Last Updated: June 14, 2026

At ECOMZIER LLC, security and responsible data handling are core parts of how we design, operate, and maintain our website, agency services, Shopify applications, Amazon integration services, and related software products.

This Security & Data Handling Policy explains the administrative, technical, and operational safeguards we use to protect merchant data, customer data, Amazon Information, Shopify data, marketplace data, and other information processed through our Services.

Purpose of This Policy

The purpose of this policy is to describe how Ecomzier protects data throughout its lifecycle, including collection, processing, storage, access, transmission, retention, deletion, monitoring, and incident response.

This policy applies to Ecomzier's website, Shopify applications, Amazon Shopify Connector, marketplace integrations, internal systems, support operations, and related services.

Data We Protect

Depending on the Services used by a merchant, Ecomzier may process different types of data, including:

Merchant account information
Store name and store domain
Product, listing, SKU, inventory, price, and catalog data
Order, fulfillment, shipping, and tracking data
App configuration and synchronization settings
Support communications and diagnostic logs
Shopify data authorized by the merchant
Amazon Information authorized through Amazon Selling Partner API (SP-API)
Amazon buyer Personally Identifiable Information (PII), where required for authorized order fulfillment and Direct to Consumer Shipping functionality

Amazon buyer PII may include buyer name, shipping address, phone number where provided, order details, shipment details, and related fulfillment information.

Data Processing Purpose

Ecomzier processes merchant and platform data only for legitimate business and service related purposes, including:

Operating and maintaining our Services
Synchronizing products, listings, inventory, orders, fulfillment, shipment, and tracking data
Creating Shopify orders from authorized marketplace orders
Supporting merchant authorized order management
Troubleshooting synchronization or app issues
Providing customer support
Maintaining security and preventing unauthorized access
Complying with applicable laws, platform policies, and contractual obligations

Amazon buyer PII is used only for legitimate order fulfillment, shipping, merchant authorized order management, and support and compliance with Amazon policies and applicable law.

Amazon buyer PII is not used for advertising, marketing, profiling, resale, unrelated analytics, or any unrelated commercial purpose.

Infrastructure Security

Ecomzier uses secure cloud infrastructure and controlled technical environments to operate its Services.

Our infrastructure safeguards may include:

Secure cloud hosting environments
Private and restricted network configurations
Firewall and network access controls
Encrypted storage systems
Secure API communication
Controlled administrative access
System monitoring and security alerting
Backup and recovery procedures

Where Amazon Information or sensitive merchant data is processed, Ecomzier applies additional safeguards to reduce the risk of unauthorized access, disclosure, alteration, or destruction.

Encryption and Credential Security

Ecomzier uses encryption and secure credential handling practices to protect sensitive data.

Our safeguards may include:

Encryption in transit using TLS 1.2 and 1.3
AES-256 encryption for sensitive data at rest, including databases that store Amazon buyer PII
Encryption keys managed using AWS Key Management Service (KMS)
API credentials and secrets stored securely using AWS Secrets Manager
Restricted access to API credentials and tokens
Credential rotation where required by policy, platform requirements, or security procedures

Amazon SP-API credentials, Restricted Data Tokens (RDT), and related access credentials are handled with additional care and are not publicly exposed.

Access Control

Access to merchant data, customer data, Amazon Information, Shopify data, marketplace data, and internal systems is restricted to authorized personnel who require access for legitimate business purposes, following the principle of least privilege.

Ecomzier applies access controls that include:

Role Based Access Control (RBAC)
Multi factor authentication (MFA) for administrative access
Need to know access restrictions
Unique user credentials for authorized personnel
Restricted access to production systems
Periodic review of access permissions
Removal or restriction of access when no longer required

Employees and contractors with access to sensitive systems are expected to follow confidentiality, security, and data handling requirements.

Amazon SP-API and Amazon Information Security

For merchants who authorize Ecomzier to connect with Amazon Seller Central through Amazon Selling Partner API (SP-API), Ecomzier processes Amazon Information only within the scope of permissions granted by the merchant and required to provide the authorized service.

Where required for Direct to Consumer Shipping and merchant fulfilled order processing, fulfillment, shipment, or tracking functionality, Ecomzier accesses Amazon buyer PII using Restricted Data Tokens (RDT).

Amazon buyer PII is protected through technical and administrative safeguards, including restricted access, encryption, monitoring, secure storage, and the retention limits described below.

Amazon buyer PII is not sold, rented, traded, disclosed to advertisers, or used for unrelated commercial purposes.

