Introduction
This Data Handling & Privacy Policy outlines how EasyCentral collects, processes, stores, uses, shares, and disposes of Amazon Information as part of its integration with the Amazon SP-API. Our practices comply with applicable laws and Amazon's data protection requirements.
Data Collection
EasyCentral collects only the data necessary to provide its services, which include:
- Customer information: Name, shipping address, and billing address (FBM orders).
- Order details: Order IDs, product SKUs, quantities, and pricing.
- Inventory data: Stock levels and pricing for synchronization.
- Usage data: Logs for performance monitoring and security.
Data Processing
The collected data is processed strictly for the following purposes:
- Managing inventory, pricing, and order synchronization.
- Facilitating shipping processes for FBM and FBA sellers.
- Generating invoices to ensure accurate billing.
- Monitoring and improving system performance and security.
EasyCentral does not process Amazon Information for marketing, analytics, or other unauthorized purposes.
Data Storage and Retention
EasyCentral ensures that Amazon Information is stored securely:
- All data is encrypted at rest and in transit using industry-standard protocols.
- Data is stored in secure, access-controlled cloud environments located in AWS (Amazon Web Services) data centers.
- We use AES-256 encryption algorithms to protect Amazon Information at rest.
- Personal Data is retained only as long as necessary for order fulfillment, invoicing, or legal compliance.
- Once the retention period expires, data is securely deleted.
Data Backup and Archiving
EasyCentral takes weekly backups of Amazon Information, including both the database and codebase:
- Backups are securely handled and stored by our SysOps Engineer.
- We retain the last 6 backups in encrypted physical storage using AES-256 encryption algorithms to ensure data security.
- Backups are monitored to prevent unauthorized access and ensure integrity.
Data Sharing
Amazon Information is shared only when necessary and in compliance with Amazon policies:
- Authorized service providers: For logistics (e.g., shipping partners) and payment processing.
- Legal obligations: When required by law or regulatory authorities.
We do not sell, rent, or share Amazon Information with unauthorized third parties.
Data Disposal
When data is no longer needed, EasyCentral ensures:
- Secure deletion of digital data in compliance with industry standards.
- Physical destruction of storage devices, where applicable.
Security Controls
EasyCentral employs robust security measures to protect Amazon Information:
- Access controls: Role-Based Access Control (RBAC) to ensure only authorized personnel have access.
- Network protection: Firewalls, VPNs, and Intrusion Detection/Prevention Systems (IDS/IPS).
- Endpoint security: Company devices are secured with encryption and data loss prevention tools.
- Monitoring and alerts: Continuous activity monitoring and alert systems for anomalies.
Monitoring and Detection of Malicious Activity
EasyCentral uses advanced tools and platforms to monitor, detect, and log malicious activity within its applications:
- Sentry: For real-time application performance monitoring and error tracking.
- Kibana: To visualize, monitor, and analyze system logs and detect anomalies.
- Continuous experimentation with additional tools to enhance detection capabilities and optimize system security.
These tools ensure early detection of potential threats, enabling us to respond promptly and maintain system integrity.
Incident Response Plan
EasyCentral has a comprehensive incident response plan in place to address database hacks, unauthorized access, and data leaks. The steps include:
- Immediate identification and isolation of the affected systems to prevent further damage.
- Investigation of the breach using monitoring tools like Sentry and Kibana to identify the root cause.
- Notification to impacted parties and relevant authorities as required by law.
- Remediation of vulnerabilities, including patches and updates to affected systems.
- Enhancing security measures and conducting audits to prevent recurrence.
- All admin panels and user logins require two-factor authentication (2FA) via OTP to further secure access.
Our response plan ensures a swift, transparent, and effective resolution to protect data integrity and system security.
Password Management Practices
EasyCentral enforces the following password management practices:
- Passwords must include uppercase, lowercase, numbers, and special characters.
- Passwords are renewed every 3 months.
- Multi-factor authentication (2FA) is mandatory for critical systems.
These measures ensure robust access security and minimize unauthorized attempts.
Protection of PII During Testing
Personally Identifiable Information (PII) is protected during testing by encrypting all related data using the SHA-256 hashing algorithm. No real PII is exposed or used in testing environments.
Prevention of Credential Exposure
EasyCentral prevents credential exposure through the following measures:
- The entire system operates internally over AWS VPN to secure network communication.
- Role-based access controls (RBAC) limit credentials to authorized personnel only.
- Secrets and credentials are stored securely using encryption and environment variable management.
Remediation Tracking of Vulnerabilities
EasyCentral tracks the remediation progress of findings identified from vulnerability scans and penetration tests through a structured process:
- Identified vulnerabilities are logged and prioritized based on risk severity.
- A remediation plan is created with specific tasks and timelines.
- Progress is tracked using internal project management tools.
- Regular follow-ups are conducted to ensure timely resolution.
- Final verification tests are performed to confirm the effectiveness of remediation measures.
Code Vulnerabilities in Development and Runtime
EasyCentral addresses code vulnerabilities throughout the development lifecycle and during runtime through the following:
- All GitHub repositories have Renovate configured to automatically check for and update outdated dependencies.
- Code reviews are conducted to identify and mitigate vulnerabilities early in the development process.
- Runtime security tools are used to monitor application behavior and detect vulnerabilities during operation.
Compliance
EasyCentral adheres to the following regulations and standards:
- Amazon SP-API Data Protection Policies.
- General Data Protection Regulation (GDPR).
- California Consumer Privacy Act (CCPA).
Our policies are reviewed regularly to ensure compliance with updates in applicable laws and Amazon requirements.
Your Rights
Depending on your jurisdiction, you have the right to:
- Access your personal data.
- Request correction or deletion of your data.
- Object to or restrict data processing.
- Request data portability.
- Withdraw consent for data processing.
To exercise your rights, please contact us at:
Contact Us
If you have questions or concerns about this policy, contact: