Privacy and Data Handling Policy

Last Updated: March 2026

1. Overview

This Privacy and Data Handling Policy describes how Fuzhou Taijang Zhimeng Future Electronic Technology Co., Ltd. ("we," "our," or "the Company") collects, processes, stores, uses, shares, and disposes of data obtained through the Amazon Selling Partner API (SP-API). This policy is established in accordance with Amazon's Data Protection Policy (DPP), the General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA).

2. Data Collection

We collect only the minimum data necessary to fulfill our business operations as an Amazon seller. Data is collected exclusively through the official Amazon Selling Partner API (SP-API) and includes:

• Buyer name and shipping address (PII) — for order fulfillment purposes only
• Order details (order ID, item information, order status)
• Shipment tracking information
• Financial and fee data — for internal accounting purposes

We do not collect data through any unofficial third-party sources, scrapers, or non-Amazon APIs.

3. Data Processing and Use

All data collected through SP-API is used strictly for the following authorized purposes:

• Generating shipping labels and arranging carrier pickup and delivery
• Updating order and shipment status back to Amazon
• Address validation and formatting for shipping compliance
• Internal financial reconciliation and profit analysis

We do not use any Amazon data — especially Personally Identifiable Information (PII) — for marketing, advertising, analytics, or any purpose beyond order fulfillment. All data processing is performed by authorized internal personnel only.

4. Data Storage

• All sensitive data, including PII, is encrypted at rest using AES-256 encryption.
• Data is stored on secured cloud infrastructure (AWS) within private, access-controlled environments.
• PII is retained for no longer than 30 days after order delivery, after which it is permanently and securely deleted or anonymized.
• Financial records required for tax or legal compliance may be retained for a longer period as required by applicable law, stored in an offline, access-controlled environment.

5. Data Sharing

We do not sell, rent, or share Amazon data with any third parties for commercial purposes. Data sharing is strictly limited to:

• Logistics carriers (e.g., UPS, FedEx, SF Express): Only the minimum shipping information (recipient name, address) necessary to complete delivery is shared.
• No other third parties receive access to Amazon data under any circumstances.

All data shared with logistics partners is transmitted over encrypted channels (TLS 1.2+) and is subject to confidentiality obligations.

6. Data Disposal

We permanently and securely delete all Amazon data in accordance with the following schedule:

• PII: Deleted within 30 days of order delivery
• Non-PII operational data: Deleted within 18 months unless required by law
• All live instances of data: Permanently deleted within 90 days of Amazon's deletion request

Deletion is performed using industry-standard sanitization processes consistent with NIST 800-88 guidelines. Printed documents containing PII are securely shredded.

7. Data Security Measures

We implement the following technical and organizational security controls to protect Amazon data:

• Encryption in transit: All data transmitted over networks uses TLS 1.2+ protocols
• Access control: Role-based access control (RBAC) with least privilege principles; only authorized personnel may access Amazon data
• Multi-Factor Authentication (MFA): Required for all accounts with access to Amazon data
• Data Loss Prevention (DLP): Tools deployed to monitor and prevent unauthorized data movement
• Audit logging: All access to Amazon data is logged and retained for a minimum of 12 months
• Vulnerability management: Monthly vulnerability scans and annual penetration testing
• Employee training: Annual data protection and security awareness training for all staff

8. Incident Response

In the event of a confirmed or suspected security incident involving Amazon data:

• We will notify Amazon at [email protected] within 24 hours of detection
• We will immediately contain the incident (revoke credentials, isolate affected systems)
• We will conduct a full investigation and document remediation actions
• We will notify relevant regulatory authorities as required by applicable law

9. Data Subject Rights

Individuals whose personal data we process have the right to:

• Access: Request a copy of their personal data we hold
• Rectification: Request correction of inaccurate data
• Erasure: Request deletion of their personal data
• Restriction: Request that we stop processing their data

To exercise any of these rights, please contact us at: 📧 privacy@tianshanet.com

10. Policy Review and Updates

This policy is reviewed and updated at least annually, or following any major change to our systems or data processing activities. The date of the most recent update is indicated at the top of this document.

11. Contact Information

For any questions regarding this policy or our data handling practices, please contact:

Fuzhou Taijang Zhimeng Future Electronic Technology Co., Ltd. 📧 privacy@tianshanetcom 🌐 tianshanet.com

This policy is compliant with Amazon's Data Protection Policy (DPP), GDPR, and CCPA requirements.