Custom gifts + branded keepsakesJnPCreations
Cart

Privacy

Privacy and Data Handling Policy

Organization: JnPCreations DBA Prezently
Application / Account: Amazon SBA / Amazon Seller Operations
Last Updated: May 4, 2026

1. Purpose and Scope

This Privacy and Data Handling Policy describes how JnPCreations DBA Prezently collects, uses, stores, protects, retains, backs up, monitors, and disposes of data associated with its Amazon seller operations, Amazon-related integrations, internal tools, automation systems, and supporting infrastructure.

This policy applies to all employees, contractors, vendors, systems, applications, databases, storage locations, logs, backups, credentials, and third-party services that store, process, transmit, or access Amazon-related data.

Covered data includes, but is not limited to:

  • Amazon seller account data.
  • Product listing data.
  • Inventory and fulfillment data.
  • Order-related data.
  • Reports and business records.
  • System logs, audit logs, metrics, and user activity logs.
  • API usage records.
  • Credentials, tokens, keys, and secrets.
  • Customer personally identifiable information, where applicable.

2. Data Classification

JnPCreations DBA Prezently classifies data according to sensitivity and business impact.

Data categories include:

  • Public data: Information intended for public display, such as public product listings.
  • Internal business data: Operational data used to manage listings, inventory, orders, reporting, and business workflows.
  • Confidential data: Amazon account information, business reports, system configurations, logs, API activity, vendor information, and internal procedures.
  • Restricted data: Customer PII, authentication credentials, API keys, access tokens, encryption keys, secrets, security logs, and administrative access records.

Restricted data receives the highest level of protection, including limited access, encryption, audit logging, retention controls, and secure disposal.

3. Data Collection and Processing

JnPCreations DBA Prezently collects and processes only the data necessary to operate, secure, monitor, support, and improve its Amazon seller business.

Data may include:

  • Amazon order, fulfillment, listing, product, and inventory data.
  • Amazon seller account metadata.
  • Internal user account information.
  • System, application, access, audit, and security logs.
  • Metrics related to system health, API usage, automation jobs, alerts, and errors.
  • User activity logs, including authentication events, administrative actions, data access events, configuration changes, and system actions.

JnPCreations DBA Prezently does not intentionally store customer PII in logs unless required for a documented legal, tax, regulatory, fraud-prevention, security, or dispute-resolution purpose.

4. Data Minimization

JnPCreations DBA Prezently collects, stores, and processes only the minimum data required for legitimate business purposes.

Data minimization practices include:

  • Limiting API access to required scopes.
  • Avoiding unnecessary storage of customer PII.
  • Avoiding customer PII in logs where possible.
  • Restricting exports and downloads of Amazon data.
  • Retaining data only for approved business, legal, operational, security, or compliance purposes.
  • Deleting, anonymizing, or archiving data when it is no longer required.

5. Permitted Use

Amazon-related data is used only for legitimate business purposes, including:

  • Managing Amazon seller operations.
  • Creating, updating, and monitoring product listings.
  • Managing orders, fulfillment, inventory, and reporting.
  • Supporting customer-service workflows where required.
  • Monitoring system reliability, performance, and security.
  • Investigating errors, abuse, fraud indicators, unauthorized access, or security incidents.
  • Meeting tax, legal, audit, regulatory, contractual, accounting, and Amazon policy obligations.

Amazon-related data is not sold, rented, or used for unrelated marketing purposes.

6. Data Retention

Operational logs, system metrics, audit logs, and user activity logs are retained for 13 months.

This includes:

  • Application logs.
  • API access logs.
  • Authentication logs.
  • Authorization and access-denial logs.
  • Administrative activity logs.
  • Configuration-change logs.
  • Security logs.
  • System health and performance metrics.
  • Automation job execution records.
  • User activity logs.

Customer PII, where processed, is retained only as long as necessary for the specific business, legal, tax, regulatory, fraud-prevention, dispute-resolution, or Amazon policy purpose.

