Amazon Data Protection
Last reviewed: May 6, 2026
This page summarizes how BuyCast.ai(“we”) handles information received from Amazon's Selling Partner API (“SP-API”) under the Amazon Selling Partner API Data Protection Policy (“DPP”). It is a plain-English mirror of the relevant sections of our Privacy Policy and the answers we have attested to in our SP-API developer application.
What is Amazon Information
We treat all data we receive from SP-API about a Customer's seller account — catalog, listings, order summaries, FBA inventory, settlements, financial events, and refund/return data — as “Amazon Information.” We process it solely to provide the Service to the seller who authorized the connection.
Our attestations
1. We do not collect Personally Identifiable Information about buyers
We do not request, collect, store, or process buyer name, shipping address, billing address, phone number, or email. Where SP-API responses contain such fields, we either do not request them, do not persist them, or strip them at ingestion before any data reaches durable storage.
2. We do not sell, rent, or share Amazon Information
We do not sell, rent, lease, trade, or otherwise distribute Amazon Information to any third party for that third party's own use. Subprocessors listed below act only as our processors under contract and only to deliver the Service to the authorizing Customer.
3. Encryption at rest
Amazon Information is encrypted at rest using AES-256, on AWS RDS, AWS S3, and AWS Secrets Manager, with AWS KMS. Customer-managed KMS keys are available on Enterprise contracts.
4. Encryption in transit
All SP-API traffic, application traffic, and database connections use TLS 1.2 or higher (TLS 1.3 by default). Database connections require SSL.
5. 30-day deletion on revocation or request
Sellers may revoke our access at any time from Amazon Seller Central → Apps and Services → Manage Your Apps. Upon revocation, account cancellation, or written request to privacy@buycast.ai, we delete all Amazon Information within 30 days, including from primary databases, indexes, caches, and the next backup-rotation window. We will provide written deletion confirmation on request. See /legal/data-deletion for the request form.
6. Single declared region
Amazon Information is stored exclusively in AWS us-east-1 (N. Virginia) and is not replicated to another AWS region or another cloud provider. This matches the storage region declared in our SP-API developer application.
7. No AI/ML model training on Amazon Information
Amazon Information is not used to train, fine-tune, or otherwise improve any general-purpose, foundation, or third-party AI/ML model — not by us, and not by our LLM providers. Our Copilot uses third-party LLMs (Anthropic, OpenAI) configured to the lowest available data-retention setting and opted out of training and abuse-monitoring review where the API supports it. Provider terms prohibit retaining Amazon Information for model training. We may build per-tenant retrieval indexes (RAG) over a Customer's own data; these indexes are scoped to the single Customer and are deleted on the schedule in Section 5.
8. Scoped writes and human-in-the-loop governance
Some features require SP-API roles that permit write actions back to Amazon (for example, the Pricing role for the Repricer module, or the Listings role for catalog updates). We request only the minimum roles required for the features Customer enables, and every write action is governed as follows:
- Repricer (Pricing API): off until Customer enables it; ships in dry-run mode by default. Price changes are generated, logged, and previewed without being submitted. Customer must explicitly switch a strategy to live mode and approve the guardrails (min price, max price, floor margin) before any Submit-Feed call is made. All submissions, accepted listings, and rejections are audit-logged with timestamp, actor, and reason.
- AI Copilot mutations: the Copilot has a small set of staged mutation tools (e.g., add to draft PO cart, update internal SKU metadata). The Copilot does not directly call SP-API write endpoints; staged actions land in a draft state that requires a human Customer user to approve before any external effect.
- Purchase orders:the “PO” in our purchasing workflow is a purchase order Customer issues to its own vendors. We do not generate or submit Vendor or Vendor Direct Fulfillment orders to Amazon on Customer's behalf.
- Kill-switch: Customer admins can disable any write surface (Repricer, Copilot mutations, sub-agent orchestrator) tenant-wide from a single setting. Disabling takes effect within 60 seconds and is enforced server-side.
Subprocessor access classification
| Subprocessor | Purpose | Region | Amazon Information access |
|---|---|---|---|
| Amazon Web Services | Hosting, RDS, S3, Secrets Manager, KMS | us-east-1 | Yes — processor |
| Anthropic | Copilot LLM | United States | Transient prompt context only; lowest available retention; opted out of training where supported |
| OpenAI | Alternate Copilot LLM | United States | Transient prompt context only; lowest available retention; opted out of training where supported |
| Stripe | Billing | United States | None |
| Amazon SES / Resend | Transactional email | United States | None |
| Vercel | Marketing site hosting, edge analytics | Global edge | None |
| PostHog | Product analytics (consent-gated) | United States | None |
| Sentry | Error monitoring with PII scrubbing | United States | None — sanitized error context only |
| Slack | Customer-side notifications (Customer-controlled webhook, optional) | United States | Outbound notification messages only (e.g., “Draft PO ready”); no buyer PII; only sent when Customer configures and enables a Slack integration |
| Cal.com | Public demo scheduling on the marketing site | United States / EU | None — prospect contact details only; never SP-API connected |
New subprocessors that would process Amazon Information are announced to Customers at least 30 days in advance, and Customers may object in writing.
Seller rights and how to exercise them
- Revoke access at any time— Amazon Seller Central → Apps and Services → Manage Your Apps.
- Request deletion — submit a request or email privacy@buycast.ai. 30-day SLA.
- Request a copy of your data— export from the app, or email privacy@buycast.ai.
- Security questionnaires — security@buycast.ai for procurement and customer security teams.
Incident response
We will notify affected Customers without undue delay and in any event within 72 hours of becoming aware of a confirmed security incident affecting Amazon Information. We will also notify Amazon as required under the SP-API Developer Agreement and the DPP.
Contact
Privacy & deletion: privacy@buycast.ai
Security: security@buycast.ai
Postal: Legend Software, LLC, c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA.