Cookie Consent

We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience and analyse website traffic. By clicking 'Accept', you agree to our website's cookie use as described in our Privacy Policy and Google's Privacy Policy.

Data Policy

Introduction

Amzigo is committed to protecting the privacy, security, and integrity of all data we process, including Amazon data, Personally Identifiable Information (PII), and non-personal data. This Data Policy outlines how Amzigo collects, processes, stores, uses, and protects data, as well as how we manage and secure it internally to comply with all relevant laws, regulations, and agreements. It also demonstrates our adherence to Amazon’s Data Protection Policy (DPP), GDPR, and other applicable standards.

This policy applies to all systems that store, process, or otherwise handle data retrieved from the Amazon Services API and supplements the Amazon Solution Provider Agreement and Acceptable Use Policy.

1. Data Collection and Processing

1.1 Types of Data Collected

Amzigo processes the following types of data:

  • Amazon Information: Data retrieved via Amazon’s Selling Partner API, including sales orders, inventory, customer reviews, advertising data, and account-performance metrics.
  • Personally Identifiable Information (PII): Limited PII made available by Amazon solely on a must-have basis for select tax and merchant-fulfilled shipping purposes (e.g., buyer name and address required to fulfil orders or issue tax documentation).
  • Non-Personal Data: Data such as IP addresses, device information, browser type, and website analytics for improving the user experience.

1.2 Purpose of Data Processing

Data is used exclusively for:

  • Providing services such as sales analysis, review management, inventory tracking, and automated email campaigns.
  • Order management and fulfilment tracking.
  • User communication, updates, and transactional notifications.
  • Platform and product improvement.
  • Compliance with Amazon policies, tax regulations, and legal requirements.

1.3 Legal Basis for Processing

  • Contractual necessity to deliver services.
  • Legal obligation for regulatory compliance.
  • Legitimate interest for fraud prevention, platform improvement, and security.
  • Consent where explicitly required, such as for marketing communications.

2. Data Storage

2.1 Location of Data Storage

All data is stored in secure, cloud-based servers within ISO-certified data centres. These are geographically distributed for high availability and disaster recovery.

2.2 Retention Policy

PII is retained no longer than 30 days after order delivery unless a longer period is strictly required by law for tax or regulatory purposes.
Non-PII retrieved via the Amazon Services API is retained no longer than 18 months unless a longer period is legally required.
Automated deletion processes enforce retention limits.

3. Data Security

3.1 Data Protection Measures

Amzigo applies layered technical, administrative, and physical safeguards:

  • Encryption: Data in transit uses TLS 1.2+ (and message-level encryption where TLS terminates in untrusted multi-tenant hardware). Data at rest uses AES-256.
  • Network Protection: Firewalls, VPC segmentation, IDS/IPS monitoring, anti-virus updated at least monthly, and endpoint protection on all devices. Employees cannot disable these controls.
  • Access Control: Unique user IDs, no shared accounts, least-privilege permissions, quarterly access reviews, and removal within 24 hours of termination. Accounts lock after 10 or fewer failed logins.
  • Credential Management: Passwords ≥ 12 characters, mixed complexity, changed at least every 365 days, last 10 cannot repeat; MFA mandatory. API keys encrypted, access-restricted, and rotated at least annually. No hard-coded secrets or public repository exposure.
  • Secure Coding: Industry-standard secure-coding practices are followed and audited.
  • Training: All Approved Users complete annual data-protection and IT-security training.

3.2 Monitoring and Logging

Real-time logging and SIEM tools record all security-relevant events (access attempts, data changes, system errors) across APIs and dashboards. Logs are encrypted, access-controlled, retained ≥ 12 months, and reviewed in real time or bi-weekly. Automated alerts flag anomalous activity (multiple unauthorised calls, unusual data retrieval volumes, or dark-web exposure signals). Logs never store PII unless required by law.

3.3 Incident Response Plan

Amzigo maintains a documented risk management process reviewed annually. A Security Incident Response Plan defines roles, incident types, escalation paths, and an Incident Management Point of Contact. The plan is reviewed every six months and after major changes.
If a Security Incident occurs, Amzigo notifies Amazon at security@amazon.com within 24 hours, isolates affected systems, preserves evidence chain of custody, conducts root-cause analysis, implements remediation and corrective controls, and documents all actions. Amzigo will not communicate on Amazon’s behalf to any regulator unless specifically authorised in writing.

4. Internal Data Handling

4.1 Employee Access Management

All employees use unique credentials; access is granted on a need-to-know basis, reviewed quarterly, and revoked within 24 hours of departure or role change. Baseline mechanisms ensure only required accounts have access to Amazon Information.

4.2 Data Protection in Testing

Testing environments are segregated from production. Anonymised or dummy data is used where possible. PII and credentials are never hard-coded or stored in public repositories. All real PII used for testing is securely deleted after use.

4.3 Training and Awareness

Employees receive regular training on data protection, secure password practices, device usage, and incident reporting. Completion is mandatory annually for all Approved Users.

4.4 Compliance with Privacy and Data-Handling Policies

Amzigo maintains and follows a documented privacy and data-handling policy to ensure accountability and compliance with GDPR and Amazon’s Data Protection Policy.

4.5 Data Governance and Rights

A record of processing activities details PII fields, collection methods, processing purposes, storage, sharing, and disposal. Processes exist to comply with privacy laws and assist Authorized Users with data-subject requests (access, rectification, erasure, objection). Employee contracts include confidentiality clauses for PII processing.

5. Data Sharing and Disclosure

5.1 Third-Party Sharing

Amzigo shares data only with trusted service providers (e.g., hosting, payment processors) bound by confidentiality and data-processing agreements. All third parties undergo annual risk assessments and must maintain security standards equal to or stricter than Amzigo’s. PII transfers include contractual provisions that ensure a lawful basis for transfer under applicable laws.

5.2 Legal Disclosures

Data may be disclosed to comply with legal obligations (e.g., subpoenas, court orders) or to protect the rights and safety of Amzigo, its users, or the public.

5.3 Data Attribution

Amazon-sourced data is stored in a separate database or clearly tagged to identify its origin within any mixed datastore.

6. Data Disposal

6.1 Secure Deletion

Upon Amazon’s notice, Amzigo permanently and securely deletes Information within 30 days and removes all live instances within 90 days, unless retention is required by law. Non-PII from Amazon is deleted within 18 months unless longer retention is legally required. Deletion follows NIST 800-88 standards.

6.2 Certification

Upon request, Amzigo provides written certification confirming secure destruction of all data covered by this policy.

7. Updates to This Policy

This Data Policy is reviewed regularly and updated as regulatory or business requirements change. Material changes are dated and summarised in a change log, and users are notified via website or email.

8. Contact Us

For questions or concerns about this Data Policy or Amzigo’s data-handling practices, contact hello@amzigo.com.

Conclusion

Amzigo’s Data Policy reflects our commitment to transparency, compliance, and robust data security. By aligning with Amazon’s Data Protection Policy, GDPR, and industry best practices, Amzigo provides a secure, trustworthy platform that protects user information and maintains the highest standards of data integrity and privacy.

Start Your 30 Day Free Trial, No Credit Card Required

Start Trial

Launching this month

 

Meet Amzigo, the essential tool for Amazon sellers. Register now & gain early access to powerful features that make selling on Amazon easier & more effective. 

 

Be one of the first to experience Amzigo!

By submitting this form, you agree to our privacy policy.