Amazon AUP & DPP compliant data handling
Legal

Privacy Policy

How Inwizards handles Amazon Selling Partner API (SP-API) data

Effective date: July 16, 2026  |  Last updated: July 16, 2026

Data controller / provider: Inwizards Software Technology Private Limited — info@inwizards.com

This Privacy Policy explains how Inwizards Software Technology Private Limited ("Inwizards", "we", "us") handles data obtained through the Amazon Selling Partner API (SP-API) in connection with the Amazon Connector for Odoo application. It applies to all Amazon Information the application accesses on behalf of an authorizing Amazon Selling Partner ("seller"). We comply with the Amazon Acceptable Use Policy (AUP) and the Amazon Data Protection Policy (DPP).

1. What data we collect

With the seller's authorization, the application may access the following categories of Amazon Information to deliver its features:

2. How we collect it

Amazon Information is collected only through authorized SP-API endpoints, after the seller grants explicit consent via Amazon's official authorization (Login with Amazon / OAuth) flow. We do not scrape Amazon, and we do not obtain Amazon Information from any external, third-party, or unauthorized source.

3. How we process and store it

The application is deployed within the seller's own Odoo environment. Amazon Information is processed to synchronize orders, inventory, listings, fulfillment, shipping, and tax records between Amazon and Odoo. Data is protected with TLS 1.2+ encryption in transit and AES-256 encryption at rest. SP-API credentials (API keys and refresh tokens) are stored encrypted using a secrets management system and are never hard-coded or stored in plaintext or public repositories.

4. How we use it

Amazon Information is used solely to provide the integration features the seller has enabled. We do not use Amazon Information for advertising, marketing, resale, model training, independent analytics, or any purpose other than the seller-authorized operation of the application.

5. How we share it

We do not sell or share Amazon Information with third parties for their own use. Limited disclosure occurs only as strictly necessary to complete the seller's own operations — for example, providing a shipping address to the carrier selected to deliver that order. Any such processing is limited to what is required to fulfill the order and is subject to this policy. We do not transfer Amazon Information to Inwizards' own infrastructure for independent use.

6. Retention & disposal

Personally identifiable information (PII) is retained only as long as needed to provide the service, and no longer than 30 days after order delivery, except where a longer period is required by law and solely to comply with that legal obligation. When no longer required, PII is securely deleted using industry-standard secure-deletion procedures.

7. Security controls

8. Seller & data-subject rights

Sellers may revoke the application's SP-API authorization at any time through Amazon Seller Central, which stops further data access. Sellers or their buyers may request access, correction, or deletion of personal data handled by the application by contacting us at info@inwizards.com. We honor deletion requests in accordance with Amazon's DPP and applicable law.

9. Security incidents

We maintain a documented incident response plan covering detection, containment, assessment, notification, remediation, and post-incident review. In the event of a confirmed security incident involving Amazon Information, we notify Amazon at security@amazon.com and affected sellers within 24 hours of detection.

10. Contact

Inwizards Software Technology Private Limited
Email: info@inwizards.com
For security incidents, contact our Incident Management Point of Contact via the same address; we respond within 4 hours.

This policy is specific to Amazon SP-API data handling. It may be updated from time to time; the "Last updated" date above reflects the current version.

AI Agents Odoo + AI Amazon Connector Privacy Policy
Request a Demo