Compliance

Data Handling and Account Access Policy

How we request access to your Amazon account, what data we touch, and how we protect it. We operate on a least-privilege basis and keep our footprint as small as the work allows.

Last updated: June 2026

Account access, least privilege

We request only the Seller Central permissions required for the scope of work agreed in writing, and nothing more. Where a task can be completed with a lower-privilege role, we use the lower role. We do not request Admin or owner access by default. Access is granted by you through Seller Central User Permissions and can be revoked by you at any time.

• Roles are scoped to the engagement (for example, campaign edit, listing edit, case-log access).
• We request additional permissions only when a specific task requires them, and we explain why.
• We do not share your login credentials and we never ask you to email a password. Access is granted through Amazon’s permission tools.
• When an engagement ends, we ask you to remove our access, and we confirm removal.

Customer personal data (PII)

We do not request or store customer personal data unless it is required to resolve a specific support case (for example, a buyer-message or order-defect investigation). When PII is unavoidable for a case, we handle it inside Amazon’s tools wherever possible, use it only for that case, and do not export it to personal devices or third-party tools.

Data we do work with

Most of our work involves business performance data: advertising reports, listing content, catalog data, account-health metrics, and sales and traffic reports. We use this data solely to perform the agreed services and to report back to you.

Storage and security

• Files and reports are kept in access-controlled storage limited to the team members working on your account.
• Accounts use strong, unique passwords and two-step verification where available.
• We do not store customer PII in spreadsheets, shared drives, or messaging tools.

Data retention

We retain working files and reports only for as long as needed to deliver the engagement and for a reasonable reference period afterward. On written request, we will delete the materials we hold about your account, except where we are required to retain records for legal or accounting purposes.

We do not sell or share your data

We do not sell, rent, or share your account data or customer data with third parties for their own use. Any tools we use to perform the work are bound by their own data-processing terms and are used only to deliver your services.

Incident response

If we become aware of a security incident affecting your account or data, we will notify you promptly with what we know and the steps being taken. Report a concern at any time: [email protected].

Compliance with Amazon policies

We follow Amazon’s Seller and Service Provider policies, including the Acceptable Use and data-protection requirements. We do not engage in practices that violate Amazon policy, and we will decline work that would require us to.