中文 EN 日本語

This Privacy Policy applies to Jilian Overseas Warehouse Management System and related services provided by Shanghai Huanchuangyu Technology Co., Ltd. We protect customer data and PII in alignment with Amazon SP-API requirements and applicable laws.

1. Scope and Roles

In most scenarios, the customer acts as the data controller, and we act as a data processor handling data only under customer authorization and contractual instructions.

2. Data Categories We Collect and Process (Including PII)

Based on service requirements, we collect and process data through Amazon SP-API, customer-submitted records in the system, and warehouse/fulfillment operation logs:

  • Order and fulfillment data (order IDs, SKUs, quantities, shipment status, returns);
  • Recipient/contact PII (name, address, phone, email), subject to granted scope;
  • Inventory and warehouse operational data (warehouse, bin, batch, stock movements);
  • System/security logs (Amazon API calls, errors, audit trails);
  • Shipping fulfillment data (carrier, tracking number, ship timestamp, tracking milestones).

3. Amazon SP-API Data Usage Principles

  • Used only for necessary business operations such as order sync, inventory sync, Amazon Automated Shipment Feedback, support, and reporting;
  • Not used for unrelated advertising, profiling, or data resale;
  • Collected and processed under least-privilege and minimum-necessary principles.

4. Storage and Tenant Isolation

  • We support both SaaS and private deployment with tenant isolation to prevent cross-tenant data mixing;
  • In SaaS mode, data is logically isolated per tenant with strict access controls; in private deployment, data remains in customer-dedicated environments;
  • Production and testing environments are separated, with restricted non-essential access;
  • Backups are stored separately and protected by access controls.

5. Access Control and Authorization

  • Role-based access with least privilege;
  • Auditable logging for sensitive operations;
  • Controlled and reviewed production-access permissions.

6. Security Controls (Including Encryption Methods)

  • Encrypted transport via HTTPS/TLS (TLS 1.2 or above) for Amazon API and management access;
  • Data at rest protected with AES-256 or an equivalent encryption mechanism;
  • Sensitive fields protected with field-level encryption, masking, or hashing where applicable;
  • Backup protection and lifecycle cleanup controls.

7. Data Sharing and Subprocessors

We do not sell customer data. Data is shared only when necessary to deliver services, under customer authorization, with vetted entrusted processing components bound by confidentiality and security obligations, or when required by law.

8. Data Retention Period and Deletion Methods

  • Business data (including order, fulfillment, and PII data) is retained for 90 days by default (unless legal/regulatory requirements require otherwise);
  • Audit logs and monitoring logs are retained for 90 days by default;
  • System backups use rolling retention with a default period of 90 days;
  • Deletion method: customer-initiated deletion/anonymization requests are supported; primary data is typically deleted or anonymized within 30 days after verification;
  • Expiration cleanup: data is automatically deleted or overwritten at retention expiry; backup data is removed by rotation overwrite and is non-recoverable after expiry.

9. SECURITY OVERVIEW

  • Encryption at rest (AES-256): data at rest is protected with AES-256 or an equivalent encryption mechanism;
  • Encryption in transit (TLS 1.2+): transport channels use TLS 1.2 or higher;
  • RBAC: role-based access control enforces least-privilege permissions;
  • MFA: multi-factor authentication is required/supported for privileged accounts and high-risk actions;
  • Logging & Monitoring: audit logs are retained and monitored for abnormal access and API activity;
  • Incident Response: documented procedures for identification, containment, remediation, post-incident review, and required notifications.

10. Incident Response

We maintain incident response procedures for containment, investigation, remediation, and customer notification within contractual and legal requirements.

11. Data Subject and Customer Requests

Customers may request access, correction, export, or deletion support for business data. We process requests after identity and authorization verification.

12. Children and Sensitive Use Restrictions

Our services are for business customers and not directed to children. Amazon API data is not used for unrelated sensitive-purpose processing.

13. Policy Updates and Contact

We may update this policy due to business or legal changes. Updates are published on this page with an effective date. Contact: support@hcytechsoft.com

14. Data Compliance and PII Protection Highlights

  • We access Amazon data only within customer-granted SP-API authorization scope;
  • PII is used only for fulfillment, warehousing, after-sales support, and required service operations;
  • We do not sell Amazon data or use it for unrelated advertising/marketing;
  • We apply least-privilege access, audit logging, encrypted transport, and tenant isolation;
  • We support export/correction/deletion workflows and authorization withdrawal handling;
  • Security incidents are handled through formal response procedures with customer notification as required.

15. Amazon Automated Shipment Feedback Capabilities

  • Capability scope: within customer-granted authorization, the system syncs Amazon order and recipient information and automatically returns tracking number, carrier, shipment status (Shipped), and ship timestamp after dispatch.
  • Tracking & label mechanism: shipping labels and tracking numbers are generated in contracted carrier systems (for example, Sagawa Japan and Yamato Kuroneko) and automatically linked to orders during outbound operations.
  • Amazon Automated Shipment Feedback Workflow: once warehouse fulfillment is completed, WMS sends shipment feedback via Amazon SP-API, and Amazon updates order status and tracking visibility for buyers in near real time.

16. No Data Sale Statement

  • We do not sell, rent, or trade Amazon data or customer business data;
  • We do not use Amazon data for unrelated advertising, marketing, or data brokerage;
  • Data sharing is limited to customer authorization, contractual necessity, or legal requirements.