Privacy

Data Protection Policy

Version 1.0 · Effective from 2026 · Owner: Joanna Saunders, sole trader trading as S9 Search

01Scope

This policy covers all data S9 Search receives from Amazon's Selling Partner API on behalf of authorising Amazon Sellers. S9 Search does not request, store, or process Personally Identifiable Information (PII) under Amazon's Restricted Data Token regime. Data handled is limited to:

Brand Analytics search-term reports (anonymised query × marketplace × week)
Sales & Traffic aggregated metrics via Data Kiosk (ASIN × day), where the seller licenses Data Kiosk

02Lawful basis

We process Amazon data under the contractual relationship between S9 Search and each authorising seller. Sellers grant access via Amazon's standard authorisation workflow and may revoke at any time via Seller Central. Revocation triggers data deletion under section 7.

03Storage

Location: Google Cloud Platform, region europe-west2 (London, UK)
Services: BigQuery (analytical data), Cloud Storage (intermediate report files), Secret Manager (per-seller LWA refresh tokens)
Encryption at rest: Google-managed AES-256
Encryption in transit: TLS 1.2+ on every SP-API call, internal service call, and client-facing report delivery

04Access control

Google Workspace identity on the s9search.com domain with MFA required
Google Cloud IAM with principle of least privilege, named human operators only
Two named operators as of the policy effective date, both under written confidentiality agreement
No third-party agency or sub-processor receives raw Amazon data; sellers may nominate their own agency to receive derived reports about their own data with explicit written consent

05Audit and logging

Google Cloud Audit Logs enabled across all GCP services handling Amazon data
Access logs retained ≥ 365 days
BigQuery query history reviewed monthly for unusual patterns
SP-API request logs retained 90 days

06Credential handling

Per-seller LWA refresh tokens stored in Google Secret Manager
Tokens never written to source code, log files, container filesystems, or local developer machines
Token rotation handled automatically via the SP-API refresh flow
On seller revocation, the corresponding token secret is deleted within 24 hours

07Data retention and deletion

Active sellers: data retained while authorisation is active, maximum 36-month rolling window for trend analysis
On authorisation revocation or contract termination: all data tied to the seller is deleted within 30 days, confirmed via audit log
Backups (BigQuery time-travel, Cloud Storage versioning) purged within 90 days of primary deletion
Sellers may request immediate deletion at any time by emailing hello@s9search.com; we complete deletion within 14 days and confirm in writing

08No personal data, no PII

S9 Search does not request, receive, or store any data classified by Amazon as Personally Identifiable Information. We do not access buyer names, emails, addresses, phone numbers, order-level financial data attributable to individual buyers, or payment instrument details.

If Amazon's classification ever changes and a field we currently access is reclassified as PII, we will either drop that scope or apply for the appropriate restricted-data role and complete the associated security audit before continuing to use it.

09Sub-processors

Sub-processor	Purpose	Location
Google Cloud Platform	Data storage, compute, secret management	europe-west2 (UK)
Google Workspace	Email and document collaboration	EU region
Cloudflare	Domain, DNS, edge caching (no Amazon data in scope)	Global edge
Stripe	Billing and payment processing (no Amazon data shared)	UK / EU

No additional sub-processors handle Amazon SP-API data without prior written notice to affected sellers.

10Incident response and breach notification

Suspected incidents investigated within 24 hours of detection
Confirmed breaches involving Amazon data reported to Amazon's developer support contact within 24 hours of confirmation
Affected sellers notified within 72 hours
Internal incident log maintained with timestamp, scope, root cause, and remediation
UK Information Commissioner's Office (ICO) notified within 72 hours where required under UK GDPR

11Personnel training and confidentiality

All operators with access to Amazon data sign a written confidentiality agreement before access is granted
Operators are briefed on Amazon's Acceptable Use Policy and Data Protection Policy on onboarding
Policy compliance reviewed annually

12Compliance with Amazon policies

S9 Search complies with the Amazon Services API Developer Agreement, the Acceptable Use Policy, and the Data Protection Policy as published by Amazon. We will adopt updates to these policies within the timeframes Amazon specifies.

13Changes to this policy

Material changes will be communicated to authorising sellers via email at least 30 days before they take effect.

14Contact

For questions, deletion requests, or incident notifications:

Email: hello@s9search.com
Time-sensitive subject line: URGENT — Data request