PRIVACY POLICY

Home || PRIVACY POLICY

This Privacy Policy governs the manner in which ASINsell collects, uses, maintains and discloses information collected from users (each, a "User") of the (https://asinsell.com) website ("Site").

Personal identification information

We may collect personal identification information (Google Id, Google Email, Amazon Email, Amazon Id, Amazon Store Name, Amazon Products, Amazon Orders, Amazon Reports, Register Time, and Last Usage Time) from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Web browser cookies

Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information

ASINsell may collect and use Users personal information for the following purposes:

  • To run and operate our Site
    We may need your information display content on the Site correctly.
  • To improve customer service
    Information you provide helps us respond to your customer service requests and support needs more efficiently.
  • To personalize user experience
    We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
  • To improve our Site
    We may use feedback you provide to improve our products and services.
  • To run a promotion, contest, survey or other Site feature
    To send Users information they agreed to receive about topics we think will be of interest to them.
  • To send periodic emails
    We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Information Classification and Handling

The purpose of this section is to explain how ASINsell classifies and handles the information it processes, including Amazon data and other personal information, so that it is protected throughout its lifecycle in accordance with legal, regulatory and contractual requirements (including Amazon Selling Partner API data protection requirements).

Scope

This classification and handling approach applies to all information collected, processed, stored or transmitted by ASINsell systems and services, to all ASINsell employees and contractors, and to any third parties who have authorized access to ASINsell information or Amazon data.

Information classification levels

All information handled by ASINsell is assigned to one of the following classes:

  • Public – Information that is intended for public disclosure and may be freely shared without prior authorization (for example, marketing materials and content on the public website).
  • Internal – Information intended for internal use within ASINsell that is not meant for public distribution but whose unauthorized disclosure would have limited impact (for example, internal procedures and non-sensitive business metrics).
  • Confidential – Information whose unauthorized disclosure could cause significant harm to ASINsell, its customers or partners (for example, customer account details, non-public financial information and security documentation).
  • Amazon Confidential (Highest Level) – All data obtained via Amazon Selling Partner API (SP-API) and any data derived from it that contains or may contain Amazon customer or seller information or sensitive business data (for example, Amazon seller identifiers, Amazon account email addresses, Amazon store information, order and report data). Unless explicitly stated otherwise, all Amazon data is treated as Amazon Confidential and receives the highest level of protection.

Handling requirements

  • Public – May be stored, transmitted and shared without special restrictions, but is still protected against unauthorized modification or deletion.
  • Internal – May be shared only within ASINsell or with authorized third parties who have a legitimate business need and must be stored in systems protected by access controls.
  • Confidential – Access is limited to authorized personnel with a business need-to-know, must be stored in secure systems protected by strong authentication and access control, and must be transmitted only over encrypted channels such as HTTPS/TLS, SSH or VPN.
  • Amazon Confidential – In addition to all requirements for Confidential information:
    • Access is strictly limited to authorized services and personnel required to operate or support the ASINsell Services and is protected by strong authentication, including multi-factor authentication where applicable.
    • Amazon data is stored only in ASINsell-approved production databases and backups located in secure environments and is always transmitted over encrypted channels.
    • Amazon data is used solely to provide and improve ASINsell Services to the seller who authorized access and is not sold, rented or shared with third parties for unrelated purposes.
    • Any local or temporary copies of Amazon data created for support or maintenance are minimized, protected and deleted as soon as they are no longer needed.

Retention and disposal

Information is retained only for as long as necessary to provide the Services, to comply with legal obligations or as otherwise described in this Privacy Policy. When information is no longer needed, it is securely deleted or anonymized. Amazon data is retained and deleted in accordance with Amazon's data retention and deletion requirements and internal ASINsell schedules.

Incident reporting

Any suspected or actual loss, unauthorized disclosure or misuse of information – especially Amazon Confidential data – is reported promptly to the appropriate ASINsell contact and handled in accordance with our incident response procedures, which may include notifications to Amazon and affected users where required.

Mobile Device Policy

This Mobile Device Policy defines how mobile phones, tablets, laptops and other portable devices (collectively, “mobile devices”) may be used to access ASINsell systems and data, including Amazon data, in order to reduce the risk of loss, theft or unauthorized disclosure.

Scope

This policy applies to all ASINsell employees, contractors and other authorized users who access ASINsell systems or Amazon data using any mobile device, whether the device is owned by ASINsell or personally owned (bring your own device – BYOD).

Authorized use of mobile devices

  • Mobile devices may be used to access ASINsell email, internal tools and management consoles only if they are configured in accordance with this policy and any additional internal security requirements.
  • Access to production systems or Amazon data from a mobile device is permitted only where necessary for business purposes (for example, on-call support) and must always use secure connections (such as HTTPS/TLS or VPN) and strong authentication.
  • Mobile devices must not be shared with unauthorized individuals, including family members or friends, while logged into ASINsell accounts or systems.

Security configuration requirements

  • Devices must be protected with a strong screen lock (PIN, password, biometric or equivalent) and set to automatically lock after a short period of inactivity.
  • The operating system and applications must be kept up to date with the latest security patches and updates.
  • A supported anti-virus / anti-malware solution or built-in protection must be enabled where available.
  • Where technically feasible, device encryption must be enabled to protect data stored on the device.
  • Mobile devices used for administrative or remote access must use multi-factor authentication (MFA) where supported by the relevant ASINsell or cloud services.

Handling of Amazon data on mobile devices

  • Amazon data (classified as Amazon Confidential) should be accessed from mobile devices only when strictly necessary and through secure applications or browser sessions using HTTPS/TLS.
  • Users must avoid downloading or permanently storing Amazon data on mobile devices whenever possible. If temporary files are created (for example, cached documents or screenshots), they must be deleted as soon as they are no longer needed.
  • Amazon data must never be copied to unsecured applications, personal cloud storage, messaging apps or social media platforms.
  • Email attachments or exports that contain Amazon data must be handled according to the Information Classification and Handling section of this Privacy Policy and any internal security procedures.

Prohibited activities

  • Installing or using unauthorized or pirated software on devices that access ASINsell systems or Amazon data.
  • Bypassing security controls such as screen lock, encryption, malware protection or mobile device management (MDM) profiles where they are required.
  • Jailbreaking, rooting or otherwise altering the device in a way that weakens its security protections.

Lost, stolen or compromised devices

  • Users must promptly report any lost, stolen or suspected compromised device that has access to ASINsell accounts or Amazon data to the appropriate ASINsell contact or support channel.
  • ASINsell may remotely revoke access, change credentials, or wipe corporate data from the affected device where technically possible.
  • Following an incident, access will be restored only after the device has been secured or replaced and any required investigation steps have been completed.

Monitoring and compliance

ASINsell may implement technical controls (such as access logs, mobile device management and security monitoring) to verify compliance with this Mobile Device Policy and to protect its systems and Amazon data. Failure to comply with this policy may result in removal of mobile access privileges and, where applicable, further disciplinary or contractual action.

Software and Hardware Asset / Inventory Management

This section describes how ASINsell manages its physical and virtual assets, including servers, network equipment, workstations, mobile devices and cloud resources, in order to ensure that all components which store or process information (including Amazon data) are known, tracked and appropriately protected.

Scope

This policy applies to all hardware and software assets used to provide or administer the ASINsell Services, including but not limited to on-premise equipment, cloud-hosted servers, virtual machines, containers, databases, networking components, operating systems, applications and administrative tools.

Asset inventory

  • ASINsell maintains an inventory of relevant hardware and software assets that support the production environment and internal operations.
  • The inventory includes, where applicable, information such as asset type, unique identifier, purpose, location (physical or logical), environment (production, staging, development), owner and whether the asset stores or processes Amazon data.
  • The inventory is reviewed and updated periodically and whenever significant changes are made to the infrastructure (for example, deployment of new servers, services or cloud resources).

Asset ownership and responsibility

  • Each asset or asset group has an assigned owner responsible for its correct usage, security configuration and ongoing maintenance.
  • Asset owners ensure that only authorized users and services have access to their assets and that such access is granted according to the principle of least privilege.

Hardware assets (physical devices)

  • Servers, workstations, laptops, networking equipment and other critical devices are recorded in the asset inventory with their location and configuration details.
  • Devices used to administer production systems or access Amazon data must follow applicable security requirements, including operating system updates, malware protection, encryption (where feasible) and strong authentication.
  • When hardware is repaired, reassigned or decommissioned, any storage media that may contain personal information or Amazon data is securely wiped or physically destroyed in accordance with our data disposal practices.

Virtual and cloud assets

  • Virtual machines, containers, databases, storage volumes and other cloud resources are provisioned through controlled processes and recorded in the inventory with environment, region and purpose.
  • Assets that store or process Amazon data are clearly identified and configured with appropriate security controls (for example, network restrictions, access control, encryption in transit and, where applicable, encryption at rest).
  • Default or unnecessary services on virtual assets are disabled and baseline security configurations are applied before deployment into production.

Software assets

  • Operating systems, application software, frameworks, libraries and administrative tools used in production are managed through version control and/or configuration management processes.
  • Only authorized and licensed software is installed on ASINsell systems. The use of unauthorized or pirated software is prohibited.
  • Software updates and security patches are applied in a timely manner, especially for components exposed to the Internet or used to process Amazon data.

Lifecycle management

  • Assets are managed throughout their lifecycle, including planning, acquisition, deployment, maintenance and decommissioning.
  • When assets that store or process personal information or Amazon data reach end of life or are no longer needed, they are removed from service in a controlled manner and all associated data is securely deleted or transferred in accordance with our data retention and disposal practices.

Monitoring and review

  • Asset records and configurations are reviewed periodically to ensure that they remain accurate and aligned with security requirements.
  • Logs, alerts and monitoring tools are used to help detect unauthorized changes or anomalous activity related to critical assets, particularly those handling Amazon data.

By maintaining an accurate inventory and applying appropriate controls to hardware and software assets, ASINsell helps ensure that systems storing or processing personal information and Amazon data are properly managed and protected.

