Privacy Policy

Privacy Policy

Effective Date: [18.11.2022]

This Privacy Policy explains how Leap Horse (“we,” “our,” or “us”) collects, uses, processes, stores, and disposes of data obtained through our application, including Personally Identifiable Information (PII) obtained via the Amazon Seller Partner API (“SP-API”). We are committed to safeguarding your privacy and ensuring the secure handling of all Amazon data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), and Amazon’s Acceptable Use Policy (AUP) and Data Protection Policy (DPP).

1. Data Collection

We collect data only to the extent necessary for the operation of our application, including:

• Personally Identifiable Information (PII): We collect PII such as shipping details, names, and contact information to process customer orders, manage deliveries, and provide customer support.
• Non-PII Data: Other non-personally identifiable data (such as ad spend and dispatch statuses) may be collected to enhance operational efficiency.

2. Data Usage

Data collected via Amazon SP-API is used solely for the following purposes:

• Processing and fulfilling customer orders.
• Managing dispatch statuses and tracking order progress.
• Providing customer support, including notifications about orders and responding to customer inquiries.
• Ensuring compliance with Amazon policies and applicable laws, including GDPR.

We do not share or sell any Amazon data to third parties unless strictly required for operational purposes (e.g., couriers for shipping). In such cases, we ensure that third parties adhere to equivalent privacy standards.

3. Data Storage and Security

We use industry-standard encryption (AES-256) to protect data both at rest and in transit:

• Data is stored in secure databases with access restricted to authorised personnel only, based on Role-Based Access Control (RBAC).
• Encryption keys are managed via a secure Key Management System (KMS).
• Regular backups are created, encrypted, and stored in secure, geographically redundant locations.
• All access to Amazon Information is logged and monitored for security purposes.

4. Data Sharing

We do not share Amazon Information with any external parties except where required by law or with trusted third-party service providers who process the data under strict confidentiality agreements and only for the purposes described in this policy. We maintain internal systems for handling all Amazon data securely and responsibly.

5. Data Retention and Disposal

We retain Amazon data only for as long as necessary for fulfilling orders and complying with legal and operational obligations. Once data is no longer needed, it is securely disposed of in accordance with Amazon’s data disposal policies:

• Data is anonymised or deleted after the legal retention period ends.
• All data deletion is performed securely using certified methods to ensure that it cannot be recovered.

6. Monitoring, Logging, and Security Measures

We have implemented robust monitoring systems to detect and prevent unauthorised access or malicious activity. Our systems include:

• Intrusion Detection Systems (IDS) that monitor for anomalies and flag potential security threats.
• Continuous logging of all access to Amazon data, with regular reviews to ensure system integrity.
• Real-time alerts are triggered for suspicious activities, and our security team takes immediate action when necessary.