Amazon Selling Partner Data Handling Policy

Effective date: November 04, 2025

Scope

This policy specifically governs Amazon Information obtained via the SP-API. It supplements our general Privacy Policy.

1. Definitions

Amazon Information: Data obtained via SP-API.
PII: Personally Identifiable Information (Buyer name, address, etc.).
RDT: Restricted Data Token.

2. Data Retention & Deletion

PII: Deleted or anonymized 30 days after order shipment.
Non-PII: Retained per operational needs.
Archival: Cold storage is encrypted and follows the same deletion schedule.

3. Encryption & Security

All Amazon Information is encrypted at rest using AES-256 (via AWS KMS) and in transit using TLS 1.2+. Access requires MFA and is restricted based on the Principle of Least Privilege.

4. Incident Response

In the event of a security incident involving Amazon Information, we will notify Amazon at security@amazon.com within 24 hours of detection, consistent with Amazon's Data Protection Policy.

5. Contact

For Amazon-data specific inquiries: security@shippinglot.com.