Privacy Policy

2. Data we access from Amazon

With your explicit authorization through Amazon's OAuth flow, we may access the following categories of data from your seller account depending on the features you enable:

• Report data (Orders, Inventory, FBA reports, Fees, Fulfillment / storage reports)
• Advertising reports (campaign, keyword, ad-product reports) if you enable ad features
• Product and listing metadata (titles, images, ASINs, SKUs) needed for analytics
• Account/store identifiers (Seller ID, marketplace identifiers) and metadata

We request only the API scopes necessary for the features you choose. We do not request credentials or payment information from Amazon — only the authorization tokens that Amazon supplies after you grant consent.

3. How we use your data

• Generate automated MIS, SKU economics, inventory health, and ad-performance reports.
• Send notifications and alerts you opt into (low stock, report-ready, key events).
• Provide dashboards and downloadable exports (CSV/Excel) for your use.
• Perform internal analysis to improve our services and to detect issues (errors, missing data).

4. Tokens, storage & security

Refresh tokens: when you authorize our App, Amazon issues a refresh token specific to your authorization. We store refresh tokens encrypted and use them to obtain short-lived access tokens to call SP-API on your behalf.

Encryption & keys: refresh tokens and sensitive secrets are encrypted at rest (AWS KMS recommended) and never displayed in plain text in logs or UIs. Access to encryption keys is restricted to a small set of operations accounts.

Network & hosting: processed reports and exports are stored in Amazon S3 buckets with restricted IAM policies. Backend services run on our EC2 instances (or managed infrastructure) over HTTPS only. Admin access requires MFA.

5. Data retention and deletion

We retain your refresh token and processed reports while your account is active and for a short period after deactivation to support potential rollbacks (default retention: 30 days after you request deletion). You can request deletion of your data and revocation of tokens by contacting support (see contact section).

6. How to revoke access

You may revoke Optimiseres' access at any time from your Amazon Seller Central account under “User Permissions” / “Apps & Services” or from the Apps page where you originally authorized the App. Revoking access will prevent us from requesting new access tokens; we will also remove stored tokens on request.

7. Third parties & subprocessors

We use third-party infrastructure providers (Amazon Web Services) to host data and deliver the service. We do not sell or rent your seller data. We disclose data to subprocessors only when necessary to provide the service (for example, S3 for storage) and under contractual data protection obligations.

8. Legal basis & compliance

We process your data to provide contracted services and where you have provided consent by authorizing the App. We comply with applicable data protection laws and Amazon SP-API policies. If you are subject to GDPR/CCPA and need specific rights exercised (access, deletion, portability), contact us using the details below.

9. Security incidents & breach notification

We maintain an incident response plan. In the unlikely event of a security breach affecting personal or seller data, we will notify affected parties and Amazon in accordance with applicable legal requirements and within the timelines required by law.

10. Cookies & tracking

Our App listing pages and hosted help pages may use standard analytics cookies for traffic analysis. The SP-API authorization flow uses Amazon's OAuth process — we do not capture or store Amazon login credentials.

11. Your rights

You have the right to request access to data we hold about your account, request correction or deletion, and request portability of your data. To exercise these rights, contact us at the address below. We will respond within a reasonable timeframe and as required by law.

Changes to this policy

We may update this policy occasionally. The "Effective date" at the top will reflect the most recent update. We recommend bookmarking this page and reviewing it periodically.