Data Protection
数据保护
How we protect Amazon seller data and SP-API credentials — our principles, controls, and commitments.
我们如何保护 Amazon 卖家数据和 SP-API 凭证——我们的原则、控制措施与承诺。
Core Principles
核心原则
These are the six principles that govern how we handle SP-API access tokens and all Amazon seller data.
以下六项原则规范了我们处理 SP-API 访问令牌和所有 Amazon 卖家数据的方式。
We request only the minimum SP-API roles necessary for declared features. Each seller authorizes access per store via Amazon's standard OAuth flow. The first version does not request buyer PII or any restricted data roles.
我们仅申请功能所声明所需的最低 SP-API 权限,每家店铺通过 Amazon 标准 OAuth 流程独立授权。第一版不申请买家个人身份信息(PII)或任何受限数据权限。
Refresh tokens are encrypted at rest. Access tokens are retained only for the duration of each request and are never written to disk. Tokens are never embedded in client-side code, logs, or URLs.
刷新令牌静态加密存储。访问令牌仅在每次请求期间保留,绝不写入磁盘。令牌不会出现在客户端代码、日志或 URL 中。
Data is isolated per seller — no user can access another store's data. Internal access is role-based and least-privilege. All administrative access is logged with user identity and timestamp.
数据按卖家隔离,任何用户均无法访问其他店铺数据。内部访问基于角色授权,遵循最小权限原则,所有管理员操作均记录用户身份和时间戳。
Data access events are logged with timestamp and reason, forming a full audit trail. Anomalous access patterns trigger alerts. We maintain a security incident response process to detect and address issues promptly.
数据访问事件均记录时间戳和原因,形成完整审计日志。异常访问模式会触发告警。我们建立了安全事件响应流程,以便及时发现并处理安全问题。
When a seller revokes authorization, refresh tokens are deleted in accordance with our Privacy Policy. Operational data is deleted or anonymized after its defined retention period. Sellers can request deletion at any time.
卖家撤销授权后,刷新令牌将按照我们的隐私政策予以删除。运营数据在留存期届满后删除或匿名化处理。卖家可随时申请删除其数据。
SP-API data is never sold, shared with third parties, or used for any purpose beyond the authorizing seller's own workspace. Seller data is not used for advertising, profiling, or monetization of any kind.
SP-API 数据绝不出售、不与第三方共享,也不用于授权卖家自身工作台之外的任何目的。卖家数据不用于广告投放、用户画像或任何形式的数据变现。
All seller authorization is performed through Amazon's standard OAuth consent flow. When a seller grants access, Amazon issues a short-lived authorization code that we immediately exchange for a refresh token. The authorization code is discarded once exchanged and never stored.
所有卖家授权均通过 Amazon 标准 OAuth 授权流程完成。卖家授权后,Amazon 会签发一个短效授权码,我们立即将其交换为刷新令牌,授权码在完成交换后立即丢弃,不予存储。
Refresh tokens are encrypted using AES-256 and stored per seller store in isolated records. When an API call must be made, we exchange the refresh token for a short-lived access token in memory. The access token is used for that request only and is never written to a log file, URL, or browser-side storage.
刷新令牌采用 AES-256 加密,按店铺隔离存储在独立记录中。每次 API 调用时,我们在内存中将刷新令牌换取短效访问令牌,该访问令牌仅用于当次请求,绝不写入日志文件、URL 或浏览器端存储。
Each seller's data is partitioned at the database level. Application logic enforces that authenticated users can only query data associated with their own authorized stores. Cross-tenant data leakage is prevented by design, not just policy.
每位卖家的数据在数据库层面进行分区隔离。应用逻辑确保已认证用户只能查询其自身已授权店铺的数据。跨租户数据泄露通过架构设计而非仅凭策略加以防范。
Sellers can revoke Mint Hub's access at any time from Amazon Seller Central under Apps & Services > Manage Your Apps. Upon receiving revocation notification from Amazon, we immediately stop all data access and delete the associated refresh token. No further SP-API calls are made for that store.
卖家可随时在 Amazon Seller Central 的"应用与服务 > 管理您的应用程序"中撤销 Mint Hub 的访问权限。收到 Amazon 的撤销通知后,我们立即停止所有数据访问并删除对应的刷新令牌,不再对该店铺发起任何 SP-API 调用。
If you discover a potential security issue, have a question about our data practices, or want to request a copy or deletion of your data, please contact us at security@mint-hub.com.
如果您发现潜在安全问题、对我们的数据处理方式有疑问,或希望申请查阅或删除您的数据,请发送邮件至 security@mint-hub.com 联系我们。
For general privacy questions, please review our Privacy Policy. For questions about SP-API authorization, see the SP-API page.