Where customer PII is no longer required, it is deleted, anonymized, or securely archived according to documented retention rules.

Non-PII Amazon-related data is not retained longer than necessary and is subject to a maximum retention period of 18 months unless a longer period is required for legal, tax, regulatory, accounting, fraud-prevention, security, dispute-resolution, or contractual purposes.

7. Secure Data Disposal

JnPCreations DBA Prezently securely deletes, anonymizes, or archives data that is no longer required.

Secure disposal practices include:

  • Deleting expired records according to retention schedules.
  • Removing unnecessary exports and downloaded files.
  • Expiring backups according to documented backup-retention rules.
  • Revoking access to data stores that are no longer required.
  • Removing credentials, keys, and tokens that are no longer in use.
  • Sanitizing or deleting data from decommissioned systems where applicable.

8. Logging and Monitoring

JnPCreations DBA Prezently maintains logging and monitoring controls to detect operational issues, unauthorized access, abnormal activity, data access events, and security incidents.

Logs may include:

  • Date and time of event.
  • User or service identity.
  • Source system, IP address, or device metadata where available.
  • Successful and failed login attempts.
  • Authorization failures.
  • Administrative actions.
  • Data access events.
  • Configuration changes.
  • API calls.
  • Automation job execution events.
  • System errors, warnings, and alerts.
  • Security-relevant activity.

Logs are protected against unauthorized access, modification, deletion, and tampering. Access to logs is restricted to authorized users with a legitimate business need.

Logs and alerts are reviewed through automated monitoring and periodic manual review. Security-relevant alerts are investigated and documented as appropriate.

9. Log Retention

Application logs, system logs, access logs, audit logs, user activity logs, security logs, and operational metrics are retained for 13 months.

Logs are retained to support:

  • Security monitoring.
  • Incident response.
  • Auditability.
  • Troubleshooting.
  • Change investigation.
  • Fraud and abuse detection.
  • Compliance review.

Logs are not used to unnecessarily store customer PII. Where PII appears in logs due to operational necessity, access is restricted and the data is retained only as required.

10. User Access Management

Access to Amazon-related systems and data is granted according to least-privilege and need-to-know principles.

Access controls include:

  • Unique user accounts where technically feasible.
  • Role-based access control.
  • Strong authentication.
  • Multi-factor authentication for administrative or sensitive access where supported.
  • Periodic user access reviews.
  • Prompt removal or disabling of access when no longer required.
  • Separation of duties for sensitive functions where practical.
  • Review of privileged access.
  • Logging of administrative activity.
  • Account lockout or equivalent protections after repeated failed login attempts.

Terminated users, inactive users, contractors, or vendors have access removed promptly, and no later than 24 hours after access is no longer required.

11. Least-Privilege Policy

JnPCreations DBA Prezently limits user, service, vendor, and application access to the minimum permissions required to perform approved business functions.

Least-privilege practices include:

  • Granting access based on defined roles.
  • Avoiding shared accounts where feasible.
  • Limiting administrative access.
  • Limiting API scopes and permissions.
  • Reviewing access periodically.
  • Removing unused or excessive permissions.
  • Restricting access to logs, backups, credentials, and customer data.
  • Separating production access from development or testing access where practical.

12. Credential and Secret Management

Credentials, passwords, API keys, refresh tokens, access tokens, encryption keys, private keys, and other secrets are stored only in approved secret-management systems or encrypted configuration stores.

JnPCreations DBA Prezently does not intentionally:

  • Hardcode secrets in source code.
  • Commit secrets to source repositories.
  • Share secrets through insecure channels.
  • Store secrets in plaintext files.
  • Reuse production credentials for testing where avoidable.

Credential controls include:

  • Secure secret storage.
  • Restricted access to secrets.
  • Credential rotation when required or when compromise is suspected.
  • Removal of unused credentials.
  • Review of service accounts.
  • Secret scanning where feasible.
  • Logging and review of sensitive administrative access.

