Addendum to Beleza Consulting Privacy Policy — Amazon Selling Partner Data

This addendum to Beleza Consulting’s Privacy Policy governs how Beleza Consulting accesses, handles, stores, and protects data obtained through Amazon Seller Central accounts and the Amazon Selling Partner API (SP-API) on behalf of our clients. It is intended to satisfy Amazon’s requirements for third-party service providers under the SP-API Data Protection Policy.

1. Scope of Data Access

Beleza Consulting accesses client Amazon Seller Central accounts and associated data solely for the purpose of providing contracted services, including account management, reporting and analytics, business review preparation, listing management, and advertising management. Data accessed may include:

• Sales and order data (including Personally Identifiable Information such as buyer name and shipping address where provided by Amazon for order fulfillment purposes)
• Inventory and FBA data
• Advertising performance data
• Account health and performance metrics
• Product listing content and catalog data
• Search term and traffic analytics from Brand Analytics

2. Credential Management

Beleza Consulting accesses client Seller Central accounts through Amazon’s authorized User Permissions system, which allows clients to grant role-based access to third-party service providers without sharing primary account credentials. We do not request or store client Amazon account passwords.

Where API-based access is used, credentials (including API keys, tokens, and refresh tokens) are:

• Stored in encrypted form using industry-standard encryption at rest
• Never shared with third parties or used for any purpose outside of delivering contracted services
• Rotated or revoked immediately upon termination of a client engagement
• Accessible only to Beleza Consulting personnel directly involved in delivering services to that client

3. Personally Identifiable Information (PII) — Data Retention & Deletion

Beleza Consulting handles Amazon-sourced Personally Identifiable Information (PII) — including buyer names, addresses, and contact information accessible through order management — in strict accordance with Amazon’s SP-API Data Protection Policy and applicable privacy law.

• PII obtained through Seller Central or SP-API is used exclusively for the purpose for which it was accessed (e.g., order management, customer service support)
• PII is not stored beyond the period necessary to fulfill the purpose for which it was accessed
• Upon completion of a service engagement, all client PII obtained through Amazon systems is deleted within 30 days
• Beleza Consulting does not sell, share, license, or transfer client or buyer PII to any third party

4. Network Protection Controls

Beleza Consulting implements the following controls to protect data accessed through Amazon systems:

• All access to Seller Central and SP-API endpoints occurs over encrypted HTTPS connections
• Access to systems holding client credentials or Amazon data is restricted to authorized personnel only, using role-based access controls
• Client account access is logged and auditable
• We do not access Amazon systems from public or unsecured networks

5. Incident Management

In the event of a suspected or confirmed security incident involving client Amazon account data or credentials:

• Beleza Consulting will notify the affected client within 72 hours of becoming aware of the incident
• We will immediately revoke or rotate any compromised credentials
• We will cooperate fully with the client and Amazon in investigating and remediating the incident
• We will take corrective action to prevent recurrence and document the incident and response

6. Employee Access Controls

• Access to client Seller Central accounts is limited to Beleza Consulting personnel who are actively delivering services to that client
• Personnel with access to client accounts are informed of and bound by this policy
• Access is revoked immediately when an employee’s role changes or they leave the organization

7. Contact

Questions regarding this policy or Beleza Consulting’s data handling practices may be directed to:

Beleza Consulting

belezaconsulting.com