Privacy Policy

1. Overview

eStore Factory LLC ("we", "us", or "our") is a full-service Amazon agency and software company registered in the United States. We provide two categories of services:

Managed Services: Full-service Amazon account management for sellers, delivered through our team of specialists under the Amazon Service Provider Network (SPN).

SaaS Tools: Software-as-a-Service products built on the Amazon Selling Partner API (SP-API), including SellerQI (members.sellerqi.com) and Refunzo, which sellers use to manage and optimize their Amazon businesses independently.

This Privacy Policy explains how we collect, use, store, and protect information across both our managed services and our SaaS products, including our websites at estorefactory.com and sellerqi.com (collectively, the "Services").

By engaging our services or using our software, you agree to the practices described in this policy. If you do not agree, please discontinue use of the Services.

2. Information We Collect

2.1 Business and Contact Information

When you engage eStore Factory for managed services or register for any of our SaaS products, we collect:

• Name, email address, and phone number

• Business name, address, and Amazon Seller account identifiers

• Password for SaaS accounts (securely hashed before storage — never stored in plain text)

• Billing information processed via our payment provider (we do not store full card details)

• Communication records from emails, calls, or support interactions

2.2 Amazon Selling Partner Data — Managed Services (SPN)

For clients who engage eStore Factory for managed Amazon account services, we access your Amazon Seller Central account through Amazon's Solution Provider Portal (SPP), under our registration as an Amazon Service Provider Network (SPN) member. Through this access, we may work with:

• Listing content, inventory, and catalogue data

• Order management and fulfilment data

• Advertising campaigns and performance data (Sponsored Products, Sponsored Brands, Sponsored Display)

• Account health metrics, performance notifications, and case management

• Financial reports, settlement data, and reimbursement records

• Brand Registry assets and A+ content

This access is granted explicitly by you via the SPP authorization workflow and can be revoked at any time through your Seller Central account. Data accessed for managed services is used solely to perform the account management activities you have engaged us to carry out on your behalf.

2.3 Amazon Selling Partner Data — SaaS Tools (SP-API)

For users of SellerQI, Refunzo, and any future SaaS products built by eStore Factory, we connect to your Amazon account via Amazon's Selling Partner API (SP-API) using OAuth-based authorization. Depending on the product and features you use, this may include:

• Listing and inventory data (ASINs, SKUs, pricing, stock levels)

• Order performance metrics, account health indicators, and defect rates

• PPC advertising data (campaigns, bids, spend, impressions, clicks, conversions)

• FBA reimbursement and financial adjustment data

• Brand Analytics reports (search term data, market basket analysis, item comparison, alternate purchase behaviour, demographics, and repeat purchase data — available only to Brand Registered sellers)

• Keyword recommendations and search visibility data

Important: SP-API data accessed through our SaaS tools is retrieved on-demand and displayed in-session only. We do not persist raw Amazon API response data to our databases beyond your active session, except where you have explicitly opted to retain historical trend data for performance tracking purposes within the product.

2.4 Usage Data

We automatically collect certain technical information when you use our SaaS products, including:

• IP address and general location (country/region level only)

• Browser type and operating system

• Pages visited and features used

• Session duration and timestamps

This data is used solely for service reliability, security monitoring, and product improvement. We do not use third-party analytics trackers on our platforms.

2.5 Communications

If you contact us for support, onboarding, or general enquiries, we retain those communication records to provide ongoing service and support.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Delivering managed Amazon account services on behalf of clients who have authorized our access

• Providing and operating our SaaS products, including connecting to Amazon accounts and displaying data within product dashboards

• Communicating with clients about account activity, campaign performance, and service delivery

• Sending transactional emails including account confirmations, password resets, and billing notifications via Amazon Web Services Simple Email Service (AWS SES)

• Sending product and service update communications (you may opt out at any time)

• Monitoring and improving service performance, reliability, and security

• Complying with Amazon's Acceptable Use Policy (AUP), Data Protection Policy (DPP), and Solution Provider Agreement

• Complying with applicable US federal and state laws and regulations

We do not use your Amazon selling partner data for any purpose beyond delivering the specific service you have engaged us for. We do not sell, license, or share Amazon data with third parties for advertising, benchmarking, or any other commercial purpose.

4. Data Storage and Retention

4.1 Storage Infrastructure

Our SaaS products (including SellerQI and Refunzo) are built on a MERN stack architecture (MongoDB, Express.js, React, Node.js). All application data is stored in MongoDB with the following protections in place:

• All data in transit is encrypted using TLS (HTTPS) — unencrypted HTTP is not supported

• Passwords and sensitive credentials are securely hashed before storage and never stored in plain text

• Access to application data is governed by authentication mechanisms and role-based access control (RBAC)

• Database credentials and server configuration secrets are managed via environment variables with restricted access policies — never hardcoded in application code or version control

• Production infrastructure is isolated from development and staging environments

4.2 Amazon API Data Retention

In accordance with Amazon's Data Protection Policy, Amazon SP-API response data is handled as follows:

• Session data: SP-API responses displayed in SaaS dashboards are not persisted to our database. Data is fetched fresh on each request.

• Non-PII operational data (such as aggregated performance metrics a user has opted to retain): stored for a maximum of 18 months, after which it is automatically deleted.

• System access logs: retained for a minimum of 12 months for security monitoring purposes, in compliance with Amazon's Data Protection Policy (effective November 2025).

4.3 Managed Services Data

Data accessed via SPP for managed service clients is used exclusively for the purpose of account management activities. We do not store copies of client Amazon account data beyond what is necessary for active service delivery. Upon termination of a managed services engagement, access is revoked and any retained operational data is deleted within 30 days.

4.4 Account and Contact Data

Personal and business contact information is retained for as long as your account or engagement remains active. Upon account closure or engagement termination, we will delete your personal data within 30 days, except where retention is required by law or to resolve outstanding billing matters.

5. Data Sharing and Third Parties

We do not sell or rent your personal information. We share data only in the following limited circumstances:

• Amazon SP-API: We make API calls to Amazon on your behalf using your authorized credentials. Amazon's own privacy policy governs data held on their platform.

• Amazon SPP: For managed service clients, account access is conducted through Amazon's Solution Provider Portal. Amazon's policies govern the authorization and access framework.

• AWS SES: We use Amazon Web Services Simple Email Service to deliver transactional and operational emails. AWS processes your email address solely to deliver messages.

• Legal requirements: We may disclose information if required by applicable law, court order, or to protect the rights and safety of our clients or the public.

All subprocessors who handle your data are bound by data protection agreements consistent with applicable privacy regulations.

6. Amazon SP-API and SPN Compliance

eStore Factory is registered with Amazon's Selling Partner API as a public developer and with Amazon's Service Provider Network (SPN) as an authorized service provider. We comply fully with Amazon's Acceptable Use Policy (AUP), Data Protection Policy (DPP), and Solution Provider Agreement across all products and services. Specifically:

• We only request SP-API roles necessary for the specific features of each product

• SPP access for managed services is granted by clients through Amazon's authorized authorization workflow and is used solely to perform agreed account management activities

• We do not use SP-API or SPP data to compete with Amazon or its selling partners

• We do not combine Amazon data with other data sources to re-identify individuals

• We do not transfer Amazon data to unauthorized third parties

• Clients can revoke our SP-API access at any time via Seller Central > Apps & Services > Manage Your Apps

• Clients can revoke our SPP managed services access at any time via their Seller Central account settings

7. Security

We implement the following security controls to protect your data:

• All data in transit is encrypted via TLS (HTTPS) — unencrypted connections are not permitted

• Passwords are hashed using industry-standard algorithms before storage and are never accessible in plain text

• Access to application data is enforced through authentication and role-based access control (RBAC)

• Database credentials and server configuration secrets are stored as environment variables with restricted access — never exposed in code or version control

• Vulnerability assessments and code security reviews are conducted prior to each production release

• Critical vulnerabilities are resolved within 7 days of discovery; high-risk vulnerabilities within 30 days

• An incident response plan is maintained with a designated point of contact for data breach events

• Internal access to production systems is limited to authorized personnel on a need-to-know basis

While we implement industry-standard security measures, no system is entirely immune to risk. We encourage clients and users to use strong, unique passwords and to revoke access promptly if they suspect any unauthorized activity on their accounts.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you

• Correction: Request correction of inaccurate or incomplete data

• Deletion: Request deletion of your personal data, subject to legal retention requirements

• Portability: Request your data in a machine-readable format

• Opt-out: Unsubscribe from marketing or product communications at any time via the unsubscribe link in any email, or by contacting us directly

• Revoke SP-API Access: Disconnect any eStore Factory SaaS product from your Amazon account at any time via Seller Central > Apps & Services > Manage Your Apps

• Revoke Managed Services Access: Remove eStore Factory's SPP access at any time via your Seller Central account settings

To exercise any of these rights, contact us at info@estorefactory.com. We will respond within 30 days.

9. Children's Privacy

Our services are intended for use by adults operating Amazon seller businesses. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that a minor has provided us with personal data, we will delete it promptly.

10. International Users

eStore Factory LLC is operated from the United States. If you are accessing our services from outside the US — including from Australia, the United Kingdom, or the European Economic Area — please be aware that your information may be transferred to, stored, and processed in the United States. By engaging our services, you consent to this transfer.

Where applicable, we process data in accordance with relevant regional privacy regulations including the California Consumer Privacy Act (CCPA) and, where services are accessed by users in the European Economic Area, the General Data Protection Regulation (GDPR).

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or Amazon's data policies. When we do, we will update the "Last Updated" date at the top of this page and, where the changes are material, notify affected users and clients by email. Your continued use of our services after any update constitutes your acceptance of the revised policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or the data we hold about you, please contact us:

eStore Factory LLC

Email: info@estorefactory.com

Website: https://www.estorefactory.com

United States