How Inwizards handles Amazon Selling Partner API (SP-API) data
This Privacy Policy explains how Inwizards Software Technology Private Limited ("Inwizards", "we", "us") handles data obtained through the Amazon Selling Partner API (SP-API) in connection with the Amazon Connector for Odoo application. It applies to all Amazon Information the application accesses on behalf of an authorizing Amazon Selling Partner ("seller"). We comply with the Amazon Acceptable Use Policy (AUP) and the Amazon Data Protection Policy (DPP).
With the seller's authorization, the application may access the following categories of Amazon Information to deliver its features:
Amazon Information is collected only through authorized SP-API endpoints, after the seller grants explicit consent via Amazon's official authorization (Login with Amazon / OAuth) flow. We do not scrape Amazon, and we do not obtain Amazon Information from any external, third-party, or unauthorized source.
The application is deployed within the seller's own Odoo environment. Amazon Information is processed to synchronize orders, inventory, listings, fulfillment, shipping, and tax records between Amazon and Odoo. Data is protected with TLS 1.2+ encryption in transit and AES-256 encryption at rest. SP-API credentials (API keys and refresh tokens) are stored encrypted using a secrets management system and are never hard-coded or stored in plaintext or public repositories.
Amazon Information is used solely to provide the integration features the seller has enabled. We do not use Amazon Information for advertising, marketing, resale, model training, independent analytics, or any purpose other than the seller-authorized operation of the application.
We do not sell or share Amazon Information with third parties for their own use. Limited disclosure occurs only as strictly necessary to complete the seller's own operations — for example, providing a shipping address to the carrier selected to deliver that order. Any such processing is limited to what is required to fulfill the order and is subject to this policy. We do not transfer Amazon Information to Inwizards' own infrastructure for independent use.
Personally identifiable information (PII) is retained only as long as needed to provide the service, and no longer than 30 days after order delivery, except where a longer period is required by law and solely to comply with that legal obligation. When no longer required, PII is securely deleted using industry-standard secure-deletion procedures.
Sellers may revoke the application's SP-API authorization at any time through Amazon Seller Central, which stops further data access. Sellers or their buyers may request access, correction, or deletion of personal data handled by the application by contacting us at info@inwizards.com. We honor deletion requests in accordance with Amazon's DPP and applicable law.
We maintain a documented incident response plan covering detection, containment, assessment, notification, remediation, and post-incident review. In the event of a confirmed security incident involving Amazon Information, we notify Amazon at security@amazon.com and affected sellers within 24 hours of detection.
Inwizards Software Technology Private Limited
Email: info@inwizards.com
For security incidents, contact our Incident Management Point of Contact via the same address; we respond within 4 hours.