Privacy Policy
Privacy Policy
Privacy Policy
Effective Date: [18.11.2022]
This Privacy Policy explains how Leap Horse (“we,” “our,” or “us”) collects, uses, processes, stores, and disposes of data obtained through our application, including Personally Identifiable Information (PII) obtained via the Amazon Seller Partner API (“SP-API”). We are committed to safeguarding your privacy and ensuring the secure handling of all Amazon data in accordance with applicable privacy laws, including the General Data Protection Regulation (GDPR), and Amazon’s Acceptable Use Policy (AUP) and Data Protection Policy (DPP).
1. Data Collection
We collect data only to the extent necessary for the operation of our application, including:
- Personally Identifiable Information (PII): We collect PII such as shipping details, names, and contact information to process customer orders, manage deliveries, and provide customer support.
- Non-PII Data: Other non-personally identifiable data (such as ad spend and dispatch statuses) may be collected to enhance operational efficiency.
2. Data Usage
Data collected via Amazon SP-API is used solely for the following purposes:
- Processing and fulfilling customer orders.
- Managing dispatch statuses and tracking order progress.
- Providing customer support, including notifications about orders and responding to customer inquiries.
- Ensuring compliance with Amazon policies and applicable laws, including GDPR.
We do not share or sell any Amazon data to third parties unless strictly required for operational purposes (e.g., couriers for shipping). In such cases, we ensure that third parties adhere to equivalent privacy standards.
3. Data Storage and Security
We use industry-standard encryption (AES-256) to protect data both at rest and in transit:
- Data is stored in secure databases with access restricted to authorised personnel only, based on Role-Based Access Control (RBAC).
- Encryption keys are managed via a secure Key Management System (KMS).
- Regular backups are created, encrypted, and stored in secure, geographically redundant locations.
- All access to Amazon Information is logged and monitored for security purposes.
4. Data Sharing
We do not share Amazon Information with any external parties except where required by law or with trusted third-party service providers who process the data under strict confidentiality agreements and only for the purposes described in this policy. We maintain internal systems for handling all Amazon data securely and responsibly.
5. Data Retention and Disposal
We retain Amazon data only for as long as necessary for fulfilling orders and complying with legal and operational obligations. Once data is no longer needed, it is securely disposed of in accordance with Amazon’s data disposal policies:
- Data is anonymised or deleted after the legal retention period ends.
- All data deletion is performed securely using certified methods to ensure that it cannot be recovered.
6. Monitoring, Logging, and Security Measures
We have implemented robust monitoring systems to detect and prevent unauthorised access or malicious activity. Our systems include:
- Intrusion Detection Systems (IDS) that monitor for anomalies and flag potential security threats.
- Continuous logging of all access to Amazon data, with regular reviews to ensure system integrity.
- Real-time alerts are triggered for suspicious activities, and our security team takes immediate action when necessary.
6. Monitoring, Logging, and Security Measures
We have implemented robust monitoring systems to detect and prevent unauthorised access or malicious activity. Our systems include:
- Intrusion Detection Systems (IDS) that monitor for anomalies and flag potential security threats.
- Continuous logging of all access to Amazon data, with regular reviews to ensure system integrity.
- Real-time alerts are triggered for suspicious activities, and our security team takes immediate action when necessary.
7. Incident Response Plan
In the event of a data breach, our incident res
ponse plan ensures immediate action:
- The affected systems are isolated to prevent further damage.
- A forensic analysis is conducted to determine the extent of the breach.
- Amazon and any other relevant stakeholders are promptly notified.
- Data recovery procedures are executed using encrypted backups.
- Post-incident reviews are conducted to improve security measures and prevent recurrence.
8. Employee Access Controls
We restrict access to Amazon data using role-based access controls (RBAC):
- Employees are granted access on a need-to-know basis, and each employee is uniquely identified.
- Multi-factor authentication (MFA) is required for access to sensitive systems.
- Regular audits ensure that access privileges are reviewed and adjusted as necessary.
9. Use of PII
We require access to PII solely for order fulfilment purposes, including shipping, delivery confirmation, and customer communication. PII is not used for any other purpose, and we strictly adhere to GDPR and Amazon’s data protection policies in handling PII.
10. Data Protection and Vulnerability Management
We actively manage and address security vulnerabilities:
- Regular vulnerability scans and penetration tests are conducted to identify risks.
- Detected vulnerabilities are logged and remediated through a centralised tracking system.
- Our security team conducts weekly reviews to ensure that all issues are addressed promptly.
- Secure coding practices and peer code reviews are employed throughout the development lifecycle to prevent code vulnerabilities.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our data handling practices or applicable laws. When we do, we will update the effective date at the top of this policy. Continued use of our services after any modifications constitutes acceptance of these changes.
12. Contact Information
If you have any questions or concerns regarding this Privacy Policy, please contact us at info@leaphorse.com
Post With Slideshow
At quo atqui splendide scripserit, periculis interpretaris vix ut. Ne quo solum placerat. An falli gubergren assentior cum, in nam labitur ancillae senserit, ut sea propriae facilisi maiestatis. Est verterem lobortis ei.