13. Encryption and Key Management

JnPCreations DBA Prezently encrypts Amazon-related data in transit and at rest.

Encryption applies to:

  • Databases.
  • File storage.
  • Object storage.
  • Backups.
  • Logs.
  • Archives.
  • Configuration data.
  • Secrets.
  • API communications.
  • Administrative access channels.

Encryption keys are managed using approved key-management systems or cloud-provider key-management services. Key access is restricted based on least privilege. Keys are rotated according to policy, compliance requirements, or when compromise is suspected.

14. Encryption in Transit

All external and internal communications that transmit Amazon-related data use encrypted transport.

Controls include:

  • HTTPS/TLS for web and API communication.
  • TLS 1.2 or higher.
  • TLS 1.3 preferred where supported.
  • Secure administrative access channels.
  • Avoidance of plaintext transmission of Amazon data.
  • Encryption for service-to-service communication where supported.
  • Secure handling of API credentials and tokens during transmission.

15. Encryption at Rest

Amazon-related data is encrypted at rest in all supported systems.

This includes:

  • Production databases.
  • File systems.
  • Object storage.
  • Backup storage.
  • Logs and metrics stores.
  • Archives.
  • Configuration repositories containing sensitive values.
  • Secret stores.

Storage access is restricted to authorized users, services, and administrative processes. Where supported, encryption is enforced by default for new storage resources.

16. Backup and Recovery

JnPCreations DBA Prezently maintains encrypted backups for systems that store Amazon-related data, including databases, logs, configuration, operational data, and other business-critical records.

Backup controls include:

  • Encryption of backups at rest.
  • Restricted access to backup storage.
  • Logical or physical separation of backup access from normal production access where practical.
  • Backup retention aligned with business, legal, operational, and Amazon policy requirements.
  • Geographic separation or provider-level durability where supported.
  • Periodic recovery testing or validation where practical.
  • Monitoring of backup job success and failure.
  • Secure expiration or deletion of backups after retention periods expire.

Recovery procedures are reviewed periodically to ensure that data can be restored after accidental deletion, corruption, outage, ransomware, infrastructure failure, or security incident.

17. Change Control

JnPCreations DBA Prezently maintains change-control procedures for production systems, Amazon integrations, security controls, infrastructure, data stores, automation systems, and applications that access Amazon-related data.

Change-control practices include:

  • Tracking changes through tickets, issues, pull requests, or change records.
  • Documenting the reason for the change.
  • Reviewing the scope and risk of the change.
  • Peer review for application, infrastructure, and configuration changes.
  • Security review for changes affecting authentication, authorization, encryption, logging, retention, secrets, or data access.
  • Testing appropriate to the risk and scope of the change.
  • Approval before deployment where required.
  • Deployment records showing what changed, who changed it, when it changed, and who reviewed or approved it.
  • Rollback or mitigation plans for material changes.
  • Post-change validation.

Emergency changes may be made to address urgent operational or security issues but must be documented and reviewed after implementation.

18. SDLC and Secure Development Review

JnPCreations DBA Prezently follows secure software development lifecycle practices for systems that access, store, process, or transmit Amazon-related data.

Secure development practices include:

  • Source control for code and configuration.
  • Peer review of code changes.
  • Review of authentication and authorization changes.
  • Review of data handling and logging changes.
  • Dependency and vulnerability review where feasible.
  • Secure configuration review.
  • Testing before production deployment.
  • Separation of development, testing, and production environments where practical.
  • Avoidance of production data in development or testing unless specifically approved and protected.
  • Documentation of material design or control changes.
  • Remediation tracking for identified defects or vulnerabilities.

Critical security vulnerabilities are prioritized for remediation within 7 days of discovery where feasible. High-risk vulnerabilities are prioritized for remediation within 30 days of discovery where feasible.

