Legal

Amazon Data Handling and Protection Policy

Last updated: 2026-05-04

1. Scope

This policy describes how FireFeed, operated by Fire Feed S.r.l. (Innovative Start-up, Società Benefit — VAT 18446391007 — registered office: Via della Conciliazione 44, 00193 Roma (RM), Italy — PEC: firefeed@pec.it), handles "Amazon Information" — that is, information obtained through Amazon's Selling Partner API on behalf of authorized Amazon sellers, including catalog, order, shipping and recipient data. This policy is part of, and complements, the FireFeed Privacy Policy and the Terms of Service.

2. Data we process

FireFeed may process the following categories of Amazon Information, depending on the roles authorized by the seller and the features enabled:

  • Catalog data (titles, attributes, EAN/SKU/ASIN, images, prices, stock).
  • Order data (order ID, items, quantities, totals, status, dates).
  • Recipient and shipping data, including recipient name, shipping address and contact details where required to fulfill the order.
  • Operational metadata generated by SP-API interactions and feed publication.

3. Purposes

FireFeed processes Amazon order information solely to provide marketplace operations, order fulfillment, shipment preparation, shipment confirmation, inventory synchronization and customer support related to authorized seller accounts.

Recipient and shipping information is used only for order fulfillment and logistics workflows. FireFeed does not use Amazon customer personal data for advertising, profiling, resale, or unrelated analytics.

4. Operational basis

The processing of Amazon Information is performed on behalf of the seller, who authorizes FireFeed via Amazon's authorization flow. Processing is bounded by Amazon's applicable terms, the seller's instructions configured in FireFeed, and applicable laws.

5. Storage

Amazon Information is stored in production environments operated by FireFeed. Production storage is encrypted at rest, and sensitive fields (including recipient and shipping information) are additionally encrypted at the application layer using AES-256. Encryption keys are managed by a key-management facility with restricted access.

6. Retention

Personally Identifiable Information is retained only for the period required to complete order fulfillment and operational reconciliation, and is deleted or anonymized according to the retention period configured for the seller account and applicable Amazon policies.

Amazon customer PII is retained for no longer than 30 days after shipment completion unless a shorter retention period is configured or deletion is required earlier.

Operational metadata that does not contain PII may be retained for longer to support audit, support and security purposes, in line with applicable retention rules.

7. Access

  • Access to Amazon Information is restricted to authorized FireFeed personnel under role-based access control and least privilege.
  • Multi-factor authentication is required for all administrative access.
  • Access events to systems handling Amazon Information are logged and reviewed.

8. Security

FireFeed applies the technical and organizational measures described in the Security overview, including network protection, encryption in transit and at rest, credential and key management, logging and monitoring, vulnerability management, and incident response. SP-API tokens are stored in a managed secret store and rotated as required.

9. Third parties

FireFeed does not sell Amazon Information and does not share Amazon customer PII with third parties, except where strictly required for order fulfillment, shipping, legal obligations, or subprocessors listed in this policy.

Subprocessors used to operate the Service (such as cloud hosting, logging and monitoring providers) are bound by contractual confidentiality and data protection obligations consistent with this policy. The current list of subprocessors is available on request to privacy@fire-feed.com.

10. Deletion

  • Sellers can revoke FireFeed access at any time from their Amazon Seller Central account.
  • On revocation, FireFeed proceeds to the deletion or anonymization of the seller's Amazon Information held by FireFeed, in line with the configured retention.
  • Backups are rotated; data persisted in backups is removed in line with the documented backup rotation cycle.
  • Sellers may also request deletion by contacting privacy@fire-feed.com.

11. Incident response

FireFeed operates a documented incident response procedure covering detection, containment, analysis, recovery and post-mortem. Incidents involving Amazon Information are notified to Amazon within 24 hours of confirmed detection, in line with Amazon's Data Protection Policy.

12. Contact

For questions about this policy, contact privacy@fire-feed.com. For security incidents involving Amazon Information, contact security@fire-feed.com.