1. Amazon Data Protection Policy compliance
Hive Mind Nestor Private Limited ("Hive Mind Nestor", "we") complies with Amazon's Data Protection Policy (DPP) and the Selling Partner API Acceptable Use Policy (AUP) as they apply to public developers and service providers. Our Hive Mind Ad Optimizer application has been built and operated in accordance with these requirements, and this Notice describes the specific safeguards we apply to Amazon-sourced data.
2. Source of Amazon data
Amazon Brand Analytics reports — including Search Query Performance and Search Catalog Performance — are accessed only via the official Selling Partner API, and only after the Selling Partner has completed Amazon's official OAuth authorization flow granting our application access. We do not scrape Amazon, do not buy Amazon data from third parties, and do not access any data outside the scopes granted by the authorizing seller.
3. Purpose limitation
Amazon data we receive on a seller's behalf is used exclusively to:
- Generate analytics, dashboards, and reports for the authorizing seller's own account;
- Power AI-generated recommendations grounded in that seller's own data;
- Produce exportable summaries that the seller can download.
Amazon data is never aggregated across sellers, never shared with third parties, never sold to data brokers, and never used to train general-purpose machine-learning models.
4. Encryption in transit and at rest
All Amazon data is transmitted over HTTPS using TLS 1.2 or higher (TLS 1.3 where supported). Amazon refresh tokens and any persisted Brand Analytics extracts are encrypted at rest using AES-256. Encryption keys and OAuth refresh tokens are managed through encrypted environment variables and a managed secrets store; they are not checked into source control and are not accessible to unauthorized personnel.
5. Access control
Access to Amazon-sourced data is restricted to authorized Hive Mind Nestor personnel on a least-privilege basis. Personnel access is audit-logged. Authorized sellers can view, export, and delete their data from within the Hive Mind Ad Optimizer application at any time.
6. Incident response & reporting
We maintain a written Incident Response Plan and Security Incident Reporting Procedure that meet Amazon's DPP obligations. In the event of a confirmed security incident affecting Amazon Information, we will notify Amazon and affected sellers within 24 hours of discovery, consistent with Amazon's reporting requirements.
Reference documents: Incident Response Plan (PDF) · Security Incident Reporting Procedure (PDF).
7. Retention and deletion
Amazon data is retained only for the duration of the authorizing seller's active subscription and is permanently deleted within 30 days of account closure or upon the seller's request, whichever is earlier. Where data is required by law to be retained for a longer period (for example, tax records), only the minimum required data set is retained, in encrypted form.
8. Revoking access
Authorized sellers may revoke Hive Mind Ad Optimizer's access to their Amazon account at any time directly from Amazon Seller Central (Settings → User Permissions → Manage Your Apps), or by emailing info@hivemindnestor.com. Upon revocation, we stop calling Amazon APIs on the seller's behalf immediately and delete stored data in accordance with the retention schedule above.
9. Contact
For any data-protection question or to exercise any of the rights described in this Notice, contact our Data Protection Officer at info@hivemindnestor.com.