Anti-virus and Malware Controls

This section describes how ASINsell uses anti-virus and anti-malware controls to help protect its systems and data, including Amazon data, against malicious software, unauthorized code and other security threats.

Scope

These controls apply to servers, workstations and other systems that are used to provide or administer the ASINsell Services, especially those that store or process personal information or Amazon data obtained through the Amazon Selling Partner API (SP-API).

Malware protection

  • Where technically appropriate, ASINsell systems are protected by anti-virus / anti-malware solutions or built-in operating system protections that are configured to detect and block known malicious code.
  • Real-time protection is enabled on supported systems to scan files and processes at the time of access, execution or download.
  • Security tools and operating systems are configured, where feasible, to prevent the execution of unauthorized or potentially dangerous code.

Updates and signatures

  • Anti-virus / anti-malware software and signature databases are kept up to date in accordance with vendor recommendations, typically via automatic updates.
  • Operating system and application security patches are applied in a timely manner, especially for systems accessible from the Internet or used to process Amazon data.

Scanning and detection

  • Periodic scans are performed on relevant systems to help identify malware, suspicious files or other indicators of compromise.
  • Inbound files from external sources (such as uploads, downloads or email attachments) may be scanned prior to being opened or processed, where technically feasible.
  • Alerts generated by anti-virus / anti-malware solutions are reviewed and handled in accordance with ASINsell’s incident response procedures.

Quarantine and remediation

  • When malware or suspicious activity is detected, affected files or processes are quarantined or blocked where supported by the security software.
  • Systems that show signs of compromise may be isolated from the network until they can be examined, cleaned and safely returned to service.
  • If an incident involves or may involve Amazon data, it is treated as a high-priority event and handled in line with our obligations to Amazon and affected users.

Server and cloud environment controls

  • Production servers and cloud instances are configured with hardened operating system settings, restricted network access and monitoring to reduce the risk of malware infection.
  • Only authorized software and services are installed, and unnecessary default components are removed or disabled where possible.

User responsibilities

  • Users must not disable or bypass anti-virus / anti-malware protections on systems used for ASINsell work without explicit authorization.
  • Users should exercise caution when opening links or attachments from unknown or unexpected sources and are encouraged to report suspicious emails or files.

Monitoring and incident response

Logs and alerts related to anti-virus and anti-malware tools may be monitored to detect unusual or malicious activity. Any confirmed or suspected malware incident is handled through ASINsell’s incident response procedures, which may include containment, eradication, recovery, and notification of Amazon or affected users where required.

Physical Security Policy

This section describes how ASINsell protects the physical locations and devices that host or provide access to its systems and data, including Amazon data obtained through the Amazon Selling Partner API (SP-API).

Scope

This policy applies to all physical locations and environments where ASINsell infrastructure, devices or storage media are located, including office premises and data centers or cloud provider facilities used to deliver the ASINsell Services.

Data center and cloud facilities

  • ASINsell uses reputable hosting and cloud providers whose facilities implement industry-standard physical security controls, such as controlled entry points, visitor registration, surveillance cameras, access badges and on-site security personnel.
  • Physical access to servers and network equipment in data centers is restricted to authorized personnel from the hosting provider and, where applicable, ASINsell’s designated administrators.
  • Environmental controls (such as temperature, fire detection and suppression, and power backup) are in place at data center locations to help protect the availability and integrity of systems and data.

Office and work locations

  • Access to office areas where systems or records related to ASINsell or Amazon data may be present is restricted to authorized staff and, where applicable, registered visitors.
  • Visitors are not permitted to access sensitive areas unescorted and may be required to sign in, wear visitor identification, and comply with local security instructions.
  • Workstations, laptops and screens displaying sensitive information must not be left unattended and unlocked in publicly accessible areas. Users are expected to lock their screens when leaving their desks.

Protection of devices and media

  • Servers, workstations, laptops and other equipment used to access ASINsell systems or Amazon data are stored in secure locations when not in use and protected against theft or unauthorized removal (for example, through locked rooms, cabinets or physical cable locks where appropriate).
  • Portable devices and storage media (such as laptops, external drives or USB devices) that may contain personal information or Amazon data must be handled in line with the Information Classification and Handling section of this Privacy Policy and any related internal procedures.
  • When hardware that may contain sensitive information or Amazon data is repaired, reassigned or decommissioned, storage media is securely wiped or physically destroyed in accordance with our data disposal practices.

Paper records and printed materials

  • ASINsell seeks to minimize the creation of paper records containing personal information or Amazon data. Where such records are necessary, they are stored in secure locations with restricted access.
  • Documents containing sensitive information should not be left unattended on desks or in shared areas and must be placed in locked drawers or cabinets when not in use.
  • Paper records and printouts that are no longer needed and contain personal information or Amazon data are destroyed using shredders or secure disposal services.

Incident reporting and response

Any suspected or actual physical security incident that may affect ASINsell systems or Amazon data (such as theft, unauthorized entry, loss of equipment, or suspicious activity) must be reported promptly to the appropriate ASINsell contact or support channel. Incidents are handled in accordance with ASINsell’s incident response procedures and, where applicable, may include notification to Amazon and affected users.

Restriction of the Use of Unauthorized Software

This section describes how ASINsell restricts the use of unauthorized software in order to reduce security risks and protect systems and data, including Amazon data obtained through the Amazon Selling Partner API (SP-API).

Scope

This policy applies to all software installed or executed on systems that are used to provide or administer the ASINsell Services, including servers, workstations, laptops and other devices that can access personal information or Amazon data.

Authorized software

  • Only software that has been approved by ASINsell and is necessary for business operations, development, administration or support may be installed on ASINsell systems.
  • Approved software includes operating systems, databases, application frameworks, monitoring tools and utilities that are maintained through formal processes (such as configuration management, package repositories or deployment pipelines).
  • Where applicable, software must be properly licensed and used in accordance with its license terms.

Prohibited and unauthorized software

  • Users are not permitted to install or run unauthorized software on ASINsell-managed systems or on devices used to access production systems or Amazon data.
  • The use of pirated, unlicensed, or unsupported software is strictly prohibited.
  • Software that introduces unnecessary security risk, such as peer-to-peer file sharing tools, unauthorized remote access utilities or untrusted browser extensions, must not be installed on systems that access ASINsell infrastructure or Amazon data.

Installation and change control

  • Installation of new software or significant changes to existing software on production systems is performed only by authorized personnel and follows documented change management procedures.
  • Production servers and cloud instances are provisioned from controlled images or configurations that include only approved software components and security settings.
  • Where technically feasible, administrative privileges on production systems are limited to a small number of authorized administrators, and normal users do not have the rights required to install arbitrary software.

Monitoring and detection

  • ASINsell may use configuration management, inventory tools, logging and monitoring to detect unapproved or unexpected software on critical systems.
  • If unauthorized software is identified on a system that stores or processes personal information or Amazon data, it is removed or disabled as soon as reasonably possible and the system is reviewed for signs of compromise.

User responsibilities

  • Users must not bypass security controls or attempt to install software on ASINsell systems without proper authorization.
  • Users who believe they require a new tool or application for their work should request approval through the appropriate internal process so that the software can be evaluated for security, licensing and compatibility.

By limiting software to approved and appropriately managed components, ASINsell helps reduce the attack surface of its environment and protect systems that store or process personal information and Amazon data.

Remote Access Controls

This section describes how ASINsell secures remote access to its systems and data, including Amazon data obtained through the Amazon Selling Partner API (SP-API), in order to reduce the risk of unauthorized access, data loss or compromise.

Scope

This policy applies to all remote connections used to access ASINsell infrastructure, applications, databases, administrative interfaces or any other systems that store or process personal information or Amazon data. It covers remote access by employees, contractors and other authorized personnel.

Approved remote access methods

  • Remote access to production systems and management interfaces is allowed only through approved secure protocols, such as SSH over TLS, VPN connections or HTTPS/TLS web interfaces.
  • Direct access from the public Internet to sensitive services (such as databases or internal admin panels) is blocked by default and allowed only through controlled entry points (for example, bastion hosts, VPN gateways or reverse proxies).
  • Remote access tools must be configured to use strong encryption and modern cipher suites where applicable.

Authentication and authorization

  • Remote access to production systems and cloud consoles requires strong authentication, such as unique user accounts with strong passwords and, where supported, multi-factor authentication (MFA).
  • Shared or generic accounts are avoided for remote access. Where they cannot be avoided for technical reasons, additional controls and logging are used to trace actions to specific individuals.
  • Access rights are granted according to the principle of least privilege, so that users receive only the minimum permissions necessary to perform their duties.
  • Access to systems that store or process Amazon data is limited to personnel who have a documented business need and appropriate training.

Endpoint security requirements

  • Devices used for remote access (such as laptops or workstations) must comply with ASINsell’s security requirements, including operating system updates, malware protection, disk encryption where feasible, and screen lock configuration.
  • Remote access must not be initiated from public or shared computers or from devices that do not meet basic security standards.
  • Users must ensure that their local environment (for example, home or shared office spaces) does not expose sensitive information (such as Amazon data) to unauthorized persons while remote sessions are active.

Session management

  • Remote sessions should be terminated when no longer needed, and systems are configured to disconnect idle sessions after a reasonable period of inactivity where technically feasible.
  • Credentials used for remote access (passwords, keys, tokens) must be stored securely and must not be shared or transmitted through insecure channels.
  • SSH keys used for administrative access are managed using controlled processes, and compromised or unused keys are revoked promptly.

Logging and monitoring

  • Remote access to production systems, cloud management consoles and critical services is logged where technically feasible, including information such as user identity, time of access and source IP address.
  • Logs may be reviewed to detect suspicious or unauthorized remote activity, particularly for systems that store or process Amazon data.
  • Repeated failed login attempts or unusual access patterns may trigger alerts and be investigated according to ASINsell’s incident response procedures.

Prohibited practices

  • Accessing production systems or Amazon data over unencrypted protocols or unsecured public Wi-Fi networks without appropriate protection (such as a VPN).
  • Sharing remote access credentials with other individuals or storing them in plain text or unprotected locations.
  • Using personal remote access tools or backdoors that have not been approved by ASINsell.

Incident reporting

Any suspected or actual unauthorized remote access, loss of credentials, or compromise of a device used for remote access must be reported promptly to the appropriate ASINsell contact or support channel. Such incidents are handled in accordance with ASINsell’s incident response procedures and, where required, may include notification to Amazon and affected users.

Business Continuity and Disaster Recovery

This section describes how ASINsell plans for and responds to events that may disrupt its operations, in order to maintain the availability of the ASINsell Services and protect systems and data, including Amazon data obtained through the Amazon Selling Partner API (SP-API).

Scope and objectives

This policy applies to all critical components of the ASINsell environment, including infrastructure, applications, databases and supporting services required to operate the ASINsell platform. The main objectives are to:

  • Reduce the impact of disruptions on users and their Amazon-based operations.
  • Restore critical services within a reasonable time frame after an interruption.
  • Protect the integrity and confidentiality of personal information and Amazon data during and after an incident.

Business continuity planning

  • ASINsell identifies critical services and components required to operate its platform, including web frontends, APIs, background workers, databases and integrations with Amazon SP-API.
  • Dependencies on external providers (such as cloud hosting, DNS, email and monitoring) are documented so that potential points of failure can be understood and mitigated.
  • Where feasible, redundancy is implemented for critical components, for example through the use of multiple instances, availability zones or backup services.
  • Procedures are documented for responding to common disruption scenarios, such as cloud infrastructure outages, network connectivity problems, loss of key services or application-level incidents.

Disaster recovery strategy

  • ASINsell maintains disaster recovery procedures focused on restoring critical systems and data from reliable backups if a serious failure or data loss event occurs.
  • Recovery strategies take into account recovery time objectives (RTO) and recovery point objectives (RPO) that are appropriate for the scale of the platform and the expectations of users.
  • In the event that a primary environment becomes unavailable for an extended period, ASINsell may restore services to alternative infrastructure or regions provided by its cloud hosting partners.

Backups and data protection

  • Regular backups are performed for critical databases and configuration data that are required to operate the ASINsell Services, including data related to user accounts and Amazon integrations.
  • Backups are stored in secure locations with appropriate access controls and, where feasible, encryption to protect the confidentiality and integrity of the data.
  • Backup routines and retention periods are defined in line with data retention requirements and business needs, while respecting the principles of data minimization.
  • Periodic tests or restoration exercises may be conducted to verify that backups can be successfully used to restore services within expected time frames.

Incident response and escalation

  • Disruptions that affect the availability, integrity or confidentiality of systems or data are handled through ASINsell’s incident response procedures, which define steps for detection, assessment, containment, remediation and recovery.
  • Roles and responsibilities for incident handling and disaster recovery are assigned to specific individuals or teams, including technical leads and communication contacts.
  • In the event of a significant incident that may impact Amazon data or user operations, ASINsell will, where appropriate, inform affected users and, if required, Amazon or relevant authorities in accordance with contractual and legal obligations.

Communication with users

  • During major service disruptions, ASINsell aims to provide timely updates to users through appropriate channels (for example, status pages, email notifications or in-app messages), including information about the nature of the issue and anticipated recovery steps where known.
  • Once normal operations are restored, ASINsell may provide additional information, such as a summary of the incident, remedial actions taken and measures implemented to reduce the likelihood of recurrence.

Review and improvement

  • Business continuity and disaster recovery plans are reviewed periodically, and after significant incidents or infrastructure changes, to ensure that they remain effective and aligned with current operations.
  • Lessons learned from tests or real incidents are used to improve procedures, technical safeguards and communication processes.

By maintaining appropriate business continuity and disaster recovery measures, ASINsell aims to provide a resilient service and to protect users and their Amazon-related operations from the impact of unexpected disruptions.

Intrusion Detection and Protection

This section describes how ASINsell monitors and protects its systems and data, including Amazon data obtained through the Amazon Selling Partner API (SP-API), against unauthorized access, misuse and other security threats through logging, monitoring and intrusion detection / prevention controls.

Scope

This policy applies to production systems, networks, cloud resources and applications that store, process or transmit personal information or Amazon data, as well as to supporting infrastructure used to operate the ASINsell Services.

Security logging

  • ASINsell configures systems and applications, where technically feasible, to generate logs that are useful for detecting suspicious activity, troubleshooting incidents and supporting security investigations.
  • Logged events may include authentication attempts, access to administrative interfaces, configuration changes, application errors and other relevant actions.
  • Logs related to systems that store or process Amazon data are protected against tampering and unauthorized access and are retained for a period consistent with operational and legal requirements.

Monitoring and alerting

  • ASINsell uses monitoring tools and services to observe the health and behavior of critical systems, applications and network endpoints.
  • Where feasible, alerts are generated for events that may indicate potential security issues, such as repeated failed login attempts, unusual access patterns, unexpected spikes in traffic, or abnormal application behavior.
  • Security-relevant alerts are reviewed and investigated in accordance with ASINsell’s incident response procedures, with priority given to systems that handle Amazon data.

