Privacy Policy for SellAnalytix
Effective Date: September 23, 2024
This Privacy Policy describes how SellAnalytix, a service provided by SELLANALYTIX, LLC (“we,” “our,” or “us”), collects, uses, and discloses personal data when you use our website https://sellanalytix.com (the “Website”) and the services offered through it (collectively, the “Services”).
Who we are: SellAnalytix is a US-based company operating under the legal entity SELLANALYTIX, LLC. We specialize in providing ecommerce accounting services and can be reached at support@sellanalytix.com.
Personal Data We Collect: We may collect the following types of personal data when you use our Services:
- Personal Information: We may collect your name, email address, and any other information you voluntarily provide to us through the Website or when contacting us via email.
- Transactional Information: When you make a purchase through our Services, we may collect information related to the transaction, such as the products or services purchased, payment details, and billing address.
- Technical Information: We may automatically collect certain technical data when you visit our Website, including your IP address, browser type, operating system, and other device identifiers. We may also collect information about your use of the Website, such as the pages you visit, the links you click on, and the duration of your visit. This information is collected using cookies and similar tracking technologies. Please refer to our Cookie Policy for more details.
How We Use Your Personal Data: We may use the personal data we collect for the following purposes:
- To provide and maintain our Services: We use your personal data to fulfill your requests, process transactions, and provide customer support.
- To communicate with you: We may use your email address to send you important information regarding our Services, such as updates, notifications, and promotional offers. You can opt-out of receiving marketing communications by following the unsubscribe instructions provided in our emails.
- To improve our Services: We analyze the usage data we collect to enhance and personalize your experience on the Website, develop new features, and improve the overall functionality and performance of our Services.
How We Share Your Personal Data: We may disclose your personal data to the following categories of recipients:
- Service Providers: We may engage third-party service providers to assist us in operating our business and providing the Services. These service providers may have access to your personal data but are only authorized to use it as necessary to perform services on our behalf and are obligated to maintain its confidentiality.
- Legal Requirements: We may disclose your personal data if required to do so by law or in response to valid legal requests, such as subpoenas, court orders, or government regulations.
- Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, we may transfer your personal data to the relevant third party involved in the transaction.
Data Security: We take data security seriously and have implemented various measures to protect your personal data. These measures include:
- Network Protection Controls: We restrict public access to our databases, file servers, and desktop/developer endpoints through network firewalls and network access control lists. These controls deny access to unauthorized IP addresses. We also implement anti-virus and anti-malware software on end-user devices.
- Employee Access Controls: We individually identify employees who have access to our systems and restrict their access on a need-to-know basis. We implement fine-grained access control mechanisms and assign unique IDs to each person with computer access. We do not create or use generic, shared, or default login credentials or user accounts. Access to our systems is regularly reviewed and removed when no longer required.
- Monitoring and Incident Response: We have mechanisms in place to monitor and prevent unauthorized access to our systems. We detect and log malicious activity in our applications and systems, gathering logs to investigate security-related events. We maintain an incident response plan to handle database hacks, unauthorized access, and data leaks.
Non-Amazon Sources and Sharing of Amazon Information: a. Amazon Data Sharing: Amazon data is not shared with any outside parties. We maintain the confidentiality and security of Amazon Information within our organization.
- Non-Amazon Sources: Not applicable. We retrieve Amazon Information directly from Amazon and do not obtain it from non-Amazon sources.
Privacy and Data Handling Policies: We have comprehensive privacy and data handling policies in place that describe how Amazon data is collected, processed, stored, used, shared, and disposed of. You can review our privacy policy on our website [insert URL of privacy policy].
Storage and Encryption of Amazon Information: We store Amazon Information at rest in secure databases. We encrypt all information using industry-standard encryption algorithms such as AES-128 or RSA with a 2048-bit key size or higher. The cryptographic materials and capabilities used for encryption are only accessible to our processes and services.
