Recharge with ₹500 & Get ₹250 Bonus Credits! Start shipping smarter today with ParcelX!
Data Protection & Security Policy (For Amazon Review)
ParcelX – Data Protection & Security Policy
This document outlines how ParcelX protects data accessed via the Amazon Selling Partner API (SP-API) and customer data.
Data Handling Principles
- Data Minimization: Only essential order and customer details required for shipping are accessed.
- Purpose Limitation: Amazon data is used only for order fulfillment.
- Restricted Access: Only authorized employees with shipping-related duties may access Amazon data.
Data Retention & Disposal
- Amazon SP-API Data: Retained for no longer than 30 days after order completion, unless required for disputes or law.
- Backup Retention: Encrypted backups stored for 90 days maximum.
- Secure Deletion: Expired data is permanently erased using NIST SP 800-88 standards.
Security Measures
Encryption Standards
- Data in transit: TLS 1.2+
- Data at rest: AES-256
- Passwords: Salted & hashed (bcrypt/SHA-256)
Access Management
- MFA required for all developer and admin accounts
- Role-based access with “least privilege” enforcement
- Employee offboarding triggers immediate credential revocation
System Monitoring & Logging
- Centralized logging of all Amazon API calls
- Logs retained for 90 days for investigation
- Automated alerts on suspicious access
Infrastructure Security
- Hosted on ISO 27001, SOC 2 compliant cloud providers
- Regular patching & vulnerability scanning
- Web Application Firewall (WAF) for API protection
Incident Response Plan
- Detection: Continuous monitoring & intrusion detection
- Containment: Isolate affected servers immediately
- Notification: Amazon & regulators notified within 72 hours if breach involves SP-API data
- Recovery: Data restored from secure backups
- Post-Mortem: Root cause analysis & policy improvements documented
Employee Training & Governance
- All employees undergo annual data protection training
- Signed Confidentiality & NDA agreements are mandatory
- Regular phishing & security awareness simulations
Legal & Regulatory Compliance
- DPDPA 2023 (India) – Consent, purpose limitation, user rights
- IT Act 2000 & IT Rules 2011 – Reasonable security practices
- Amazon SP-API Policy – Data must not be shared, resold, or misused
- GDPR (where applicable) – Data subject rights, secure processing
Contact for Security Concerns
Data Protection Officer (DPO)
Email: [email protected]
Address: Unit No. 8.4, 8th Floor, Eco Towers, Plot A-14, Sector-125, Noida – 201301, UP, India