• Wish List
    Your Wish List -

    You have no item in your wish list.

Amazon Data Handling Policy (Hidemont)

1. Introduction and Scope

This Data Handling Policy outlines the procedures and technical controls implemented by Hidemont to ensure the security, confidentiality, and integrity of Amazon Information. This policy is designed to comply with the Amazon Data Protection Policy (DPP) and applies to all employees, systems, and internal processes involved in the management of data retrieved through the Amazon Selling Partner API (SP-API).

2. Data Collection and Purpose

We collect and process Amazon Information, including Personally Identifiable Information (PII) such as Buyer Names, Shipping Addresses, Phone Numbers, and specific Personalization Data (e.g., custom text for engravings).

  • Purpose: Data is used exclusively for the automated synchronization of orders, manufacturing of personalized leather goods, and Merchant Fulfilled Network (FBM) fulfillment.

  • Limitation: We do not use Amazon Information for marketing, nor do we sell or share it with third parties. Data is used strictly for internal operations.

3. Data Storage and Encryption at Rest

All Amazon Information is stored within our secure internal infrastructure.

  • Encryption Method: We utilize Transparent Data Encryption (TDE) at the Microsoft SQL Server database level. All data pages, backups, and logs are encrypted at rest using the industry-standard AES-256 algorithm.

  • Key Management: We implement a hybrid Key Management strategy using HashiCorp Vault as the authoritative secure repository. Encryption certificates are further protected by the Windows Data Protection API (DPAPI), binding them to authorized hardware. Keys are stored logically and physically separate from the encrypted data.

4. Network Protection and Access Control

  • Network Isolation: Our database servers reside in a dedicated, isolated private subnet behind a hardware firewall. No databases or file servers have direct public IP exposure.

  • Remote Access: Access is permitted only through a secure VPN with Multi-Factor Authentication (MFA).

  • Individual Identification: Each employee is assigned a unique system ID. Shared accounts are strictly prohibited. Access is granted on a "need-to-know" basis using Role-Based Access Control (RBAC) within our 1C ERP system.

  • Brute-Force Protection: Our systems automatically block source IPs for 30 minutes after 5 failed login attempts.

5. Data Retention and Deletion

Hidemont strictly adheres to Amazon’s data retention requirements:

  • 30-Day Purge: All Personally Identifiable Information (PII) and personalization strings are automatically and permanently deleted (purged) from our active databases 30 days after order shipment.

  • Archiving: Only anonymized financial data and transaction IDs are retained for up to 7 years to comply with statutory tax and accounting laws.

  • Backup Security: Backups are managed via Veeam with AES-256 encryption and stored in a geographically separated data center.

6. Asset Management and Prevention of Exposure

  • Device Control: We implement a "Deny All" policy for removable storage via Group Policy Objects (GPO). Hardware USB ports are disabled to prevent data exfiltration.

  • Testing: Real Amazon PII is never used in development or staging environments. Only synthetic (dummy) datasets are used for testing purposes.

  • No Hardcoded Secrets: API credentials and keys are never embedded in source code; they are retrieved programmatically at runtime from HashiCorp Vault.

7. Monitoring and Incident Response

  • Logging: We use a centralized logging system (Zabbix and Windows Event Logs) to monitor for suspicious activities, such as unauthorized access attempts or bulk data exports.

  • Incident Response Plan: In the event of a confirmed security breach, Hidemont will isolate the affected systems and notify Amazon Security ([email protected]) within 24 hours.

Contact Us
Sale
Favorites
Compare