Network and application protection

  • Network access to production systems is restricted using firewalls, security groups or similar controls, allowing only required inbound and outbound connections.
  • Public-facing services are exposed through controlled entry points (for example, load balancers or reverse proxies), which may include web application firewall (WAF) or rate limiting capabilities to help protect against common attacks such as injection, cross-site scripting (XSS) or denial-of-service attempts.
  • Unnecessary network ports and services are disabled on production systems to minimize the attack surface.

Intrusion detection and anomaly detection

  • Where technically appropriate, ASINsell may use intrusion detection or intrusion prevention mechanisms (for example, host-based or network-based IDS/IPS features, cloud-native security services, or log-based anomaly detection) to identify suspicious activity.
  • Indicators of compromise (IOC) or unusual patterns — such as access from unexpected locations, use of invalid credentials, or attempts to access restricted resources — are investigated and, if necessary, escalated as security incidents.
  • When an intrusion attempt is detected, ASINsell may block or limit offending traffic, revoke access tokens, or temporarily restrict access to affected services while the issue is being investigated.

Response to suspected intrusions

  • Confirmed or suspected intrusions are handled in accordance with ASINsell’s incident response procedures, which include steps for containment, eradication, recovery and post-incident review.
  • If an incident involves or may involve Amazon data, it is treated as a high-priority event, and appropriate notifications to Amazon and affected users are made where required by contractual or legal obligations.
  • As part of remediation, ASINsell may implement additional controls or configuration changes to prevent similar incidents from occurring in the future.

Continuous improvement

ASINsell periodically reviews its intrusion detection and protection mechanisms, monitoring rules and logging configurations to ensure they remain effective and aligned with changes in infrastructure, applications, threats and best practices. Lessons learned from security incidents and near-misses are used to strengthen controls and reduce overall risk.

Human Resource Security

This section describes how ASINsell manages human resource security to help ensure that employees, contractors and other individuals with access to ASINsell systems or Amazon data understand their responsibilities and handle information in a secure and compliant manner throughout the entire employment or engagement lifecycle.

Scope

This policy applies to all ASINsell personnel, including employees, contractors and temporary staff, who have access to ASINsell systems, personal information or Amazon data obtained through the Amazon Selling Partner API (SP-API).

Pre-employment and onboarding

  • Individuals considered for roles with access to ASINsell systems or Amazon data are evaluated based on their qualifications, experience and suitability for the position.
  • Where legally permitted and appropriate, background or reference checks may be performed in proportion to the sensitivity of the role and the level of access required.
  • New personnel are informed of ASINsell’s security and privacy expectations, including obligations to protect personal information and Amazon data, during onboarding.
  • As part of onboarding, personnel may be required to accept or sign confidentiality agreements and to acknowledge relevant policies, such as acceptable use, information security and data protection.

Roles, responsibilities and least privilege

  • Security responsibilities are defined for relevant roles, particularly for positions with administrative or development access to production systems or Amazon data.
  • Access to systems, applications and data is granted based on the principle of least privilege, so that personnel receive only the level of access necessary to perform their duties.
  • Access rights are reviewed periodically and adjusted when roles or responsibilities change.

Training and awareness

  • Personnel are provided with information or training on security and privacy topics, including secure handling of personal information and Amazon data, acceptable use of systems, incident reporting, phishing awareness and password/MFA practices.
  • Additional guidance is provided to staff with elevated privileges (such as system administrators and developers) regarding secure configuration, deployment and logging practices.
  • Security and privacy expectations are reinforced periodically through communications, updates or refresher materials.

Confidentiality and acceptable use

  • Personnel are expected to keep confidential any non-public information obtained in the course of their work, including personal information, Amazon data and internal business information.
  • Use of ASINsell systems and access to Amazon data must be strictly for legitimate business purposes and in accordance with internal policies and Amazon’s SP-API requirements.
  • Sharing of credentials, unauthorized disclosure of information, or misuse of access rights is prohibited and may result in disciplinary or contractual action.

Disciplinary process

  • Violations of security, privacy or acceptable use policies may lead to corrective measures, which can include revocation of access privileges, disciplinary steps or termination of employment or contract, consistent with applicable laws and internal procedures.
  • Serious or repeated violations that may affect personal information or Amazon data are treated as security incidents and handled in accordance with ASINsell’s incident response procedures.

Termination and role change

  • When an individual leaves ASINsell or changes roles, their access to systems and data is revoked or adjusted in a timely manner, including deactivation of accounts and removal of unnecessary privileges.
  • Any ASINsell-owned equipment, access tokens, security keys or other assets must be returned or securely disabled as part of the offboarding process.
  • Departing personnel remain bound by any ongoing confidentiality obligations and applicable legal or contractual requirements regarding information they accessed during their engagement.

Through appropriate human resource security practices, ASINsell aims to ensure that only trustworthy and informed individuals have access to its systems and that they handle personal information and Amazon data in a responsible and secure manner.

