Privacy & Data Protection Policy

RETKEE TECH SERVICES ("we", "us", "our") provides analytical tools and automation services for Amazon Selling Partners. This Privacy Policy details how we collect, process, secure, and retain data obtained through the Amazon Selling Partner API ("SP-API"), strictly adhering to Amazon’s Acceptable Use Policy (AUP) and Data Protection Policy (DPP).

1. Information We Collect

Through our SP-API integration, we explicitly request access only to the data fundamentally required to compute the analytics offered by our solution. This data may encompass:

• Seller Metrics: Order volumes, sales trends, and catalog pricing data.
• Inventory Data: Stock levels, inbound shipment statuses, and fulfillable quantities.
• Financial Elements: Fees, margins, and settlement reports required for profitability analysis.

Note: We do not routinely request nor store Personally Identifiable Information (PII) of Amazon customers unless explicitly required for direct multi-channel fulfillment orchestration requested by the seller. Any incidental PII is tightly controlled and subject to strict data-lifecycle rules.

2. Data Security & Encryption

Security is the foundation of our architecture. As required by the Amazon SP-API DPP, we have implemented the following:

• Encryption at Rest & In Transit: All Amazon Information is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using industry-standard AES-256 encryption.
• Access Management: We utilize role-based access controls (RBAC) and the Principle of Least Privilege. Only authorized personnel required to maintain the system can access production environments.
• Vulnerability Management: We perform routine vulnerability scans, patch management, and strict separation of development and production subnets.

3. Data Retention and Deletion

We do not retain Amazon Information for longer than the maximum strictly necessary to provide the service.

• Seller analytical data is actively maintained only while the Seller maintains an active subscription with us.
• Upon termination of an account or termination of the authorization token via Seller Central, we initiate a cryptographic erasure of all associated Amazon Information within 30 days.
• We comply with all Amazon "Right to be Forgotten" mandates and continuously process PII deletion requests.

4. Incident Response

We maintain an active Security Incident Response Plan. In the event of a suspected or actual data breach impacting Amazon Information, we will notify Amazon (via 3p-security@amazon.com) within 24 hours and will actively cooperate with Amazon Security investigations without undue delay.

5. Acceptable Use Policy Compliance

We declare that our services are developed purely in support of Amazon Sellers. We do not use Amazon SP-API data to bypass Amazon policies, promote counterfeit goods, or manipulate reviews. Our application purely aggregates data to assist sellers in optimizing their active marketplace metrics.

6. Global Privacy Compliance (GDPR/CPRA)

We are fully compliant with global data privacy frameworks including the General Data Protection Regulation (GDPR) and the California Privacy Rights Act (CPRA). We afford you the right to access, rectify, or securely delete any analytical data stored on our servers.

7. Contact Information

For data privacy queries, data deletion requests, or security disclosures, please contact our assigned Data Protection Officer at: