Security & Compliance

    Effective Date: November 5, 2025

    Last updated: November 5, 2025

    What we do. SoldScope uses public marketplace information and proprietary models for research and analytics. Amazon SP‑API data is accessed only after explicit authorization by each seller and is used solely within their account. We do not aggregate, combine, or share SP‑API data across different sellers

    Access & Authorization

    • OAuth only: We obtain access through Amazon's standard authorization flow. The seller may revoke authorization at any time in Seller Central.
    • Principle of least privilege: Access to SP‑API credentials and data is restricted to limited service components and authorized personnel with a business need.
    • Auditability: Administrative actions and access events are logged and reviewed.

    Data Isolation & Use Limitations

    • Strict tenant isolation: Each seller's SP‑API data is stored and processed logically separate from other sellers.
    • No cross‑seller aggregation: We do not aggregate or combine SP‑API data across sellers and do not generate market benchmarks from SP‑API data.
    • No advertising or profiling: SP‑API data is not used for targeted advertising, shared with ad networks, or combined with tracking identifiers.
    • No resale or onward sharing: We do not sell or rent SP‑API data and do not disclose it to third parties other than essential subprocessors under contract.

    Security

    • TLS in transit; encryption at rest for databases, storage, and secrets.
    • SSO/MFA for admins; role‑based access control; least privilege.
    • Centralized logging and alerting for access and policy events.
    • Secure SDLC.

    Identity & Access

    • SSO/MFA required for privileged accounts.
    • Role‑based access control and just‑in‑time elevation.
    • Least‑privilege service roles and network segmentation.

    Application Security

    • Secure SDLC with code review and dependency scanning.
    • Runtime monitoring, rate limiting, and abuse detection.
    • Backups with periodic restore testing.

    Logging & Monitoring

    • Centralized logs for auth, data access, and system events.
    • Alerting on anomalous access and policy violations.
    • Time‑boxed retention aligned with business and legal needs.

    Data Retention & Deletion

    • SP‑API data is retained only for as long as needed to provide the seller's enabled features and to meet legal requirements.
    • Upon authorization revocation or account closure, SP‑API data tied to that seller is deleted or irreversibly de‑identified within commercially reasonable time frames.

    Subprocessors

    We use a limited set of infrastructure and operational providers (e.g., cloud hosting, storage, monitoring). Each subprocessor is bound by written agreements requiring confidentiality, appropriate security, and data‑protection obligations.

    Incident Response

    • 24×7 monitoring and alerting for security‑relevant events.
    • Documented triage, containment, and remediation procedures.
    • Notification to affected customers and relevant platforms as required.

    Compliance Statements

    • We maintain administrative, technical, and physical safeguards appropriate to the sensitivity of the data we process.
    • We comply with industry-standard security practices and regulatory requirements applicable to our service.

    Amazon SP-API Compliance

    As a solution provider utilizing Amazon's Selling Partner API, SoldScope is fully compliant with Amazon's policies and requirements:

    • Compliance with the Acceptable Use Policy (AUP): We adhere to all requirements outlined in Amazon's Acceptable Use Policy, ensuring that SP‑API data is used exclusively for authorized purposes and in accordance with Amazon's terms.
    • Compliance with the Data Protection Policy (DPP): We handle all SP‑API data in strict accordance with Amazon's Data Protection Policy, implementing appropriate security measures, data isolation, and privacy protections as required.

    Our practices are designed to meet and exceed the requirements set forth in these policies, protecting both sellers and their customers' data.

    Contact

    For any questions or concerns regarding security, you may contact us using the following details:

    Customer support : security inquiries
    support@soldscope.com

    © 2025 Data Faber LLC d/b/a SoldScope