 protocol via Login with Amazon (LWA).
When you grant our application permission, Amazon provides us with a secure token that allows us to make API calls on your behalf. This ensures that we can only act with your explicit, revocable consent. We use short-lived access tokens for API calls and long-lived refresh tokens to get new access tokens without requiring you to re-authorize the application.
Incident Response & Monitoring:
We have a formal incident response plan in place to address any potential security events. In the event of a security incident, we are required to notify Amazon's security team (via 3p-security@amazon.com) within 24 hours of discovery.
We use Amazon's own tools, such as the Selling Partner API Guard, to perform automated, self-service security assessments of our environment to identify and remediate potential vulnerabilities. This proactive approach helps us maintain continuous compliance and a high-security posture.
Compliance & Transparency:
Our website and application are designed to align with all applicable laws, including data privacy and data protection laws such as GDPR and CCPA. Our comprehensive Privacy Policy is available at [link to your Privacy Policy], which details how your data is collected, used, stored, and protected in compliance with these regulations. We are committed to providing honest and verifiable information, and we do not make false claims about our application's functionality or our partnership with Amazon.