Privacy Policy

Last updated: 2026

1. Scope

This Privacy Policy explains how Huang Kai (黄凯) ("Phoebewood", "we", "us") collects, uses, stores, protects, shares, and deletes data obtained through the Amazon Selling Partner API (SP-API) when an authorized seller connects their account to our application. We comply with Amazon's Acceptable Use Policy (AUP), Data Protection Policy (DPP), and applicable data protection regulations.

2. Data we collect

With the seller's explicit authorization, we access only the SP-API roles the seller approves, which may include: order and order-tracking data, inventory data, financial/settlement data, product listing data, and standard reports. We request only non-PII roles and do not collect buyer personally identifiable information (such as buyer names, shipping addresses, phone numbers, or email addresses) unless explicitly authorized for a specific, documented feature.

3. How we use data

Data is used solely to provide the operations and reporting features described on our homepage to the authorizing seller. We do not use the data for advertising, and we do not sell it.

4. Storage & security

We apply the security controls required by Amazon's DPP, including:

  • Encryption in transit — all communication uses HTTPS/TLS.
  • Encryption at rest — authorization tokens and stored data are encrypted.
  • Access control — least-privilege access restricted to authorized personnel, with credentials kept in a secrets store, not in source code.
  • Logging & monitoring — access to data is logged and monitored.
  • Secure development & vulnerability management — code is reviewed and dependencies are patched on a regular basis.

5. Data retention

We retain seller data only as long as necessary to provide the Service. Data no longer needed is deleted. Personally identifiable information, if ever processed, is retained for no longer than 30 days unless a longer period is required to fulfill an order or by law, consistent with Amazon's DPP.

6. Sharing

We do not share seller data with third parties except sub-processors strictly necessary to operate the Service (e.g., cloud hosting), who are bound by equivalent confidentiality and security obligations. We do not share data for advertising or resale.

7. Data deletion & revocation

A seller may revoke our access at any time from Amazon Seller Central under Apps & Services → Manage Your Apps. Upon revocation, or upon a written request to hkai212800@gmail.com, we delete the associated authorization tokens and stored data within 30 days.

8. Incident response

We maintain an incident response process and will notify affected sellers and Amazon of any confirmed data breach involving Amazon Information in accordance with the DPP.

9. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete your data. To exercise these rights, contact hkai212800@gmail.com.

10. Contact

Huang Kai (黄凯) · Shenzhen, China · hkai212800@gmail.com