Third Party Risk Management

This section describes how ASINsell manages risks arising from the use of third-party service providers and partners, particularly where these third parties may have access to ASINsell systems, personal information or Amazon data obtained through the Amazon Selling Partner API (SP-API).

Scope

This policy applies to third-party providers that supply infrastructure, hosting, storage, monitoring, analytics, email delivery, support tools or other services that are used to operate or administer the ASINsell platform. It covers any third party that may store, process or have access to personal information or Amazon data on behalf of ASINsell.

Selection and due diligence

  • Before engaging a third party that may handle personal information or Amazon data, ASINsell performs appropriate due diligence to assess the provider’s security, privacy and compliance posture.
  • Factors considered may include the provider’s security certifications (such as ISO 27001, SOC 2 or equivalent), data protection practices, incident response procedures, geographic locations of data centers and contractual commitments.
  • Only providers that meet ASINsell’s minimum security and privacy requirements are approved for use with systems or data classified as Confidential or Amazon Confidential.

Contracts and data protection agreements

  • Relationships with third parties that may process personal information or Amazon data are governed by written agreements that define the scope of services, security expectations and data protection obligations.
  • Contracts with such providers include appropriate confidentiality clauses and, where applicable, data processing or data protection agreements (DPAs) that address responsibilities, use limitations, sub-processing, international transfers and incident notification requirements.
  • Third parties are required to use information only for the purposes of providing services to ASINsell and not for their own independent purposes.

Access to Amazon data

  • Third parties may access Amazon data only when it is strictly necessary to provide the contracted services (for example, cloud hosting or managed database services) and only under conditions that meet or exceed Amazon’s SP-API requirements.
  • Where feasible, Amazon data is minimized, pseudonymized or otherwise protected when used with third-party tools, consistent with the Information Classification and Handling section of this Privacy Policy.
  • ASINsell does not sell or rent Amazon data to third parties and does not allow third parties to use Amazon data for unrelated marketing or profiling activities.

Ongoing monitoring and review

  • ASINsell periodically reviews critical third-party providers to confirm that they continue to meet expected security and privacy standards, taking into account any changes in services, certifications or risk profile.
  • If material issues are identified with a provider’s security posture or compliance, ASINsell may require remedial actions, restrict the use of the provider, or seek alternative solutions where appropriate.

Incident management and notification

  • Contracts with third-party providers handling personal information or Amazon data include obligations to promptly notify ASINsell of security incidents that may affect data processed on ASINsell’s behalf.
  • Third-party incidents involving ASINsell data are treated as security incidents and handled through ASINsell’s incident response procedures, which may include assessment, containment, remediation and communication with affected users and Amazon, where required.

Third-party offboarding and data return / deletion

  • When a relationship with a third-party provider ends, ASINsell ensures that access to systems and data is revoked and that any stored personal information or Amazon data is securely deleted or returned, in line with contractual terms and legal requirements.
  • ASINsell may request written confirmation or evidence from the provider that relevant data has been deleted or anonymized, where appropriate.

Through careful selection, contractual controls, ongoing monitoring and defined offboarding processes for third-party providers, ASINsell aims to manage and reduce risks associated with external services that support the ASINsell platform and its use of personal information and Amazon data.

Acceptable Use Policy

This Acceptable Use Policy describes the rules and expectations for the use of ASINsell systems and Services, including any access to personal information or Amazon data obtained through the Amazon Selling Partner API (SP-API). Its purpose is to help ensure that ASINsell is used in a secure, lawful and respectful manner.

Scope

This policy applies to all users of the ASINsell Services, including customers, their authorized users, ASINsell personnel and any other individuals who access ASINsell systems, data or integrations with Amazon.

Permitted use

  • The Services may be used only for legitimate business purposes related to managing, analyzing and automating Amazon seller account activities, as described in the ASINsell documentation and applicable agreements.
  • Users must comply with all applicable laws and regulations, as well as Amazon’s policies and terms governing the use of Amazon seller accounts and SP-API.
  • Access credentials (such as usernames, passwords, API keys or tokens) provided for ASINsell must be used only by the individual or account to whom they are assigned and must not be shared with unauthorized parties.

Prohibited activities

Users must not use ASINsell Services, systems or data for any of the following:

  • Engaging in illegal activities or violating any applicable law, regulation or third-party rights.
  • Violating Amazon’s terms, policies or SP-API requirements, including any attempts to circumvent Amazon’s security, rate limits or usage restrictions.
  • Gaining or attempting to gain unauthorized access to any ASINsell system, other users’ accounts, Amazon accounts or data that the user is not explicitly authorized to access.
  • Interfering with or disrupting the normal operation of ASINsell systems or the underlying infrastructure (for example, through denial-of-service attacks, excessive automated requests or misuse of automation features).
  • Uploading, transmitting or distributing malicious software, code or content that may harm ASINsell systems or other users (for example, viruses, worms, trojans, spyware or other malware).
  • Using ASINsell to store, transmit or process content that is unlawful, abusive, defamatory, harassing, discriminatory, fraudulent or otherwise objectionable.
  • Attempting to reverse engineer, decompile or otherwise derive the source code or underlying algorithms of ASINsell systems, except to the extent expressly permitted by law.
  • Circumventing or attempting to circumvent security measures, access controls or usage limits implemented by ASINsell or its providers.

