This Privacy Policy applies to the HCY Tech public website and to the data-processing activities we perform in connection with our overseas warehouse system, Amazon SP-API order synchronization, fulfillment coordination, and data-governance support. HCY Tech is an independent service provider and is not affiliated with Amazon or Amazon Marketplace.
1. Scope
This policy covers (a) data generated when you visit our website or submit an inquiry and (b) business and personal data that we process for customers while delivering overseas warehouse and Amazon-related order workflows.
2. Data we may collect or process
- Inquiry data such as company name, contact name, email, phone number, requirement description, submission time, and basic access logs;
- Merchant account and authorization data such as business identity details, account-role information, authorization status, and necessary callback or credential settings;
- Order and fulfillment data such as order IDs, SKUs, quantities, shipping status, tracking numbers, after-sales status, and related business fields;
- Inventory and warehouse data such as stock counts, location data, task states, and exception records;
- Personal data such as recipient name, address, phone number, email address, or business contact details of customer staff and partners;
- Security and audit records such as login history, change logs, error logs, ticket records, permission updates, and alerts.
3. Purposes of processing
- Respond to inquiries, provide proposals, perform contracts, and support project planning;
- Support Amazon SP-API order synchronization, warehouse execution, inventory coordination, and after-sales tracking;
- Maintain service security, investigate failures or misuse, and preserve auditability;
- Handle deletion requests, authorization revocation, retention cleanup, and compliance workflows;
- Comply with legal, contractual, or platform-policy obligations.
4. Processing principles
- Data minimization: we process only the fields needed for the agreed service;
- Purpose limitation: we do not sell customer data or use it for unrelated advertising, profiling, resale, or brokerage;
- Transparency: we describe our public-facing service scope, contact details, and key data-handling practices clearly;
- Least privilege: access is limited to personnel with a business need and confidentiality obligations.
5. Roles
In most B2B delivery scenarios, the customer determines the business purpose and means of processing, and we act as a processor or service provider under customer instructions. For website inquiries, contract management, and security operations, we may also act as an independent controller of limited business contact data.
6. Sharing
We do not sell data. We may share data only where necessary to perform the agreed service, such as with infrastructure, communications, development-support, ticketing, or fulfillment vendors operating under confidentiality and security obligations; where the customer directs us to do so; or where disclosure is required by law or necessary to protect rights and safety.
7. Cross-border transfers and storage
Storage and access locations depend on the deployment model, project region, and customer choices. If cross-border processing is involved, we rely on contractual, technical, and organizational safeguards appropriate to the service model and applicable law.
8. Retention and deletion
- Website inquiry records are generally retained for up to 24 months for follow-up and internal recordkeeping;
- Project data retention is governed by contract, customer configuration, and legal obligations;
- Key security and operational logs are retained for at least 12 months;
- Amazon PII is not intentionally stored in plaintext logs; where necessary, fields are masked, minimized, or excluded from log output;
- Upon termination or valid request, we support return, export, deletion, or anonymization according to the agreement.
9. Security measures
- HTTPS/TLS for data in transit;
- Access control, approvals, logging, and restricted handling for sensitive operations;
- Encryption, masking, or restricted handling where appropriate for sensitive fields and backups;
- Incident-response procedures for detection, containment, remediation, and review.
10. Public site and operational domains
This website is the public disclosure site for the company and the product. Production callback endpoints, API domains, or customer-deployed domains may differ from the public site and are used only for actual business processing. The public site is not intended to serve as a production operational endpoint.
11. Authorization revocation, export, and deletion requests
Customers or their end users may email support@hcytechsoft.com to request authorization revocation, data export, or deletion. We generally acknowledge such requests within 7 business days and, after identity and obligation checks, complete the request or explain any limitation within 30 days.
12. Platform data-handling commitments
- We request and process only the data fields needed for the real workflow described on this site;
- We do not claim to be an official Amazon entity, agent, or affiliate;
- We do not use platform- or project-derived data for unrelated advertising, profiling, resale, or data brokerage;
- If partners request clarification, we provide explanations consistent with this public site and the real workflow.
13. Rights and requests
You may contact us regarding access, correction, or deletion of your website inquiry data. If we process consumer or merchant data on behalf of a customer, the relevant individual should usually contact that customer first; we will support the customer as processor where appropriate.
14. Children
Our website and services are intended for business users, not children. If we learn that we collected data that should not have been processed, we will take reasonable steps to delete or restrict it.
15. Updates and contact
We may update this policy as our services, systems, or legal obligations change. The latest version will appear on this page. Contact: support@hcytechsoft.com