Amazon SP-API Data Protection & Handling Policy

This policy outlines the technical and operational controls implemented by Regton Ltd to safeguard Amazon Information accessed via the Selling Partner API (SP-API) for our internal application "ShipOS".

1. Data Minimization & Usage

We collect Personally Identifiable Information (PII) exclusively for order fulfillment and shipping label generation via Amazon Buy Shipping. Data is processed in-memory and used solely for its intended operational purpose. No data is used for marketing or profiling.

2. Retention & Disposal

Amazon PII is retained for a maximum of 30 days post-fulfillment. After this period, data is automatically purged from all production databases and operational backups. We do not maintain long-term archives of buyer PII.

3. Encryption & Security

All data at rest is encrypted using AES-256 (industry-standard) with keys managed via AWS KMS. Data in transit is protected by TLS 1.2+. Our infrastructure is protected by firewalls, IDS/IPS, and strict network segmentation.

4. Access Control

Access is granted based on the Principle of Least Privilege (PoLP). We enforce MFA for all users, unique identities, and a 12-character password policy with annual rotation. Generic or shared accounts are strictly prohibited.

Last updated: February 2026 | Regton Ltd Security Team | admin@regton.com

()

()

Amazon SP-API Data Protection & Handling Policy

1. Data Minimization & Usage

2. Retention & Disposal

3. Encryption & Security

4. Access Control

Cookie Settings