Privacy & Data Handling Policy

Smash Commerce

Last updated: January 2026

1. Introduction

Smash Commerce ("we", "our", "us") operates internal software applications used to manage e-commerce operations across our owned brands and Amazon Seller Central accounts. This policy describes how we collect, process, and protect data obtained through Amazon Selling Partner API (SP-API).

2. Amazon Data We Access

Our internal applications may access limited Amazon data, including:

  • Order identifiers
  • Product and inventory data
  • Buyer shipping address and buyer name (only when required for fulfillment or customer support)

We do not access buyer data for marketing, profiling, or analytics purposes.

3. Purpose of Data Use

Amazon data is used exclusively for:

  • Order fulfillment and shipping coordination
  • Customer support related to order delivery
  • Internal operational workflows

Data is not sold, rented, or shared for advertising or promotional activities.

4. Data Storage & Retention

Buyer Personally Identifiable Information (PII), such as shipping address and buyer name:

  • Is processed only at runtime
  • Is not stored in databases or logs
  • Is discarded immediately after fulfillment actions complete

Only non-PII operational metadata (e.g., order ID, SKU, status) may be stored for internal tracking.

5. Data Security

We implement industry-standard security controls, including:

  • Encrypted communication (HTTPS/TLS)
  • Role-based access controls
  • Secure credential storage using managed secret systems
  • Logging and monitoring of system activity

Access to Amazon data is limited to authorized personnel and systems on a need-to-know basis.

6. Data Sharing

Buyer PII is not shared with third parties, except where strictly required to complete order delivery (e.g., providing shipping address to a carrier).

7. Incident Response

Smash Commerce maintains an incident response process to identify, contain, investigate, and remediate security incidents. In the event of unauthorized access or data exposure, corrective actions are taken immediately.

8. Data Subject Requests

Because buyer PII is not stored, no long-term data is retained. Any incidental data captured unintentionally would be deleted promptly upon discovery.

9. Contact Information

For privacy or security inquiries, contact:

Email: security@smashcommerce.net