Privacy Policy
Effective date:
BeeWerkz LLC ("BeeWerkz", "we", "our", or "us") respects the privacy of every organization we work with. This policy describes what information we access and process on behalf of our clients, how we protect it, who we share it with, and how long we retain it.
1. Who this policy applies to
This policy applies to the operators and authorized users of organizations who have entered into a written services agreement with BeeWerkz LLC and have authorized our software to access data from their Amazon Seller Central and Amazon Advertising accounts. It also applies to anyone who contacts us through this website.
2. What information we access
For each client engagement, we access the minimum data required to compute and report on advertising efficiency on Amazon. Specifically:
From the Amazon Selling Partner API (SP-API)
- Aggregate daily ordered product sales totals, retrieved via the Sales and Traffic report at daily granularity.
- Active marketplace participation, retrieved once per day to scope report requests to the correct marketplaces.
From the Amazon Advertising API
- Daily campaign spend for Sponsored Products, Sponsored Brands, and Sponsored Display, grouped by campaign.
What we do not access
- We do not request, process, or store any personally identifiable information about Amazon buyers. This includes buyer names, shipping addresses, email addresses, and phone numbers.
- We do not request the Buyer Communication, Buyer Solicitation, or Amazon Fulfillment roles within the Selling Partner API.
- We do not call any Orders API endpoints that return order-level or buyer-level detail.
3. How we obtain access
Each client authorizes BeeWerkz independently from their own Seller Central and Amazon Advertising accounts using the standard OAuth authorization flow operated by Amazon. We never receive, ask for, or store a client's Amazon password. Authorization can be revoked by the client at any time directly within their Seller Central or Amazon Advertising account.
4. How we use the information
Information we access is used exclusively to produce reports delivered back to the authorizing client. Typical outputs include:
- Total Advertising Cost of Sales (TACOS) by date and marketplace.
- Advertising spend broken out by ad product.
- Trend analyses comparing periods of ad activity to ordered sales.
We do not use client data to train machine-learning models, to benchmark one client against another, or for any purpose outside the engagement under which the data was authorized.
5. How we store and protect the information
- Tenant isolation. Each client's data is stored with row-level isolation that prevents cross-client access.
- Encryption at rest. All Amazon refresh tokens and client data are encrypted at rest using AES-256. Encryption keys are held in a managed secrets store and rotated on a defined schedule.
- Encryption in transit. All communication with Amazon APIs and all internal service-to-service communication uses TLS 1.2 or higher.
- Access controls. Only authenticated BeeWerkz personnel with a documented business need can read decrypted client data. Access is logged and reviewed.
- Password and authentication standards. All accounts that can access client data require strong passwords and multi-factor authentication, with annual credential rotation.
- Incident response. BeeWerkz maintains a written incident response plan with defined roles, scheduled six-month reviews, and procedures requiring notification to affected clients within 24 hours of detection. Incidents involving information obtained from Amazon APIs are additionally reported to security@amazon.com within 24 hours of detection.
6. Subprocessors
BeeWerkz uses a small number of well-known infrastructure providers to operate the service. These providers act as subprocessors under written Data Processing Agreements and process information solely to deliver their infrastructure services to us. They do not have any independent right to use client data.
Current subprocessors:
- Netlify, Inc. — static website hosting and content delivery for beewerkz.com. Netlify does not have access to client API data; it serves only the public marketing pages of this website.
- Microsoft Corporation — business email and authoritative DNS for the beewerkz.com domain. No client API data is transmitted through email.
We will update this section before adding any new subprocessor that handles client data. Material changes are communicated to affected clients with at least 30 days advance notice when practical.
7. Data sharing
BeeWerkz does not sell, rent, or share client data with any third party for any commercial, analytic, or marketing purpose. Reports are visible only to: (a) the authorizing client and the individuals that client has designated as authorized recipients, and (b) authorized BeeWerkz personnel acting under a signed services agreement with that client.
8. Retention and deletion
Aggregate daily TACOS rows are retained for the duration of the client engagement plus twenty-four (24) months for trend reporting, unless the client requests earlier deletion. Raw report payloads retrieved from Amazon APIs are discarded immediately after being parsed into the aggregate.
When a client engagement is terminated, BeeWerkz will revoke the client's refresh tokens with Amazon, delete the client's records from production storage, and confirm deletion in writing within thirty (30) days. Backups containing the deleted records are rotated out of retention within ninety (90) days.
9. Client rights
Authorized client representatives may at any time:
- Request a copy of the data BeeWerkz holds about the client.
- Request correction of inaccurate or outdated records.
- Request deletion of client data and termination of the engagement.
- Revoke BeeWerkz's authorization directly from Seller Central or Amazon Advertising at any time, without contacting us.
Requests should be sent to admin@beewerkz.com. We respond within 30 days.
10. Cookies and website analytics
This website (beewerkz.com) does not set tracking cookies and does not use third-party analytics. Standard server logs may be retained for a short period for security and operational purposes.
11. Changes to this policy
We may revise this policy from time to time. Material changes will be announced to active clients by email at the contact address on file at least 30 days before taking effect, where practical. The effective date at the top of this page indicates the most recent revision.
12. Contact
Privacy questions, security inquiries, and data subject requests: admin@beewerkz.com.
BeeWerkz LLC
United States