Use of personal information and Amazon data

  • Users must handle any personal information and Amazon data accessible through ASINsell in accordance with this Privacy Policy, applicable laws and their own obligations to Amazon and customers.
  • Users must not copy, export, share or use personal information or Amazon data for purposes that are not directly related to the Services or permitted by Amazon’s policies.
  • Users are responsible for ensuring that any data they provide to ASINsell is obtained and used in a lawful and transparent manner.

Security responsibilities

  • Users must protect their ASINsell credentials and take reasonable steps to prevent unauthorized access to their accounts, including using strong passwords and enabling multi-factor authentication where available.
  • Users must promptly notify ASINsell if they suspect that their account has been compromised, their credentials have been exposed or any unauthorized activity has occurred.

Monitoring and enforcement

  • ASINsell may monitor usage of its systems and Services to help ensure compliance with this Acceptable Use Policy, to maintain the security and stability of its platform, and to detect or prevent fraudulent or abusive behavior.
  • If ASINsell believes that a user has violated this policy or is otherwise using the Services in a way that may pose a risk to ASINsell, other users, Amazon or third parties, ASINsell may take appropriate action, which can include warnings, temporary suspension, restrictions on functionality or termination of access.
  • In serious cases, ASINsell may cooperate with law enforcement, Amazon or other relevant authorities as required or permitted by law.

By using the ASINsell Services, you agree to comply with this Acceptable Use Policy. Failure to follow these rules may result in suspension or termination of your access to the Services and may also lead to legal or contractual consequences.

Removable Media Policy

This section describes how ASINsell manages the use of removable media in order to protect systems and data, including personal information and Amazon data obtained through the Amazon Selling Partner API (SP-API), from loss, theft or unauthorized disclosure.

Scope

This policy applies to all forms of removable media that may be used with ASINsell systems or devices that can access ASINsell systems, including but not limited to USB flash drives, external hard drives, memory cards and other portable storage devices.

General principles

  • ASINsell aims to minimize the use of removable media for storing or transferring personal information or Amazon data wherever feasible, preferring secure network-based transfer methods instead.
  • When removable media must be used for business purposes, it must be handled in a way that protects the confidentiality and integrity of any data stored on it.

Use with personal information and Amazon data

  • Removable media must not be used to store Amazon data (classified as Amazon Confidential) unless it is strictly necessary for a specific, time-limited purpose and there is no reasonable alternative.
  • If removable media is used with personal information or Amazon data, it must be encrypted where technically feasible, and access to the device must be restricted to authorized personnel.
  • Data stored on removable media should be limited to the minimum necessary for the intended purpose and must be securely deleted from the device as soon as it is no longer required.

Device control and authorization

  • Only removable media devices that are owned, managed or explicitly approved by ASINsell may be used with systems that access ASINsell infrastructure or Amazon data.
  • Users must not connect unknown or untrusted removable media (for example, devices of unknown origin) to ASINsell-managed systems due to the risk of malware or data theft.
  • Administrative controls or technical restrictions (such as disabling USB storage on certain systems) may be implemented to enforce this policy where appropriate.

Malware protection

  • Removable media used with ASINsell systems should be scanned for malware using anti-virus / anti-malware tools where available, particularly when data is received from external or untrusted sources.
  • If a removable device is suspected to be compromised or infected, it must not be used with ASINsell systems until it has been checked and cleaned or securely disposed of.

Physical security and handling

  • Removable media containing personal information or Amazon data must be stored securely when not in use (for example, in locked drawers or cabinets) and must not be left unattended in public or shared areas.
  • When transporting removable media outside secure locations, users must take reasonable steps to prevent loss, theft or unauthorized access (for example, keeping devices on their person and avoiding leaving them in unattended vehicles or bags).

Disposal of removable media

  • When removable media is no longer needed or is defective, any personal information or Amazon data stored on it must be securely erased before disposal, using appropriate tools or procedures.
  • If secure erasure is not feasible, removable media must be physically destroyed or disposed of using a secure destruction service to prevent data recovery.

Incident reporting

  • Loss, theft or suspected unauthorized access involving removable media that may contain personal information or Amazon data must be reported promptly to the appropriate ASINsell contact or support channel.
  • Such events are treated as security incidents and handled in accordance with ASINsell’s incident response procedures, which may include assessing the impact, notifying affected users and Amazon where required, and implementing additional controls.

By limiting and controlling the use of removable media, ASINsell helps reduce the risk of data leakage, malware infection and other security issues affecting its systems and the personal information and Amazon data it processes.

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

Third party websites

Users may find advertising or other content on our Site that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.

Compliance with children's online privacy protection act

Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.

Changes to this privacy policy

ASINsell has the discretion to update this privacy policy at any time. When we do, we will post a notification on the main page of our Site. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us.

This document was last updated on March 10, 2026