Data Retention and Deletion

Ecomzier retains data only for as long as necessary to provide the authorized service, maintain merchant account functionality, troubleshoot issues, meet security requirements, comply with platform policies, or satisfy legal obligations.

All Amazon buyer Personally Identifiable Information (PII) is permanently and automatically deleted within 30 days of confirmed order delivery. This deletion is irreversible once the retention period passes, in full compliance with Amazon's Data Protection Policy.

Amazon non PII data, meaning Amazon order, product, and account data that does not constitute buyer PII, is retained only as long as necessary to provide the authorized service, maintain merchant account functionality, troubleshoot synchronization issues, meet security requirements, or comply with legal obligations. Unless longer retention is required by applicable law, Amazon non PII data is retained for no longer than 18 months.

When data is no longer required, Ecomzier deletes, anonymizes, or makes the data unavailable for further identification, depending on the nature of the data and applicable requirements.

Monitoring and Audit Logging

Ecomzier maintains monitoring and audit logging practices designed to detect suspicious activity, unauthorized access, system errors, and potential security events.

Access to Amazon Information is logged and monitored through security audit logs, retained in accordance with our security policies.

Logs are protected against unauthorized access or modification and are configured to avoid storing Amazon buyer PII unless required for security, legal, compliance, or incident investigation purposes.

Vulnerability Management

Ecomzier works to identify, assess, and remediate security vulnerabilities that may affect its Services.

Our vulnerability management practices include:

Security monitoring
Dependency and software updates
Patch management
Review of application and infrastructure risks
Investigation of reported vulnerabilities
Remediation of critical and high risk issues based on severity
Security review before major application or infrastructure changes

Device and Personnel Security

Ecomzier restricts access to sensitive data and production systems to authorized personnel and approved working environments.

Our safeguards include:

Access only through secured accounts
Use of MFA for administrative tools
Restricted access to sensitive systems
Prohibition against storing Amazon buyer PII on unauthorized personal devices, removable media, or public unsecured storage
Access removal when personnel no longer require access
Confidentiality expectations for employees and contractors

Third Party Service Providers

Ecomzier may use trusted third party service providers to operate, host, secure, maintain, monitor, and support our Services.

These providers may include cloud infrastructure providers, database providers, payment processors, communication tools, support tools, analytics tools, monitoring tools, and security service providers.

Third party service providers may process data only for authorized purposes and are expected to protect data through appropriate contractual, technical, and organizational safeguards.

Amazon buyer PII is not shared with advertising providers, marketing providers, or unrelated third parties. Amazon buyer PII is shared only where necessary to provide the authorized service, comply with merchant instructions, fulfill orders, support shipping or fulfillment, comply with law, or meet applicable Amazon policy requirements.

Incident Response

Ecomzier maintains an incident response process to identify, investigate, contain, mitigate, and remediate potential security incidents.

In the event of a confirmed security incident involving Amazon Information, Ecomzier will follow its incident response process and notify Amazon, affected merchants, and other affected parties as required by applicable Amazon policies and law.

Ecomzier also takes reasonable steps to prevent recurrence, review the cause of the incident, and improve security controls where appropriate.

Backup and Recovery

Ecomzier may maintain backups and recovery procedures to support service continuity, data integrity, and recovery from operational incidents.

Backup access is restricted to authorized personnel. Backup systems are protected using appropriate technical and organizational safeguards.

Where backup data includes sensitive information, retention and deletion procedures are designed to align with applicable legal, platform, and security requirements.

Merchant Responsibilities

Merchants are responsible for maintaining the security of their own accounts, stores, passwords, devices, staff permissions, and third party platform access.

Merchants should:

Use strong passwords and MFA where available
Limit staff access to authorized personnel
Review app permissions before authorization
Remove access for staff who no longer need it
Keep Shopify, Amazon, and marketplace account information accurate
Notify Ecomzier promptly if they suspect unauthorized access or misuse

Relationship With Privacy Policy

This Security & Data Handling Policy should be read together with our Privacy Policy and Terms of Service.

Our Privacy Policy explains how personal information and platform data are collected, used, stored, shared, and deleted. Our Terms of Service explain the terms that govern use of our website, applications, agency services, and integration services.

Contact

For questions about this Security & Data Handling Policy, data security, privacy, or Amazon Information handling, please contact:

ECOMZIER LLC
5900 Balcones Drive STE 100
Austin, TX 78731
United States

Email: info@ecomzier.com
Phone: +1 437-873-8057
Registration Number (USA): 806210478