Backup and Archiving of Amazon Information: We retain Amazon Information for a maximum of 30 days after order delivery, as necessary to fulfill orders and calculate/remit taxes. I
Monitoring and Prevention of Unauthorized Access from Employee Personal Devices: We restrict employees and contractors from storing Amazon Information on personal devices. We maintain account lockout mechanisms and detect anomalous usage patterns and log-in attempts. We have security alarm mechanisms in place to monitor and alert us in case of unauthorized access or incidents involving flash drives or other personal devices.
Incident Response Plan for Database Hacks, Unauthorized Access, and Data Leaks: We have a well-defined incident response plan to handle security incidents. The plan identifies incident response roles and responsibilities, defines incident types and procedures, and establishes an escalation path to notify Amazon. We regularly review and update the plan, document incidents, remediation actions, and implement controls to prevent future recurrence.
Password Management Practices: We enforce strong password management practices throughout our organization. Passwords for personnel and systems with access to Information meet minimum requirements, including a minimum length of twelve characters, a mix of upper-case letters, lower-case letters, numbers, and special characters. We establish minimum password ages and expiration periods. Multi-factor authentication (MFA) is required for all user accounts. We encrypt API keys provided by Amazon and limit access to authorized employees only.
Prevention of Exposure of Credentials: We do not hardcode sensitive credentials in our code, including encryption keys, secret access keys, or passwords. Sensitive credentials are not exposed in public code repositories. We maintain separate test and production environments to prevent exposure of credentials.
Tracking of Remediation Progress from Vulnerability Scans and Penetration Tests: We have a plan and/or runbook in place to detect and remediate vulnerabilities identified from scans and tests. We track the progress of remediation by monitoring and addressing findings promptly. We protect hardware containing information from technical vulnerabilities and conduct regular vulnerability scans and appropriate remediation actions.
Addressing Code Vulnerabilities in Development Lifecycle and Runtime: We conduct regular vulnerability scanning or penetration tests every 180 days and scan code for vulnerabilities prior to each release. We control changes to storage hardware, test and verify changes, and restrict access to authorized personnel. We address code vulnerabilities promptly and ensure security throughout the development lifecycle and runtime.
Change Management and Access Granting: We have a designated role responsible for change management requests. Access to change management tools and tracking changes is granted to authorized personnel with specific job titles, such as lead developer. We maintain a change management process to track and document changes made within our organization.
Your Rights: You have certain rights regarding your personal data. These rights may include:
- Access: You can request a copy of the personal data we hold about you.
- Rectification: If you believe that the personal data we hold about you is inaccurate or incomplete, you can request to have it corrected or updated.
- Erasure: You can request the deletion of your personal data under certain circumstances.
- Restriction: You can request the restriction of the processing of your personal data under certain circumstances.
- Objection: You can object to the processing of your personal data for direct marketing purposes.
Cookies:
Our website uses cookies to enhance your browsing experience and provide personalized functionality. These small text files are stored on your computer or device. By using cookies, we remember certain information to offer you a tailored and convenient experience.
If you leave a comment, you can opt-in to saving your name, email address, and website in cookies. This saves time when you leave future comments and lasts for one year.
When you visit our login page, a temporary cookie checks if your browser accepts cookies. It contains no personal data and is discarded when you close your browser.
Logging in sets cookies to remember your login information and screen display preferences. Login cookies last for two days, while screen options cookies last for one year. Selecting “Remember Me” extends the login for two weeks. Logging out removes the login cookies.
Editing or publishing an article sets an additional cookie with no personal data, only indicating the post ID. It expires after 1 day.
You can manage or disable cookies in your browser settings. However, note that certain features may be affected. For more information, please refer to our Cookie Policy.
To exercise your rights or for any inquiries regarding your personal data, please contact us using the contact details provided at the end of this Privacy Policy.
Changes to this Privacy Policy: We may update this Privacy Policy from time to time to reflect changes in our practices and legal obligations. We encourage you to review this Privacy Policy periodically for any updates. The “Effective Date” at the top of this Privacy Policy indicates when it was last revised.
Contact Us: If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at support@sellanalytix.com.
By using our Services, you acknowledge that you have read and understood this Privacy Policy, including how and why we collect, process, and disclose personal data.