UK-registered analytics for Amazon brand owners.
S9 Search is a UK sole trader providing Amazon search-term trend intelligence to brand owners and the agencies that represent them. This page covers who we are, what data we handle, and how we secure it.
Who runs S9 Search
| Legal entity | Sole trader: Joanna Saunders, trading as S9 Search |
| Country | United Kingdom |
| Founded | 2026 |
| Operators | Two named operators under written confidentiality agreement |
| Contact email | hello@s9search.com |
| Website | s9search.com |
S9 Search operates from the United Kingdom. All data infrastructure is hosted in the United Kingdom (Google Cloud Platform, europe-west2 London region). The company is registered for self-assessment with HM Revenue & Customs and complies with UK GDPR and the Data Protection Act 2018.
The service
S9 Search ingests anonymised search-term data from Amazon's Brand Analytics on behalf of authorised brand owners. We identify queries showing sustained six-month upward trends, contextualise them with category metrics where the brand has licensed Data Kiosk, and deliver them as reports the brand owner can act on for SEO, advertising, and assortment decisions.
Brand owners may nominate an agency to receive copies of their own reports. Nothing is shared with parties outside this explicit brand-to-agency relationship.
What data we access — and what we don't
What we access
- Brand Analytics Search Terms Report (anonymised query strings at the query × marketplace × week level)
- Sales & Traffic aggregated metrics via Data Kiosk (ASIN × day, optional)
What we do not access
- No buyer names, emails, phone numbers, or shipping addresses
- No order-level data attributable to individual buyers
- No payment or financial-instrument data
- No Personally Identifiable Information (PII) of any kind
How we protect the data
| Storage location | Google Cloud Platform — europe-west2 (London, UK) |
| Encryption at rest | Google-managed AES-256 on BigQuery, Cloud Storage, Secret Manager |
| Encryption in transit | TLS 1.2+ on every external and internal call |
| Access control | Google IAM with least-privilege; named human operators only; MFA required |
| Credential storage | Per-brand LWA refresh tokens in Google Secret Manager — never in code or filesystem |
| Audit logs | Google Cloud Audit Logs enabled across all services, retained ≥ 365 days |
| Data retention | Active brands: up to 36 months rolling. Off-boarding: complete deletion within 30 days. |
| Incident response | Notification to Amazon within 24 hours and to affected brands within 72 hours of any confirmed incident |
Our full Data Protection Policy details retention, deletion-on-request, sub-processors, and incident response procedures.
Amazon policies and UK law
S9 Search complies with the Amazon Services API Developer Agreement, the Acceptable Use Policy, and the Data Protection Policy. As a UK data controller, S9 Search registers with the Information Commissioner's Office (ICO) and reports any qualifying personal-data incident within 72 hours as required under UK GDPR.
Brand owners may revoke S9 Search's authorisation at any time through Seller Central. Revocation triggers credential deletion within 24 hours and full data deletion within 30 days, confirmed in writing.
How to reach us
For all enquiries, data requests, and incident notifications:
Email: hello@s9search.com
For time-sensitive data deletion or incident matters, use the subject line: URGENT — Data request.