J
JDTC
Amazon SP-API Compliant

Data Protection Policy

JDTC's commitment to protecting Amazon seller data in compliance with Amazon's Data Protection Policy and international data protection standards.

Last updated: March 31, 2026

Our Data Protection Principles

Six core principles guide how we handle all data accessed through Amazon's SP-API.

Data Minimization

We only collect and process data that is strictly necessary for providing the requested services. No excess data collection.

Encryption & Security

All data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Regular security audits ensure ongoing protection.

Access Control

Strict role-based access controls ensure only authorized personnel can access sensitive data, with full audit logging.

Data Deletion

PII is deleted within 30 days of order completion. All data is permanently deleted upon contract termination.

Incident Response

We maintain a comprehensive incident response plan and will notify Amazon and affected parties within 24 hours of any breach.

Policy Compliance

Full compliance with Amazon's Data Protection Policy, Acceptable Use Policy, and applicable data protection regulations.

1. Scope and Purpose

This Data Protection Policy applies to all data accessed, processed, or stored by JDTC Co., Ltd. in connection with our Amazon Selling Partner API (SP-API) services. It supplements our Privacy Policy and is specifically designed to address the requirements of Amazon's Data Protection Policy.

2. Types of Data We Handle

Data TypePurposeRetention Period
Order PII (names, addresses)Order fulfillment only30 days post-delivery
Product & inventory dataStore managementDuration of contract
Sales analytics dataPerformance reportingDuration of contract + 1 year
Advertising dataCampaign managementDuration of contract
Account credentialsSystem accessDeleted upon termination

3. Technical Security Measures

JDTC implements the following technical measures to protect Amazon seller data:

  • Transport Security: TLS 1.2 or higher for all data in transit
  • Storage Encryption: AES-256 encryption for all data at rest
  • Authentication: Multi-factor authentication (MFA) required for all system access
  • Network Security: Firewall protection, intrusion detection systems, and regular penetration testing
  • Access Logging: Comprehensive audit logs for all data access and modifications
  • Vulnerability Management: Regular security scans and patch management
  • Backup & Recovery: Encrypted backups with tested recovery procedures

4. Organizational Security Measures

  • All employees with data access receive regular privacy and security training
  • Role-based access control (RBAC) limits data access to job-necessary information
  • Background checks conducted for employees handling sensitive data
  • Confidentiality agreements signed by all staff and contractors
  • Regular internal audits of data handling practices

5. Amazon Data Protection Policy Compliance

JDTC strictly adheres to Amazon's Data Protection Policy requirements:

  • We only access Amazon seller data through authorized SP-API endpoints
  • We use Amazon data only for the specific purposes authorized by the seller
  • We do not share Amazon seller data with unauthorized third parties
  • We do not use Amazon data for advertising or marketing without explicit consent
  • We maintain data processing records as required by Amazon's policies
  • We cooperate fully with Amazon's security reviews and audits

6. Data Breach Response

In the event of a data security incident, JDTC will:

  1. Immediately contain and assess the incident
  2. Notify Amazon within 24 hours of discovery
  3. Notify affected sellers within 72 hours
  4. Conduct a thorough investigation and root cause analysis
  5. Implement corrective measures to prevent recurrence
  6. Provide a detailed incident report to all affected parties

7. Third-Party Processors

When we engage third-party service providers who may process Amazon seller data, we:

  • Conduct thorough due diligence on their security practices
  • Execute data processing agreements with appropriate protections
  • Ensure they comply with Amazon's Data Protection Policy
  • Maintain a register of all third-party processors

8. Contact for Data Protection Inquiries

Data Protection Contact

JDTC Co., Ltd.
305, Woodae Building, 6 Wiryeseoil-ro, Sujeong-gu, Seongnam-si, Gyeonggi-do, Korea
Phone: 031-732-7734