Data Protection Policy

SellerSync handles Amazon Selling Partner data, including buyer PII, in compliance with Amazon's Data Protection Policy (DPP) and Acceptable Use Policy (AUP).

Data we collect

Amazon order data, listings/inventory, settlement reports, financial events.
Restricted buyer PII (name, shipping address, buyer-anonymised email) only for orders the merchant chooses to route via SellerSync.
Merchant data: business name, Amazon seller ID, marketplace ID, Shopify domain, OAuth tokens (encrypted).

Storage & encryption

AES-256 at rest in PostgreSQL (Lovable Cloud / AWS ap-southeast-2 Sydney).
TLS 1.2+ in transit.
SP-API LWA, Shopify, and database/service credentials rotated at least quarterly and immediately on suspected compromise.

Retention

Buyer PII: deleted within 30 days after order delivery, unless law requires longer.
Non-PII Amazon data: ≤ 18 months unless law requires otherwise.
Security and audit logs: ≥ 12 months.

Cross-seller isolation

Per-merchant isolation enforced at the database level via PostgreSQL Row-Level Security. We do not combine one seller's Amazon data with another seller's data.

Authorisation

OAuth (Login with Amazon) only. We never request Seller Central usernames, passwords, or access keys.

Subprocessors

Lovable Cloud (AWS ap-southeast-2 / Sydney).
Amazon Web Services / SP-API.
Shopify (only for merchant-routed fulfilment).

Breach notification

Confirmed security incidents affecting Amazon Information are reported to the merchant and to security@amazon.com within 24 hours of detection.

Personnel & security practices

Least privilege; MFA required for engineering access.
Continuous dependency scanning and timely patching.
Annual independent security review (owner: Jared Sherwood, DPO).
Documented Incident Response Plan, reviewed annually (owner: Jared Sherwood).
Audit logging: access to Amazon Information is logged and retained for at least 12 months.

No PII for AI/model training

Buyer PII is never sent to third-party AI providers, used to train models, or processed by large language models.

Operated by Miles Kay Australia LTD, ABN 90 372 903 515, Australia. SellerSync.pro is an independent software application and is not endorsed by, sponsored by, or affiliated with Amazon. Support: support@sellersync.pro · Privacy / DPO (Jared Sherwood): privacy@sellersync.pro · Security incidents: security@sellersync.pro.

Home · Features · Pricing · About · Amazon data use · Data protection · Security · Privacy · Terms · Delete my data · Contact