We are committed to protecting the privacy and security of your personal information and data. This Privacy Policy explains how we collect, use, store, protect, share, and delete data when providing Amazon Seller Central management services, including PPC optimization, account management, listing edits, and related consulting. We comply with Amazon’s Data Protection Policy (DPP), Acceptable Use Policy (AUP), and applicable laws such as GDPR and CCPA.

This policy applies to data we access or receive from clients (e.g., Amazon sellers) via authorized access to Seller Central accounts through the Solution Provider Portal (SPP). We do not collect data from website visitors unless submitted via our contact form.

1. Information We Collect

We collect and process the following types of data only with explicit client authorization:

  • Amazon Seller Data: Performance metrics (e.g., sales reports, ad spend, ACoS, inventory levels), account health details, product listings, and other Seller Central information necessary for our services.
  • Client Personal Information: Names, emails, business addresses, and payment details provided during onboarding or consultations.
  • Usage Data: Logs of interactions with our tools or services for troubleshooting.
  • No Sensitive PII: We do not access or store sensitive personally identifiable information (PII) such as buyer names, addresses, or payment details—Amazon redacts this in SPP-authorized access.

Data is collected solely through secure, authorized channels like SPP invitations or client-shared reports.

2. How We Use Your Information

We use data exclusively to provide and improve our services:

  • Optimizing Amazon PPC campaigns, managing inventory/pricing, troubleshooting account issues, and creating/editing listings (e.g., graphics, A+ content).
  • Generating performance reports and insights for clients.
  • Processing payments and billing based on customized agreements (e.g., hourly rates, monthly retainers, or project-specific fees tailored to each client’s needs).
  • Internal analysis to enhance service quality (anonymized where possible).
  • Compliance with legal obligations or Amazon policies (e.g., notifying Amazon of incidents per our Incident Response Plan).

We do not use data for marketing, selling to third parties, or any unrelated purposes. Billing and payment information is used solely for invoicing under our flexible pricing models, which vary by client (e.g., no fixed percentages advertised, as structures depend on account size, scope, and negotiations).

3. Data Storage and Security

  • Storage: Data is stored on secure, encrypted servers (e.g., password-protected devices with AES-256 encryption) and cloud services compliant with Amazon DPP (e.g., no public sharing).
  • Security Measures: We use multi-factor authentication (MFA), antivirus software, regular backups, and access controls. Access is limited to authorized personnel (currently only Anthony James as a solo operation).
  • Incident Response: Per our written Incident Response Plan, we monitor for threats, isolate issues, and notify Amazon at security@amazon.com within 24 hours of detecting incidents involving Amazon data.

4. Sharing of Information

We do not share, sell, or disclose your data except:

  • With Amazon, as required by SPP/AUP (e.g., for audits or incident reporting).
  • With your explicit consent (e.g., to subcontractors, but we currently use none).
  • As required by law (e.g., subpoenas), with notice to you where possible.

No data is shared with third parties for marketing or unrelated uses.

5. Data Retention and Deletion

  • Retention: We retain data only as long as needed for services (typically contract duration + 90 days for backups).
  • Deletion: Upon request or contract termination, we securely delete all data (e.g., via overwrite methods). Clients can request deletion anytime via email.
  • Automated: Inactive data is deleted after 12 months unless otherwise agreed.

6. Your Rights

You have the right to:

  • Access, correct, or delete your data.
  • Object to processing or withdraw consent (though this may end services).
  • Contact us for a data export.

To exercise rights, email info@ethos-commerce.com. We respond within 30 days.

7. Children’s Privacy

Our services are not for children under 18; we do not knowingly collect their data.

8. International Transfers

Data may be processed in the US; we ensure DPP-compliant safeguards for any transfers.

9. Changes to This Policy

We may update this policy—changes are posted here with the effective date. Major changes are emailed to clients.

10. Contact Us

For questions or concerns: