Scalerify Management LLC ("Company," "we," "us," or "our") is dedicated to providing high-performance, secure, and compliant software solutions for Amazon Sellers through our SaaS platform, Keox AIO.
As an approved Amazon Selling Partner API ("SP-API") developer, we are strictly committed to protecting the integrity, confidentiality, and security of all data retrieved from Amazon's systems.1 This Compliance Statement outlines the technical and organizational security controls implemented by the Company to ensure full, ongoing compliance with the Amazon Selling Partner API Data Protection Policy (DPP) and Acceptable Use Policy (AUP).1
1 References to Amazon's Selling Partner API Data Protection Policy (DPP) and Acceptable Use Policy (AUP) — official documentation available at developer.amazonservices.com.
1 Principle of Data Minimization
We strictly adhere to the principle of data minimization as mandated by Amazon.1 Keox AIO only requests API access permissions (scopes) that are strictly necessary to deliver our optimization, diagnostic, and writing services.1
Authorized Roles: We limit our API queries to catalog, pricing, listings, and public review metadata.
No Access to Restricted Buyer Data: Keox AIO does not request, access, or process Amazon Restricted Roles (such as Direct-to-Consumer Shipping, Tax Information, or Tax Registration). We do not collect, process, or store any Personally Identifiable Information (PII) of Amazon buyers, including names, phone numbers, physical addresses, or email addresses.1
2 Data Encryption
To protect Amazon Information from unauthorized access, alteration, or interception, we enforce state-of-the-art encryption protocols across all environments.1
Encryption in Transit: All data moving between Amazon SP-API, our platform servers, and the Customer's web browser is encrypted in transit using industry-standard Transport Layer Security (TLS 1.2 or TLS 1.3) protocols.
Encryption at Rest: All Amazon Information stored within our cloud databases (hosted on secure enterprise platforms such as AWS / Google Cloud) is encrypted at rest using Advanced Encryption Standard (AES) with a 256-bit key length (AES-256).1 Cryptographic keys are managed, rotated, and secured using automated KMS (Key Management Services).1
3 Access Control and Identity Management
We restrict access to systems hosting Amazon Information to prevent unauthorized internal or external access.1
Principle of Least Privilege: Access to production databases containing Amazon-sourced information is strictly restricted to a limited number of authorized Company system administrators who require access to maintain system integrity.
Authentication Requirements: Multi-Factor Authentication (MFA) is strictly enforced for all internal developer and administrator accounts accessing the cloud infrastructure hosting Keox AIO.1
Session Management: User sessions on the Keox AIO platform automatically expire after a set period of inactivity, requiring re-authentication to prevent unauthorized local terminal access.
4 Data Retention and Disposal
We do not retain Amazon Information indefinitely.1 We store retrieved product metadata, listing details, and metrics only for the duration required to provide active monitoring and diagnostic services to the Customer.1
Disposal of Amazon Information: Within thirty (30) days of a Customer disconnecting their Amazon Seller Central store from Keox AIO or terminating their SaaS subscription, all Amazon-sourced information associated with that store is permanently and securely deleted from our active production databases.1
Secure Deletion Standards: Data deletion is executed using secure logical overwriting or sanitization processes designed to prevent any possibility of forensic data recovery, in compliance with NIST SP 800-88 guidelines.1
5 Logging and Monitoring
The Company maintains rigorous logging systems to ensure auditability and security oversight.1
Access Logs: We maintain detailed, tamper-evident system logs capturing all administrative and programmatic access to databases containing Amazon-sourced information.1
Log Retention: Security-related system logs are retained for at least ninety (90) days to support security audits and investigations, if necessary.1
Intrusion Detection: Automated security monitoring systems are deployed to detect unauthorized access attempts, anomalous API call rates, or potential brute-force activities.
6 Vulnerability Management and Secure Development
We maintain a secure coding and systems lifecycle to minimize security risks:
Secure Development Lifecycle (SDLC): Our development team follows secure development practices, incorporating dependency scanning and code reviews before deployment.
Vulnerability Scanning: Regular automated vulnerability scans are conducted on our application stack and cloud infrastructure to identify, prioritize, and remediate technical flaws in a timely manner.
Patch Management: Critical security patches and system updates are systematically applied to all servers, operating systems, and packages according to an established maintenance schedule.
7 Incident Response Plan
The Company maintains a documented Security Incident Response Plan designed to address any potential security breach or unauthorized access to our systems:
Detection and Containment: In the event of a suspected security incident, our security team will immediately execute containment protocols to isolate affected systems and secure data.
Amazon Notification: In accordance with the Amazon SP-API Developer Agreement, we will notify Amazon Security in writing at
3p-security@amazon.com within
twenty-four (24) hours of discovering any verified security incident that compromises, or is suspected to have compromised, Amazon Information.
1
Customer Notification: We will promptly notify affected Customers if their business metadata or account credentials have been impacted by a security incident.
8 Audit and Compliance Review
Scalerify Management LLC undergoes regular internal audits to verify continued compliance with Amazon's Data Protection Policy.1 We agree to cooperate fully with any security audits, questionnaires, or reviews conducted by Amazon or its authorized third-party auditors to verify our adherence to these standards.1
9 Contact Information
If you have any questions, require clarification, or wish to report a security concern regarding our data protection practices, please contact our security compliance team via our contact page or by mail at the address below.
Scalerify Management LLC
Attention: Security & Compliance Team
Operations
18117 Biscayne Blvd #1744, Miami, FL 33160, United States