Cookie Consent

We use essential cookies to make our site work. With your consent, we may also use non-essential cookies to improve user experience and analyse website traffic. By clicking 'Accept', you agree to our website's cookie use as described in our Privacy Policy and Google's Privacy Policy.

Data Policy

Introduction

Amzigo is committed to protecting the privacy, security, and integrity of all data we process, including Amazon data, Personally Identifiable Information (PII), and non-personal data. This Data Policy outlines how Amzigo collects, processes, stores, uses, and protects data, as well as how we manage and secure it internally to comply with all relevant laws, regulations, and agreements. It also demonstrates our adherence to Amazon’s Data Protection Policy, GDPR, and other applicable standards.

1. Data Collection and Processing

1.1 Types of Data Collected

Amzigo processes the following types of data:

  • Amazon Information: Data retrieved via Amazon’s Selling Partner API, including sales orders, inventory, customer reviews, advertising data, and account performance metrics.
  • Personally Identifiable Information (PII): Limited PII, including buyer names, required for specific features like associating orders with buyers and improving customer segmentation.
  • Non-Personal Data: Data such as IP addresses, device information, browser type, and website analytics for improving the user experience.

1.2 Purpose of Data Processing

The data is used exclusively for:

  • Providing Services: Features like sales analysis, review management, inventory tracking, and automated email campaigns.
  • Order Management: Associating orders with buyers and tracking fulfillment.
  • User Communication: Sending updates, notifications, and transactional messages.
  • Product Improvement: Enhancing platform features based on user interaction data.
  • Compliance: Ensuring adherence to Amazon policies, tax regulations, and legal requirements.

1.3 Legal Basis for Data Processing

Amzigo processes data under the following legal bases:

  • Contractual Necessity: To deliver services to our users.
  • Legal Obligation: Compliance with applicable laws and regulations.
  • Legitimate Interest: For fraud prevention, platform improvement, and ensuring security.
  • Consent: Where explicit consent is required, such as for marketing communications.

2. Data Storage

2.1 Location of Data Storage

  • All data is stored in secure, cloud-based servers located within ISO-certified data centers. These servers are geographically distributed to ensure high availability and disaster recovery capabilities.

2.2 Retention Policy

  • PII is retained for no longer than 30 days after order delivery unless required for legal or regulatory compliance.
  • Non-PII is retained for analysis and system improvement, with anonymization applied where applicable.
  • Data retention periods are monitored and enforced through automated deletion processes.

3. Data Security

3.1 Data Protection Measures

Amzigo implements multiple layers of security to protect data:

  • Encryption:
    • Data in transit is encrypted using TLS 1.2+.
    • Data at rest is encrypted using AES-256, a robust encryption standard.
  • Access Control:
    • Role-based access control (RBAC) ensures only authorized personnel access sensitive data.
    • Multi-factor authentication (MFA) is mandatory for all accounts accessing PII or Amazon Information.
  • Network Security:
    • Firewalls, Virtual Private Cloud (VPC) configurations, and intrusion detection systems are in place to protect against unauthorized access.
    • Endpoint protection tools prevent access from unauthorized devices.
  • Credential Management:
    • Credentials are stored securely in encrypted secrets managers or environment variables.
    • Regular audits and rotation policies are enforced to mitigate risks.

3.2 Monitoring and Logging

  • Real-time logging and Security Information and Event Management (SIEM) tools are used to monitor activities such as login attempts, API calls, and data transfer volumes.
  • Logs are encrypted, access-controlled, and reviewed bi-weekly to detect and respond to potential threats.

3.3 Incident Response Plan

Amzigo’s incident response plan includes:

  • Immediate containment and isolation of affected systems.
  • Notification of relevant stakeholders, including Amazon (within 24 hours), and regulatory bodies, if required.
  • Root cause analysis, system patching, and restoration from encrypted backups.
  • Documentation of incidents and implementation of corrective actions to prevent recurrence.

4. Internal Data Handling

4.1 Employee Access Management

  • All employees are assigned unique user IDs for accessing data.
  • Access is granted on a need-to-know basis, aligned with job responsibilities.
  • Permissions are reviewed quarterly, and access is revoked immediately upon termination or role changes.

4.2 Data Protection in Testing

  • Testing environments are segregated from production systems.
  • Anonymized or dummy data is used wherever possible.
  • Access to testing environments is restricted to authorized personnel, and all real PII used for testing is securely deleted post-testing.

4.3 Training and Awareness

  • Employees undergo regular training on data protection and IT security awareness.
  • Policies for secure password management, device usage, and data handling are reinforced through periodic audits.

4.4 Compliance with Privacy and Data-Handling Policies

  • Amzigo maintains and abides by a documented privacy and data-handling policy, ensuring accountability and compliance with GDPR and Amazon’s Data Protection Policy.

5. Data Sharing and Disclosure

5.1 Third-Party Sharing

  • Amzigo does not share data with third parties except for trusted service providers bound by confidentiality agreements. Examples include payment processors and hosting providers.
  • No data is sold, aggregated, or shared beyond the purposes outlined in this policy.

5.2 Legal Disclosures

  • Data may be disclosed in response to legal requests, such as subpoenas or court orders, or to protect the rights and safety of Amzigo, its users, or the public.

6. Data Disposal

6.1 Secure Deletion

  • Data is securely deleted after its retention period using industry-standard sanitization methods (e.g., NIST 800-88 guidelines).
  • All live instances of data are deleted within 90 days of a deletion request.

6.2 Certification

  • Upon request, Amzigo will provide a written certification confirming that all data has been securely destroyed.

7. Updates to This Policy

This Data Policy is subject to periodic updates to reflect changes in regulatory requirements or business practices. Users will be notified of significant changes via the Amzigo website or email. The latest version will always be available on our website.

8. Contact Us

If you have questions or concerns about this Data Policy or how your data is handled, please contact us at hello@amzigo.com.

Conclusion

Amzigo’s Data Policy reflects our commitment to transparency, compliance, and robust data security. By adhering to Amazon’s Data Protection Policy, GDPR, and industry best practices, we aim to provide a secure and trusted platform for our users while maintaining the highest standards of data integrity and privacy.

Start Your 14 Day Free Trial, No Credit Card Required

Register now