HCY Tech is a software development company. Our core product is an overseas warehouse system that supports Amazon SP-API order synchronization, fulfillment coordination, inventory management, access traceability, and data governance. We are an independent provider and are not an official Amazon entity, agent, or affiliate.
1. Operating scenarios
- Access Amazon SP-API after merchant authorization to retrieve the business data needed for order intake, warehouse fulfillment, and customer support;
- Move order, inventory, warehouse, shipping, and after-sales status data into the warehouse system for internal execution;
- Process recipient name, address, phone number, email address, or similar personal data only where necessary for fulfillment and legal obligations;
- Maintain audit records for key access, export, update, deletion, and permission-change events.
2. Public website and operational domains
This website is the public-facing company and product site. It explains our company identity, service scope, contact details, privacy terms, and data-handling principles. Production API endpoints, callback domains, or customer-deployed domains may differ from the public site and are used only for real operational processing.
3. Data minimization and access control
- We process only the fields needed for order synchronization, fulfillment coordination, support, and auditing;
- Amazon PII is not used for unrelated marketing, profiling, resale, or data brokerage;
- Sensitive fields are restricted by role and are masked, minimized, or limited where appropriate;
- Deletion requests, authorization revocations, retention cleanup, and processing records follow documented workflows.
4. Logging and monitoring
- We maintain application logs, access logs, administrative logs, and key security-event logs;
- Key security and operational logs are retained for at least 12 months;
- Amazon PII is not intentionally stored in plaintext logs; fields are masked, minimized, or excluded where necessary;
- Log access is limited to authorized personnel for anomaly detection, investigation, remediation, and internal review.
5. Transmission and storage safeguards
- HTTPS/TLS protects data in transit;
- Access controls apply to sensitive fields, backups, and management operations, with encryption or masking where appropriate;
- Approvals, alerting, vulnerability handling, and incident response support ongoing operational security.
6. Export, deletion, and revocation
Customers or their end users may email support@hcytechsoft.com to request authorization revocation, data export, or deletion. We generally acknowledge requests within 7 business days and, after identity and obligation checks, complete them or explain any limitation within 30 days.