中文 EN 日本語

This Privacy Policy applies to Jilian Overseas Warehouse Management System and related services provided by Shanghai Huanchuangyu Technology Co., Ltd. We protect customer data and PII in alignment with Amazon SP-API requirements and applicable laws.

1. Scope and Roles

In most scenarios, the customer acts as the data controller, and we act as a data processor handling data only under customer authorization and contractual instructions.

2. Data Categories We Process (Including PII)

  • Order and fulfillment data (order IDs, SKUs, quantities, shipment status, returns);
  • Recipient/contact PII (name, address, phone, email), subject to granted scope;
  • Inventory and warehouse operational data (warehouse, bin, batch, stock movements);
  • System/security logs (Amazon API calls, errors, audit trails).

3. Amazon SP-API Data Usage Principles

  • Used only for necessary business operations such as order sync, inventory sync, shipment confirmation, support, and reporting;
  • Not used for unrelated advertising, profiling, or data resale;
  • Collected and processed under least-privilege and minimum-necessary principles.

4. Storage and Tenant Isolation

We support SaaS and private deployment. In both models, customer data is isolated to prevent cross-tenant mixing. In private deployment, production data remains in customer-specific environments.

5. Access Control and Authorization

  • Role-based access with least privilege;
  • Auditable logging for sensitive operations;
  • Controlled and reviewed production-access permissions.

6. Security Controls

  • Encrypted transport (HTTPS/TLS) for Amazon API and management access;
  • Data protection measures such as masking, encryption, and restricted access where applicable;
  • Backup protection and lifecycle cleanup controls.

7. Data Sharing and Subprocessors

We do not sell customer data. Data is shared only when necessary to deliver services, under customer authorization, with vetted entrusted processing components bound by confidentiality and security obligations, or when required by law.

8. Retention and Deletion

Retention is based on contract, legal requirements, and operational necessity. Upon termination or authorization withdrawal, we support export and perform deletion/anonymization according to agreed timelines.

9. Incident Response

We maintain incident response procedures for containment, investigation, remediation, and customer notification within contractual and legal requirements.

10. Data Subject and Customer Requests

Customers may request access, correction, export, or deletion support for business data. We process requests after identity and authorization verification.

11. Children and Sensitive Use Restrictions

Our services are for business customers and not directed to children. Amazon API data is not used for unrelated sensitive-purpose processing.

12. Policy Updates and Contact

We may update this policy due to business or legal changes. Updates are published on this page with an effective date. Contact: support@hcytechsoft.com

13. Amazon PII Review Quick Checklist

  • We access Amazon data only within customer-granted SP-API authorization scope;
  • PII is used only for fulfillment, warehousing, after-sales support, and required service operations;
  • We do not sell Amazon data or use it for unrelated advertising/marketing;
  • We apply least-privilege access, audit logging, encrypted transport, and tenant isolation;
  • We support export/correction/deletion workflows and authorization withdrawal handling;
  • Security incidents are handled through formal response procedures with customer notification as required.