Data Protection & Security
Last Updated: June 2026
Limonene, a service operated by Zed Axis, integrates with the Amazon Selling Partner API (SP-API). We adhere to Amazon's Data Protection Policy (DPP), Acceptable Use Policy (AUP), and Solution Provider Agreement. This page publicly summarizes the security controls that govern how we receive, store, use, and dispose of Amazon-sourced data. It complements our Privacy Policy and Terms of Service.
1. Personally Identifiable Information (PII) & Data Retention
We do not retain buyer PII at rest. Buyer name and city are read from the SP-API only at the moment a tax invoice is rendered or an Amazon-approved review request is sent, and are discarded as soon as the request completes. No database collection in our system has a field capable of storing buyer name, address, email, or phone.
The only persistent Amazon-related identifiers we store are the seller's Amazon Seller ID, the seller's encrypted authorization token, and the seller's store name. If a seller revokes access or requests deletion, all Amazon-sourced data is permanently removed from live systems within 30 days and from backups within 90 days, using industry-standard sanitization (NIST SP 800-88). Non-PII analytics data is retained for no more than 18 months.
2. Encryption
All data in transit is encrypted using TLS 1.2 or higher. SP-API authorization tokens are encrypted at rest using AES-256-GCM with a per-token initialization vector. Encryption keys are stored outside the application code, are never logged, and are rotated at least annually.
3. Credential Management
No credentials are hardcoded in source code; all secrets are held in protected environment configuration with restrictive file permissions. Sellers authenticate exclusively through Amazon's Login with Amazon authorization flow — we never ask for, store, or accept a seller's Amazon password. API keys and the encryption key are rotated at minimum every 12 months.
4. Access Control & Network Protection
Production access is restricted to authorized personnel over key-based SSH with password authentication disabled. The database is bound to localhost and is not reachable from the public internet. A host firewall restricts inbound traffic to required ports only. Access on a need-to-know basis is reviewed quarterly.
5. Logging & Monitoring
Every action that writes to Amazon on a seller's behalf is recorded in an audit log — capturing the acting seller, action, target, outcome, and timestamp, with no buyer PII — and retained for at least 12 months. Logs are monitored for anomalies, and critical events trigger operator alerts.
6. Incident Response
We maintain a written incident response plan covering preparation, identification, containment, eradication, recovery, and lessons learned, reviewed every six months. In the event of a security incident affecting Amazon-sourced data, we notify [email protected] within 24 hours of detection, including incident type, scope, timeline, and remediation taken. A master kill switch can halt all background processing that communicates with Amazon within one cycle. Our Incident Management Point of Contact is the founder, reachable at [email protected].
7. Subprocessors
The only third parties involved in operating Limonene are DigitalOcean (hosting), Let's Encrypt (TLS certificates), and the Telegram Bot API (operator-configured seller alerts only). No other party receives Amazon-sourced data, and we do not sell, share, or aggregate seller data across accounts.
8. Reporting a Concern
To report a security concern or request details of our controls, contact [email protected]. We acknowledge reports within 48 hours.