Important Notice
Shenzhen Juyi Technology Development Co., Ltd. (hereinafter referred to as "we", "JUYI", or "Company") understands the importance of data privacy. This Privacy Policy details how we collect, use, store, and protect merchant data obtained through Amazon SP-API.
Key Statement: We only use Amazon SP-API data strictly within the scope authorized by sellers, for the purpose of order management, inventory synchronization, and business-financial integration. We comply with Amazon's Acceptable Use Policy (AUP) and applicable data protection regulations.
1. Company Information
Company Name:Shenzhen Juyi Technology Development Co., Ltd.
Business Nature: Professional e-commerce service provider offering Order Management System (OMS) solutions for cross-border e-commerce sellers
Service Scope: Providing order management, inventory synchronization, financial settlement, and data analytics services to sellers through Amazon SP-API
2. Data Collection Scope
We only collect the following types of data through Amazon SP-API with explicit seller authorization:
Order Data
Order details, buyer information, delivery addresses, order status, payment information for order processing and customer service support.
Inventory Data
Product inventory levels, available quantities, reserved stock, inventory movement records for inventory management and replenishment alerts.
Financial Data
Sales revenue, fee details, settlement reports, refund records for financial accounting and profit analysis.
Product Data
Product information, pricing, descriptions, images, categories for product management and listing optimization.
Report Data
Sales reports, advertising data, traffic statistics for business analysis and decision support.
Account Data
Seller account information, store settings, API authorization scope for account management and service configuration.
3. Data Usage Purpose
We strictly use collected data for the following purposes and never exceed the authorized scope:
| Data Type | Usage Purpose | Specific Functions |
|---|---|---|
| Order Data | Order Management & Processing | Automatic order synchronization, shipping processing, logistics tracking, refund processing |
| Inventory Data | Inventory Sync & Management | Real-time inventory updates, replenishment alerts, multi-warehouse management |
| Financial Data | Financial Settlement & Analysis | Automatic reconciliation, profit calculation, tax management, financial reporting |
| Product Data | Product Management & Optimization | Listing management, price monitoring, product information maintenance |
| Report Data | Data Analysis & Decision Support | Business analysis, trend forecasting, operational optimization recommendations |
4. Data Security Measures
Data Protection Measures We Implement
AES-256 encryption for all sensitive data storage
TLS 1.2+ encryption protocols for all data transmission
Strict role-based access control (RBAC) implementation
Comprehensive logging of all data access and operations
Automated data backup and disaster recovery systems
24/7 security monitoring and anomaly detection
Technical Security Standards
- Data Isolation: Complete isolation of each customer's data to ensure data security
- Permission Management: Principle of least privilege - staff only access work-necessary data
- Regular Audits: Regular security audits and vulnerability scanning
- Compliance Certification: Compliance with ISO 27001 information security management standards
5. Data Sharing and Disclosure
Data Non-Disclosure Commitment
We solemnly commit that:
- Never Sell Data: We never sell customer data to any third party
- Never Share Data: Except as required by law, we do not share customer data with any third party
- Strict Internal Use: Data is only used to provide authorized services to customers
- Employee Confidentiality: All employees sign confidentiality agreements to strictly protect customer data
Only Exception Circumstances:
- When disclosure is required by law or regulation
- Necessary circumstances to protect our or others' legitimate interests
- Specific situations with explicit customer consent
6. Data Retention and Deletion
Data Retention Period
- During Service Period: We retain necessary data during service provision to ensure normal service operation
- After Service Termination: We will delete all customer data within 30 days after service termination
- Legal Requirements: Data required to be retained by law will be kept for the minimum period required by law
Data Deletion Process
- Customers may request deletion of their data at any time
- We will complete deletion within 7 business days of receiving a deletion request
- Deletion process includes all related data in backups and logs
- Written confirmation will be provided to customers upon completion of deletion
7. User Rights
Under applicable data protection laws, you have the following rights:
Right to Access
You have the right to know what data we have collected about you and how it is used.
Right to Rectification
You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure
You have the right to request deletion of your personal data (subject to legal restrictions).
Right to Restrict Processing
You have the right to request restriction of processing your data.
Right to Data Portability
You have the right to obtain your data in a structured, commonly used, machine-readable format.
Right to Object
You have the right to object to our processing of your personal data.
8. Compliance Statement
We strictly comply with the following regulations and standards:
- Amazon SP-API Acceptable Use Policy (AUP)
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- China's Cybersecurity Law and Data Security Law
- Other applicable regional data protection laws
9. Legal Basis for Data Processing
We process your data based on the following legal grounds:
- Contract Performance: To fulfill the service contract signed with you
- Legitimate Interests: For our or third parties' legitimate interests
- Consent: With your explicit consent to process specific data
- Legal Obligation: To comply with applicable legal obligations
10. International Data Transfer
If cross-border data transfer is required, we will:
- Only transfer to countries or regions with adequate data protection levels
- Use standard contractual clauses or other appropriate safeguards
- Ensure recipients undertake the same data protection obligations as us
- Obtain your explicit consent before transfer (if required by law)
11. Privacy Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. For significant changes, we will:
- Post the updated Privacy Policy on our website
- Notify users via email or system notifications
- Obtain your renewed consent when required by law
- Maintain at least 30 days' notice period
12. Data Breach Response Plan
In the event of a data breach, we will:
- Report within 72 hours to regulatory authorities (if required by law)
- Immediately notify affected users
- Provide detailed information about the nature of the breach, potential impact, and our response measures
- Offer recommendations to help users reduce potential risks
- Conduct thorough investigation and take measures to prevent similar incidents
13. Children's Privacy
Our services are not directed at children under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information promptly.
14. Third-Party Services
Our service may integrate with third-party services (such as Amazon SP-API). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you use.
15. Data Subject Rights Under GDPR
If you are located in the European Economic Area (EEA), you have additional rights under GDPR:
- Right to withdraw consent at any time
- Right to lodge a complaint with a supervisory authority
- Right to receive information about data processing in a concise, transparent, intelligible form
- Right to be informed of any automated decision-making, including profiling
16. California Privacy Rights (CCPA)
If you are a California resident, you have the right to:
- Know what personal information we collect, use, disclose, and sell
- Delete personal information we have collected from you
- Opt-out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights