Privacy Policy

Effective Date: September 16, 2025
Last Updated: September 16, 2025
Welcome to [Your Company Name]. These Terms of Service (“Terms”) govern your use of our website, products, and services. By accessing or using our services, you agree to comply with these Terms. If you do not agree, please do not use our website.
1. Acceptance of Terms

By using our services, you acknowledge that you have read, understood, and agreed to these Terms. If you are using our services on behalf of a company or organization, you represent that you have the authority to bind them to these Terms.

We reserve the right to update, modify, or change these Terms at any time. Changes will be effective upon posting on our website. Continued use of our services after changes are posted constitutes acceptance of the updated Terms.

If you do not agree to the modified Terms, you must stop using our services. We encourage you to review these Terms periodically to stay informed of any updates.

2. User Responsibilities

You agree to use our services only for lawful purposes and in accordance with these Terms. You must not engage in any activity that could damage, disrupt, or interfere with the proper functioning of our website or services.

You are responsible for maintaining the confidentiality of your account credentials and for all activities that occur under your account. If you suspect unauthorized use of your account, you must notify us immediately.

We reserve the right to suspend or terminate your access if we determine that you have violated these Terms, engaged in fraudulent activity, or used our services in a way that may cause harm to others.

Misuse of our services, including attempting to gain unauthorized access, distributing harmful software, or violating intellectual property rights, may result in legal action.

3. Payments and Subscriptions

Certain features of our services may require payment or subscription fees. By purchasing a product or service, you agree to provide accurate and complete billing information, including a valid payment method.

Payments are processed through third-party payment providers. We are not responsible for errors, payment failures, or unauthorized transactions processed by these providers.

Subscription services may be billed on a recurring basis. You can manage or cancel your subscription at any time according to our cancellation policy. Fees are non-refundable except as required by law.

We reserve the right to modify pricing or introduce new fees. Any pricing changes will be communicated in advance, allowing you to cancel before new rates take effect.

1. Introduction

5R Commerce Solutions LLC ("Sydon," "we," "us," or "our") operates the Sydon Platform, an AI-powered Amazon seller management solution. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform, website, and services.

By using the Sydon Platform, you consent to the data practices described in this policy. If you do not agree with this policy, please do not use our services.

1.1 Amazon SP-API Data Processing

We access Amazon seller data exclusively through Amazon's Selling Partner API (SP-API) as an authorized public developer. We operate as an SP-API Public Developer (not Service Provider) building applications for multiple Amazon sellers. Our application is subject to Amazon's public developer requirements and will be listed in the Amazon Selling Partner Appstore upon approval.

  • Inventory and Order Tracking
  • Finance and Accounting
  • Selling Partner Insights
  • Amazon Fulfillment
  • Pricing
  • Product Listing

For Amazon seller data, we act as a data processor on your behalf under:

  • Amazon's Data Protection Policy
  • Amazon Services API Developer Agreement
  • Data Processing Agreement terms
  • Authorized use case restrictions only

1.2 Data Controller and Processor Roles

  • Platform and account data: We act as data controller
  • Amazon seller data: We act as data processor on your behalf
  • Analytics data: We act as data controller for service improvement

2. Information You Provide

2.1 Categories of Personal Information

A. Identifiers and Contact Information

  • Real name, business name, postal address, email address
  • Unique identifiers, online identifiers, IP addresses
  • Account names, phone numbers, contact details

B. Financial and Commercial Information

  • Payment method details, billing addresses
  • Purchase history, transaction records
  • Subscription and service preferences

C. Amazon Seller Data (SP-API Authorization Required)

  • Order information including customer data (where authorized)
  • Inventory levels, product catalog information
  • Financial records, settlement data, fee information
  • Account performance metrics and health indicators
  • Business reports and analytics data

D. Communication Records

  • Customer support interactions and chat logs
  • Email communications, feedback, and survey responses
  • Phone call recordings (with consent)

E. Technical and Usage Data

  • IP addresses, browser types, device information
  • Platform usage patterns, feature utilization
  • Session information, authentication logs
  • Performance metrics and error reports

F. Marketing and Analytics Data

  • Website interaction data, page views, click patterns
  • Campaign attribution data, advertisement interactions
  • User preferences and behavioral analytics
  • A/B testing participation and results

G. Social Media Information

  • Public profile information when accounts are connected
  • Social media interaction data for authentication
  • Public posts and engagement metrics (where authorized)

H. Third-Party Intelligence Data

  • Publicly available Amazon product and market data
  • Historical pricing and competitive intelligence
  • Keyword research and search performance data
  • Market trends and industry benchmarks

I. Professional and Business Information

  • Job titles, company roles, business functions
  • Industry classifications, business size indicators
  • Professional contact information and preferences

2.2 Sensitive Personal Information

Under applicable privacy laws, we may collect:

  • Geolocation data: IP-based location information only
  • Account credentials: Encrypted authentication data
  • Financial account information: Payment processing data

We do NOT collect: biometric identifiers, health information, precise location tracking beyond IP geolocation, racial or ethnic origin, religious beliefs, sexual orientation, or genetic information.

2.3 Automated Decision-Making

We do not use personal information for automated decision-making that significantly affects you. AI-powered insights are tools to assist your decision-making, not automated decisions made on your behalf.

AI and Analytics Transparency:

  • AI models used for business intelligence clearly identified
  • Model accuracy limitations and confidence levels disclosed
  • Data freshness and update frequency specified
  • No guarantee of AI prediction accuracy is provided to users

3. Legal Basis for Processing (GDPR)

We process personal data based on the following lawful bases:

Contract Performance (Article 6(1)(b) GDPR)

  • Providing Sydon Platform services and features
  • Processing payments and managing subscriptions
  • Account management and user authentication
  • Customer support and technical assistance

Legitimate Business Interests (Article 6(1)(f) GDPR)

  • Platform security and fraud prevention
  • Service improvement and optimization
  • Business analytics and performance monitoring
  • Marketing to existing customers
  • Legal compliance and dispute resolution

Legal Compliance (Article 6(1)(c) GDPR)

  • Tax record keeping and financial reporting
  • Regulatory compliance and reporting obligations
  • Law enforcement cooperation and legal requests
  • Data protection law compliance

Consent (Article 6(1)(a) GDPR)

  • Marketing communications to prospects
  • Optional features and experimental programs
  • Social media integration and data sharing
  • Non-essential cookies and tracking

Vital Interests (Article 6(1)(d) GDPR)

  • Emergency situations requiring immediate action
  • Security incidents threatening user safety

Public Interest (Article 6(1)(e) GDPR)

  • Regulatory reporting and compliance obligations

4. Data Processing Records (Article 30 GDPR)

We maintain comprehensive records of all processing activities including:

  • Categories of data subjects: Amazon sellers, platform users, business contacts
  • Categories of personal data: As detailed in Section 2.1
  • Purposes of processing: Service delivery, analytics, marketing, compliance
  • Recipients: Service providers, legal authorities, business partners
  • International transfers: US processing with appropriate safeguards
  • Retention periods: As specified in Section 11
  • Security measures: Technical and organizational measures per Section 7

These records are available to supervisory authorities upon request and summaries provided to data subjects exercising access rights.

5. How We Use Your Information

5.1 Service Delivery and Operations

  • Provide AI-powered Amazon seller management tools and analytics
  • Process and analyze Amazon seller data for business intelligence
  • Enable inventory management, pricing optimization, and performance monitoring
  • Generate predictive insights, recommendations, and market analysis
  • Facilitate account health monitoring and compliance assistance

5.2 Platform Management

  • Authenticate users and secure account access
  • Process payments and manage billing cycles
  • Provide customer support and technical assistance
  • Monitor platform performance, uptime, and security
  • Conduct system maintenance and updates

5.3 Data Governance and Processing Activities

We have implemented comprehensive data governance, including:

  • Documented data handling policies governing technical and organizational controls
  • Processing activity records detailing data fields, collection methods, usage, sharing, and disposal
  • Privacy impact assessments for high-risk processing activities
  • Regular compliance audits and policy updates
  • Staff training programs on data protection and privacy requirements
  • Vendor management ensuring third-party compliance

5.4 Business Intelligence and Analytics

  • Analyze platform usage patterns and user behavior
  • Improve AI algorithms, machine learning models, and platform features
  • Conduct market research and competitive analysis
  • Generate industry insights and benchmarking reports
  • Optimize user experience and interface design

5.5 Marketing and Communications

  • Send service updates, security alerts, and account notifications
  • Respond to inquiries, support requests, and feedback
  • Deliver marketing communications (with appropriate legal basis)
  • Provide personalized content and feature recommendations
  • Conduct customer satisfaction surveys and research

5.6 Legal and Compliance

  • Comply with applicable laws, regulations, and legal obligations
  • Respond to legal process, court orders, and government requests
  • Protect against fraud, security threats, and prohibited activities
  • Enforce terms of service and platform policies
  • Maintain audit trails and compliance documentation

6. Amazon SP-API Data Protection Policy Compliance

6.1 Amazon Data Usage Commitments

  • No unauthorized sharing: Amazon seller data never sold, rented, or disclosed to third parties
  • Purpose limitation: Amazon data used solely for authorized SP-API use cases
  • Data minimization: Access only minimum Amazon data necessary for service provision
  • Data minimization commitment: We access only the minimum Amazon data fields necessary for each specific feature or service provided to you. Unused data fields are not accessed even when technically available through SP-API
  • Segregation: Strict separation ensuring one seller's data is never accessed by another
  • Ownership: You retain complete ownership and control of your Amazon seller data
  • Termination: Immediate cessation of data access when authorization revoked

Amazon Customer PII Usage Restrictions:

  • Amazon customer PII used ONLY for tax calculation and merchant fulfillment
  • NO customer marketing or targeting using Amazon customer data
  • NO review fabrication or modification using Amazon data
  • NO external data services combination with Amazon customer PII

6.2 Network Protection Controls

  • Network firewalls and intrusion detection systems preventing unauthorized access
  • Access control lists denying connections from unauthorized IP addresses
  • Network segmentation isolating Amazon data processing systems
  • Anti-virus and anti-malware software on all end-user devices
  • DDoS protection and traffic monitoring systems
  • Public access restricted to authorized and approved users only

6.3 Access Management and Authentication

  • Least privilege principle: Fine-grained access controls with minimum necessary permissions
  • Need-to-know basis: Amazon data access granted only for legitimate business purposes
  • Multi-factor authentication: Required for all accounts with Amazon data access

Password Requirements (Amazon DPP Compliant):

  • Minimum 12 characters (Amazon updated from 8 to 12 in 2024)
  • Must include: uppercase letters, lowercase letters, numbers, and special characters
  • Must not include any part of user's name
  • Minimum password age: 1 day
  • Maximum password age: 365 days
  • Password history: Must not reuse any of your last 12 passwords
  • Password rotation: Required for Amazon data access personnel

Account Security and Lockout:

  • Account lockout after 5 failed login attempts
  • Anomalous usage pattern detection with automatic suspension
  • Progressive login delays for repeated failures
  • Immediate account disabling for suspected compromise
  • Administrative override requiring dual approval
  • Quarterly access reviews with immediate revocation for terminated personnel
  • Password rotation: Required for Amazon data access personnel

6.4 Encryption Requirements

  • Data in transit: TLS 1.3 minimum for all Amazon data transmission
  • Data at rest: AES-256 encryption for all stored Amazon PII
  • Message-level encryption: Applied where channel encryption terminates in untrusted hardware
  • Key management: Cryptographic materials accessible only to authorized system processes
  • Secure coding: No hardcoded credentials, keys, or passwords in application code
  • Environment separation: Distinct development, testing, and production environments

Amazon API Key Protection:

  • Stored in encrypted key management system
  • Access logged and monitored
  • Automatic rotation when supported by Amazon
  • Never stored in code repositories or configuration files
  • Separate keys for development/testing/production environments

6.5 Vulnerability Management and Security Testing

  • Regular vulnerability scanning and penetration testing by certified providers
  • Asset inventory maintained and updated at a minimum of every 30 days
  • Endpoint security protection on all devices with Amazon data access
  • Software patching and security update procedures with defined timelines
  • Security assessments following major system changes or updates
  • Third-party security certifications and compliance validations

Vulnerability Management Timelines:

  • Critical vulnerabilities: 72 hours maximum
  • High severity: 7 days maximum
  • Medium severity: 30 days maximum
  • Low severity: 90 days maximum
  • Emergency patches: Immediate deployment with change control override

API Usage Controls:

  • Respect Amazon SP-API throttling limits per seller account
  • No circumvention of quota limits through multiple accounts
  • Fair usage policies implemented for multi-tenant access

6.6 Logging and Monitoring

  • Comprehensive logging: Success/failure events, timestamps, access attempts, data changes, system errors
  • Log protection: Access controls preventing unauthorized access and tampering
  • Monitoring coverage: All channels providing access to Amazon information
  • Real-time alerts: Automated detection of security events and anomalies
  • Log retention: Minimum 6 months for security incident investigation, extended to 2 years for Amazon investigations, suspected security incidents, compliance audit requirements, and legal hold requirements
  • No PII in logs: Except when required for legal or regulatory compliance

6.7 Data Retention & Deletion

  • Amazon Customer PII: Maximum 30 days after order delivery (for fulfillment, tax calculation, invoicing, or legal requirements only)
  • Amazon Business Data: Up to 2 years for service improvement  ng, or legal requirements only)
  • Financial Records: 7 years for legal/tax compliance
  • Cold storage: Encrypted offline backup only for regulatory compliance requirements

Data Deletion Certification: Upon Amazon request for data deletion:

  • Permanent deletion completed within 90 days maximum
  • Written certification of deletion provided to Amazon
  • Certification includes: data categories deleted, deletion methods used, completion date
  • Independent verification available upon request
  • Disposal methods: Secure destruction following NIST SP 800-88 guidelines

7. Information Security

7.1 Technical Safeguards

  • Encryption standards: Industry-leading encryption for data in transit and at rest
  • Network security: Firewalls, intrusion detection, and automated threat response
  • Access controls: Role-based permissions with regular access reviews
  • Authentication: Multi-factor authentication for all administrative accounts
  • Monitoring: 24/7 security monitoring and incident detection systems
  • Vulnerability management: Regular scanning, testing, and remediation programs

7.2 Administrative Safeguards

  • Personnel security: Background checks and security clearances for Amazon data access
  • Training programs: Regular security awareness and privacy training for all staff
  • Incident response: Documented procedures with defined roles and escalation paths
  • Policy management: Regular review and updates of security policies and procedures
  • Audit programs: Internal and external security assessments and compliance reviews

7.3 Physical Safeguards

  • Secure facilities: Data center security with controlled access and environmental monitoring
  • Equipment controls: Secure installation, maintenance, and disposal of hardware
  • Media handling: Encrypted storage and secure destruction of physical media
  • Facility access: Visitor controls, escort requirements, and access logging
  • Environmental protection: Fire suppression, climate control, and power backup systems

7.4 Amazon-Specific Security Controls

  • Enhanced monitoring: Dedicated security controls for Amazon data processing
  • Incident notification: 24-hour notification to Amazon (security@amazon.com and 3p-security@amazon.com) for security incidents
  • Access restrictions: Amazon data access limited to personnel with specific training and authorization
  • Audit cooperation: Full cooperation with Amazon security assessments and investigations
  • Compliance certification: Regular attestation of compliance with Amazon Data Protection Policy

8. Incident Response and Breach Notification

8.1 Incident Response Plan

We maintain a comprehensive incident response plan including:

  • Incident classification: Defined categories and severity levels
  • Response team: Dedicated personnel with specific roles and responsibilities
  • Detection procedures: Automated monitoring and manual reporting mechanisms
  • Containment measures: Immediate steps to limit incident impact and scope
  • Investigation protocols: Forensic analysis and root cause determination
  • Communication procedures: Internal and external notification requirements

8.2 Amazon Data Incident Procedures

  • 24-hour notification: Amazon notified within 24 hours of detecting security incidents
  • Immediate containment: Steps to prevent further unauthorized access or data loss
  • Investigation requirement: Full forensic analysis of incident scope and impact
  • Remediation actions: Implementation of corrective and preventive measures
  • Follow up: Post-incident review and security improvement implementation

Amazon Incident Documentation Must Include:

  • Incident timeline with precise timestamps
  • Scope of data potentially affected
  • Root cause analysis and contributing factors
  • Immediate containment actions taken
  • Remediation plan with completion dates
  • Lessons learned and preventive measures implemented

8.3 Data Breach Notification

In the event of a personal data breach:

  • User notification: Affected individuals notified within 72 hours when feasible and legally required
  • Authority notification: Supervisory authorities notified within 72 hours when required by law
  • Breach assessment: Risk evaluation and impact analysis for affected individuals
  • Mitigation measures: Immediate steps to address breach consequences and prevent recurrence
  • Public disclosure: When required by law or in the public interest

9. Information Sharing and Disclosure

9.1 Amazon Data Non-Disclosure

We do not sell, rent, lease, or otherwise disclose Amazon seller data to any third parties except as required by law or with your explicit authorization.

Amazon Data Sharing Transparency:

  • Clear disclosure of any Amazon data sharing (currently: none)
  • Purpose specification for any authorized data sharing
  • Recipient identification for any necessary data sharing
  • Seller consent required for any data sharing beyond service provision

9.2 Service Provider Sharing

We share limited personal information with carefully vetted service providers under strict contractual obligations:

Infrastructure and Technology Services:

  • Cloud hosting and data storage providers
  • Content delivery network and performance optimization services
  • Database management and backup services
  • Authentication and identity management providers
  • Seller consent required for any data sharing beyond service provision

Business Operations:

  • Payment processing and billing management services
  • Customer support and communication platforms
  • Analytics and business intelligence tools
  • Email delivery and marketing automation services

Data Intelligence (Public Data Only):

  • Market research and competitive intelligence providers
  • Publicly available data aggregation services
  • Industry benchmark and analysis services

9.3 Legal and Regulatory Disclosure

We may disclose personal information when required by:

  • Legal process: Court orders, subpoenas, or other legal demands
  • Government requests: Law enforcement investigations and regulatory inquiries
  • Safety protection: Preventing harm to individuals or property
  • Platform security: Investigating fraud, abuse, or terms of service violations

9.4 Business Transfer Disclosure

In the event of a merger, acquisition, or asset sale:

  • Personal information may be transferred with equivalent privacy protections
  • Advance notice provided to affected users with opt-out opportunities
  • Acquiring entity bound by existing privacy commitments and obligations

Data Intelligence (Public Data Only):

  • Amazon notified within 30 days of major organizational changes
  • Merger, acquisition, or ownership change notification to security@amazon.com
  • Amazon approval required before transferring Amazon data in business transfers

Affiliate Entity Disclosure:

  • All affiliated entities involved in Amazon data processing are disclosed to Amazon
  • No undisclosed third-party involvement in Amazon data handling
  • Immediate notification of new affiliate relationships affecting Amazon data

9.5 Service Provider Requirements

All third-party service providers must:

  • Maintain equivalent levels of data protection and security
  • Process personal data only for specified and authorized purposes
  • Implement appropriate technical and organizational security measures
  • Notify us immediately of any security incidents or breaches
  • Submit to regular security assessments and compliance audits

10. International Data Transfers

10.1 Cross-Border Processing

Personal data may be transferred to and processed in the United States and other countries where our service providers operate.

10.2 Transfer Safeguards

We ensure appropriate safeguards for international transfers through:

  • Standard Contractual Clauses: European Commission-approved clauses with data processors
  • Adequacy decisions: Transfers to countries with adequate protection as determined by relevant authorities
  • Binding corporate rules: Internal data protection standards for group companies
  • Certification schemes: Participation in recognized privacy certification programs
  • Codes of conduct: Adherence to industry privacy and security standards

10.3 Third-Party Processor Requirements

International service providers must:

  • Provide equivalent levels of data protection as required by applicable law
  • Notify us if they cannot meet required protection standards
  • Implement supplementary measures where standard protections are insufficient
  • Cease processing if adequate protection cannot be maintained

11. Data Retention

11.1 Retention Principles

We retain personal information only as long as necessary for:

  • Fulfilling the purposes for which it was collected
  • Complying with legal and regulatory obligations
  • Resolving disputes and enforcing agreements
  • Maintaining business records and audit trails

11.2 Retention Periods by Category

Account and Profile Information: For duration of account relationship plus 30 days

Amazon Seller Data:

  • Amazon Customer PII: Maximum 30 days after order delivery (for fulfillment, tax calculation, invoicing, or legal requirements only)
  • Business operational data: Up to 2 years for service improvement
  • Financial records: 7 years for legal and tax compliance
  • Performance analytics: Up to 2 years for platform optimization

Communication Records:

  • Customer support interactions: 3 years after resolution
  • Marketing communications: Until unsubscribe or deletion request
  • Legal correspondence: Duration of relationship plus statute of limitations

Technical and Usage Data:

  • Platform analytics: 2 years for service improvement
  • Security logs: 6 months minimum for incident investigation
  • Error Reports: 1 year for system optimization

Marketing Data: Until unsubscribe, account deletion, or regulatory requirement

11.3 Secure Deletion

Upon expiration of retention periods:

  • Data permanently deleted using industry-standard methods
  • Multi-stage deletion process ensuring complete removal
  • Certification of destruction available upon request
  • Backup media cleared following secure deletion schedules

12. Your Rights and Choices

12.1 Universal Data Subject Rights

Right of Access (Article 15 GDPR)

  • Request information about personal data processing
  • Obtain copies of personal data in our possession
  • Receive details about processing purposes, categories, and recipients

Right to Rectification (Article 16 GDPR)

  • Correct inaccurate or incomplete personal information
  • Update outdated contact or account information
  • Ensure data accuracy for service delivery

Right to Erasure (Article 17 GDPR)

  • Request deletion of personal data in certain circumstances
  • Exercise "right to be forgotten" where legally applicable
  • Account closure and complete data removal

Right to Restrict Processing (Article 18 GDPR)

  • Limit processing while accuracy is disputed
  • Object to processing pending legitimate interest assessment
  • Maintain data without active processing

Right to Data Portability (Article 20 GDPR)

  • Receive personal data in structured, commonly used format
  • Transmit data directly to another service provider where feasible
  • Facilitate service transitions and data mobility

Right to Object (Article 21 GDPR)

  • Object to processing based on legitimate interests
  • Opt-out of direct marketing at any time
  • Object to automated decision-making and profiling

12.2 Amazon Data Control Rights

  • Immediate revocation: Terminate Amazon SP-API access through Seller Central
  • Data deletion requests: Request immediate removal of Amazon seller data
  • Processing restrictions: Limit specific Amazon data processing activities
  • Audit rights: Request reports of Amazon data processing activities
  • Direct Amazon contact: Address Amazon data concerns through Seller Central

12.3 Communication and Marketing Preferences

  • Unsubscribe mechanisms: One-click unsubscribe from marketing emails
  • Preference center: Granular control over communication types and frequency
  • Account dashboard: Manage notification settings and privacy preferences
  • Customer support: Contact support for complex preference changes

13. Cookies and Tracking Technologies

13.1 Types of Technologies Used

Essential Cookies (Strictly Necessary)

  • User authentication and session management
  • Load balancing and performance optimization
  • Platform functionality and service delivery
  • Security features and fraud prevention

Analytics Cookies (Legitimate Interest)

  • Usage statistics and performance monitoring
  • Feature utilization and user behavior analysis
  • Error tracking and system optimization
  • A/B testing and service improvement

Marketing Cookies (Consent Required)

  • Campaign attribution and advertising effectiveness
  • Personalized content and recommendations
  • Social media integration and sharing
  • Remarketing and targeted advertising

13.2 Third-Party Tracking Services

We may use third-party tracking technologies from:

  • Web analytics providers for usage statistics
  • Advertising networks for campaign measurement
  • Social media platforms for integration features
  • Customer support tools for service delivery

13.3 Your Tracking Choices

Browser Controls:

  • Configure browser settings to reject or manage cookies
  • Use private browsing modes to limit tracking
  • Install browser extensions for enhanced privacy control

Platform Settings:

  • Manage cookie preferences in account dashboard
  • Opt-out of non-essential tracking and analytics
  • Control personalized advertising and recommendations

Industry Opt-Out Tools:

  • Network Advertising Initiative: networkadvertising.org/choices
  • Digital Advertising Alliance: optout.aboutads.info
  • Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout

Global Privacy Control: We monitor developments in Global Privacy Control signals and will implement recognition as standards mature.

14. Regional Privacy Rights

14.1 California Privacy Rights (CCPA/CPRA)

Personal Information Categories Collected:

California Consumer Rights:

  • Right to Know: Detailed information about personal information collection and use
  • Right to Delete: Request deletion of personal information (subject to exceptions)
  • Right to Correct: Update inaccurate personal information
  • Right to Opt-Out: We do not sell or share personal information for cross-context advertising
  • Right to Limit: Restrict use and disclosure of sensitive personal information
  • Right to Non-Discrimination: Equal service regardless of privacy rights exercise

Sensitive Personal Information:

  • Account login and financial account credentials
  • Precise geolocation (IP-based only)
  • Contents of mail, email, and text messages (customer support only)

14.2 European Union Rights (GDPR)

Enhanced EU Rights:

  • Right to lodge complaints with supervisory authorities
  • Right to judicial remedies against controllers and processors
  • Right to receive breach notifications within 72 hours
  • Right to appoint representatives in the EU (if applicable)
  • Enhanced consent requirements for children 16 and under

Lawful Basis Transparency: For each processing activity, we specify the lawful basis and provide clear information about:

  • Purpose and necessity of processing
  • Legitimate interests pursued (where applicable)
  • Right to withdraw consent (where consent is the basis)
  • Consequences of not providing required data

Industry Opt-Out Tools:

  • Network Advertising Initiative: networkadvertising.org/choices
  • Digital Advertising Alliance: optout.aboutads.info
  • Google Analytics Opt-Out: tools.google.com/dlpage/gaoptout

Data Protection Officer: Contact our Privacy Officer for data protection inquiries (DPO duties are performed by the Privacy Officer given the size of our organization).

14.3 United Kingdom Rights (UK GDPR)

UK residents have rights equivalent to EU GDPR including:

  • Rights under UK data protection law
  • Right to lodge complaints with Information Commissioner's Office
  • Right to judicial remedies in UK courts
  • Enhanced protections for children's data

14.4 Other Jurisdictions

We monitor privacy law developments globally and will update our practices to comply with applicable requirements in jurisdictions where we operate or have users.

15. Children's Privacy Protection

15.1 Age Restrictions

Our Services are designed for business users 18 years of age and older. We do not knowingly collect, use, or disclose personal information from individuals under 18.

15.2 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA) and do not knowingly collect personal information from children 13 and under without verifiable parental consent.

15.3 Parental Rights and Remedies

If we discover we have collected personal information from a child under 18:

  • We will delete the information promptly
  • We will terminate any associated account
  • We will implement additional safeguards to prevent recurrence
  • Parents may contact us to review, delete, or refuse further collection

16. Compliance and Audit

16.1 Amazon SP-API Compliance

Our ongoing compliance with Amazon requirements includes:

  • Regular compliance audits: Quarterly internal assessments and annual external reviews
  • Amazon policy adherence: Monitoring and implementation of Amazon Data Protection Policy updates
  • Security measure implementation: Prompt adoption of Amazon-required security controls
  • Investigation cooperation: Full cooperation with Amazon compliance reviews and investigations
  • Documentation maintenance: Detailed logging of Amazon data access and processing activities
  • Certification programs: Participation in relevant security and privacy certification schemes

16.2 Regulatory Compliance Management

  • Legal monitoring: Tracking privacy law developments in applicable jurisdictions
  • Policy updates: Regular review and revision of privacy practices and documentation
  • Staff training: Ongoing education on privacy obligations and compliance requirements
  • Vendor oversight: Due diligence and monitoring of third-party service provider compliance
  • Incident management: Comprehensive incident response and regulatory reporting procedures

16.3 Audit Rights and Cooperation

  • Record maintenance: Comprehensive books and records for compliance verification
  • Certification provision: Written compliance certification upon request
  • Auditor cooperation: Full cooperation with independent auditors selected by Amazon or regulators
  • Information access: Prompt provision of documentation and information for compliance reviews
  • Remediation commitment: Immediate implementation of required compliance improvements

17. Business Transfers

In the event of a corporate transaction such as merger, acquisition, or asset sale:

  • Advance notification: Users notified at least 30 days prior to transfer
  • Privacy protection continuity: Acquiring entity bound by existing privacy commitments
  • Opt-out opportunities: Users may delete accounts and data before transfer completion
  • Enhanced protections: Amazon data transfers subject to additional Amazon approval requirements
  • Regulatory notification: Appropriate authorities notified as required by applicable law

18. Changes to This Privacy Policy

18.1 Policy Update Procedures

We may update this Privacy Policy to reflect:

  • Changes in our Services or business practices
  • New legal or regulatory requirements
  • Technology improvements or security enhancements
  • Industry best practices and standards evolution

18.2 Notification Methods

Material changes will be communicated through:

  • Email notification: Direct communication to registered users
  • Website notice: Prominent display of changes and effective dates
  • Account dashboard: In-platform notifications and acknowledgment requirements
  • Advance notice: Minimum 30-day notice for significant changes affecting user rights

18.3 Version Control

  • Version tracking: All policy versions maintained with effective dates
  • Change documentation: Summary of material changes between versions
  • Historical access: Previous versions available upon request
  • Acceptance tracking: Records of user acknowledgment and consent to changes

19. Governing Law and Dispute Resolution

19.1 Governing Law

This Privacy Policy and all privacy-related matters are governed by and construed in accordance with the laws of the State of Georgia, United States of America, without regard to conflict of law principles.

19.2 Dispute Resolution

Privacy-related disputes shall be resolved through:

  • Initial consultation: Direct communication with our Privacy Officer
  • Mediation: Good faith mediation efforts before formal proceedings
  • Binding arbitration: Final resolution through arbitration in Georgia, USA
  • Regulatory rights: Rights to file complaints with supervisory authorities remain unaffected

19.3 Jurisdiction and Venue

For matters not subject to arbitration, exclusive jurisdiction lies with state and federal courts located in Georgia, USA.

20. Contact Information

Primary Contact:

5R Commerce Solutions LLC

Email: privacy@sydon.ai

Address: 630 5th Avenue, Suite 2000, New York City, New York 10111

Phone: +1 (877) 303-5508

Business Hours: 8AM - 6PM EST (Monday - Friday)

Time Zone: Eastern US (UTC-5/UTC-4 during daylight saving)

20.2 Specialized Inquiries

Data Protection Officer Functions:

Email: privacy@sydon.ai (specify "DPO Inquiry" in subject)

Amazon Data Inquiries:

  • Through Amazon Seller Central Support
  • Email: privacy@sydon.ai (specify "Amazon Data" in subject)

Security Incidents:

Email: privacy@sydon.ai with "URGENT SECURITY" in subject line
(24/7 monitoring for security-related communications)

California Privacy Rights:

Email: privacy@sydon.ai with "California Privacy Rights" in subject

GDPR/UK GDPR Inquiries:

Email: privacy@sydon.ai with "GDPR Inquiry" in subject

20.3 Response Timeframes

  • General inquiries: 5 business days
  • Data subject rights requests: 30 days (extendable to 90 days for complex requests)
  • Security incidents: Immediate acknowledgment, investigation within 24 hours
  • Regulatory inquiries: As required by applicable law (typically within 30 days)

20.4 Authorized Agent Requests

California and other applicable state residents may designate authorized agents.
Required documentation:

  • Signed power of attorney or written authorization
  • Proof of requester identity and residency
  • Agent contact information and authorization scope
  • Verification information (account details, phone number, email)

By using the Sydon Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

One Intelligent Platform for Amazon Sellers
The complete solution for serious Amazon sellers who want to stop juggling tools and start scaling fast.
No credit card required • Cancel anytime
No credit card required • Cancel anytime
Apply For Beta Access
Apply For Beta Access
Platform
HomeAsk AISolutionPricingAbout UsRequest DemoContact Us
Resources
BlogAmazon Account ProtectionIncrease ProfitabilityInventory OracleInsightsNews
Support Home
Help Center
Support
+1 (877) 303-5508support@sydon.ai
Main logo link that leads to home page
© 2025 SydonAI. All rights reserved
Terms Of UsePrivacy Policy