Recharge with ₹500 & Get ₹250 Bonus Credits! Start shipping smarter today with ParcelX!

Data Protection & Security Policy (For Amazon Review)

ParcelX – Data Protection & Security Policy

This document outlines how ParcelX protects data accessed via the Amazon Selling Partner API (SP-API) and customer data.

Data Handling Principles

  • Data Minimization: Only essential order and customer details required for shipping are accessed.
  • Purpose Limitation: Amazon data is used only for order fulfillment.
  • Restricted Access: Only authorized employees with shipping-related duties may access Amazon data.

Data Retention & Disposal

  • Amazon SP-API Data: Retained for no longer than 30 days after order completion, unless required for disputes or law.
  • Backup Retention: Encrypted backups stored for 90 days maximum.
  • Secure Deletion: Expired data is permanently erased using NIST SP 800-88 standards.

Security Measures

Encryption Standards

  • Data in transit: TLS 1.2+
  • Data at rest: AES-256
  • Passwords: Salted & hashed (bcrypt/SHA-256)

Access Management

  • MFA required for all developer and admin accounts
  • Role-based access with “least privilege” enforcement
  • Employee offboarding triggers immediate credential revocation

System Monitoring & Logging

  • Centralized logging of all Amazon API calls
  • Logs retained for 90 days for investigation
  • Automated alerts on suspicious access

Infrastructure Security

  • Hosted on ISO 27001, SOC 2 compliant cloud providers
  • Regular patching & vulnerability scanning
  • Web Application Firewall (WAF) for API protection

Incident Response Plan

  • Detection: Continuous monitoring & intrusion detection
  • Containment: Isolate affected servers immediately
  • Notification: Amazon & regulators notified within 72 hours if breach involves SP-API data
  • Recovery: Data restored from secure backups
  • Post-Mortem: Root cause analysis & policy improvements documented

Employee Training & Governance

  • All employees undergo annual data protection training
  • Signed Confidentiality & NDA agreements are mandatory
  • Regular phishing & security awareness simulations

Legal & Regulatory Compliance

  • DPDPA 2023 (India) – Consent, purpose limitation, user rights
  • IT Act 2000 & IT Rules 2011 – Reasonable security practices
  • Amazon SP-API Policy – Data must not be shared, resold, or misused
  • GDPR (where applicable) – Data subject rights, secure processing

Contact for Security Concerns

Data Protection Officer (DPO)

Email: [email protected]

Address: Unit No. 8.4, 8th Floor, Eco Towers, Plot A-14, Sector-125, Noida – 201301, UP, India