Amazon Data Handling Policy

Last updated: 10/10/2025

Scope

This policy describes how LOLUIS handles Amazon Selling Partner data (“Amazon Information”), including customer PII received via SP-API or Seller Central.

Data We Receive

Recipient name, shipping address, phone, email, order ID, items, quantities, carrier/tracking, and operational metadata required for fulfillment and post-shipment support.

Purpose & Legal Basis

We use Amazon Information only to: (i) create shipping labels and verify addresses, (ii) update delivery status, (iii) process returns/refunds, (iv) answer customer inquiries, and (v) detect fraud/abuse. We do not use it for marketing.

Access Controls

Access is role-based (least-privilege) and requires SSO + MFA. Secrets and API keys are stored in a Secrets Manager and rotated regularly. All access to Amazon Information is audit-logged.

Security

Amazon Information is encrypted in transit (TLS 1.2+) and at rest (AES-256). Systems reside in private networks with firewall/WAF controls. Logs are centralized in a SIEM with alerts for anomalies (e.g., brute force, unusual downloads, privilege changes). We do not store PII in logs; logs are redacted and retained for security monitoring. Passwords meet or exceed Amazon DPP 1.4 requirements and are rotated at least quarterly.

Retention & Deletion

We retain Amazon PII no longer than 30 days after order shipment, then permanently delete or anonymize it. Non-PII order metrics may be retained for reporting.

Sharing

Data is shared only with vetted processors (e.g., carriers, payment/Fraud tools) under data-processing agreements and only for the purposes above. We do not sell personal data.

Incident Response

Incident Response. We maintain a documented IR plan. Upon detecting a potential incident involving Amazon Information, we will:

(1) identify and triage;

(2) contain (isolate hosts, disable accounts, revoke/rotate keys);

(3) eradicate and patch;

(4) recover from clean, encrypted backups; and

(5) notify Amazon at [email protected] within 24 hours, and notify affected individuals/regulators as required. We complete a post-incident review with corrective actions.

Your Rights

You may request access, correction, or deletion (subject to legal obligations) via [email protected].

Contact

LOLUIS

4416 E Yellowstone Place, Chandler, Arizona 85249, United States.

Email: [email protected].