19. Vulnerability and Patch Management

JnPCreations DBA Prezently maintains vulnerability and patch-management practices for systems involved in Amazon seller operations.

Controls include:

  • Monitoring for known vulnerabilities in operating systems, application dependencies, containers, cloud services, and third-party software.
  • Applying security patches according to risk.
  • Prioritizing critical and high-risk vulnerabilities.
  • Tracking remediation activity.
  • Reviewing exposed services and administrative access.
  • Removing unsupported or unnecessary software where practical.
  • Performing vulnerability scanning or dependency review where feasible.

20. Network and Infrastructure Security

Systems that process Amazon-related data are protected using network and infrastructure controls appropriate to their risk.

Controls may include:

  • Firewalls or cloud security groups.
  • Restricted inbound access.
  • Private networking where practical.
  • Secure administrative access.
  • Endpoint protection where applicable.
  • Malware protection where applicable.
  • Patch management.
  • Secure configuration baselines.
  • Monitoring and alerting.
  • Limiting public exposure of systems and services.
  • Administrative access logging.

Production access is restricted to authorized users and trusted services.

21. Download and Export Controls

JnPCreations DBA Prezently restricts downloading, exporting, and sharing Amazon-related data to approved business purposes.

Controls include:

  • Limiting exports to authorized users.
  • Avoiding unnecessary local storage of Amazon data.
  • Protecting exported files with access controls.
  • Encrypting exported files where appropriate.
  • Removing exported files when no longer needed.
  • Logging or tracking exports where feasible.
  • Using integrity checks, hashing, or equivalent validation where appropriate for sensitive files or transfers.

Downloaded Amazon data is treated according to its classification and is subject to retention, encryption, access-control, and disposal requirements.

22. Vendor and Subcontractor Management

Vendors, contractors, service providers, and subcontractors are granted access to Amazon-related data only when required for a legitimate business purpose.

Vendor controls include:

  • Reviewing vendor need before granting access.
  • Limiting vendor access to the minimum necessary.
  • Reviewing vendor security posture where appropriate.
  • Ensuring vendor access is removed when no longer required.
  • Applying contractual or procedural safeguards where applicable.
  • Reviewing vendors with access to Amazon-related data at least annually where practical.

Vendors are not permitted to use Amazon-related data for unrelated purposes.

23. Incident Response

JnPCreations DBA Prezently maintains an incident response process for suspected or confirmed security incidents, data leakage, unauthorized access, credential compromise, malware, loss of Amazon-related data, or misuse of Amazon systems.

The incident response process includes:

  • Identification and triage.
  • Containment.
  • Investigation.
  • Preservation and review of relevant logs.
  • Root-cause analysis.
  • Remediation.
  • Recovery.
  • Notification to Amazon, affected parties, regulators, or other required parties where applicable.
  • Post-incident review and control improvement.

JnPCreations DBA Prezently designates an incident management point of contact for security incidents.

Security incidents involving Amazon-related data are escalated promptly. Where required by Amazon policy, contract, or applicable law, Amazon will be notified within the required notification period.

24. Audit Cooperation and Evidence

JnPCreations DBA Prezently maintains records and evidence necessary to demonstrate compliance with this policy and applicable Amazon requirements.

Evidence may include:

  • Access reviews.
  • Change records.
  • Deployment records.
  • Security reviews.
  • Vulnerability remediation records.
  • Backup records.
  • Recovery test records.
  • Log-retention settings.
  • Incident records.
  • Vendor review records.
  • Encryption and key-management configuration evidence.
  • Policy acknowledgements where applicable.

JnPCreations DBA Prezently will cooperate with authorized audits, compliance reviews, or security assessments where required.

25. Policy Review and Maintenance

This policy is reviewed periodically and updated as needed to reflect changes in business operations, systems, data handling, Amazon requirements, legal obligations, security risks, or technology.