Flip IQ Batch
Request beta access
Legal

Privacy Policy

Last updated · May 2026

Summary

Flip IQ Batch processes the supplier files you upload, plus a minimum set of Amazon Selling Partner data, to surface profitable products. We comply with Amazon's Data Protection Policy (DPP) and applicable regional regulations including GDPR (EU/UK), CCPA/CPRA (California) and LGPD (Brazil). We don't sell your data, don't share it with unrelated third parties, and don't train shared models on it. You can revoke access and delete your data at any time.

What we collect

  • Account data: name, work email, organization, billing details.
  • Supplier files you upload, including any product identifiers and cost data they contain.
  • Amazon Selling Partner data accessed via SP-API — see the next section for the exact scopes and purposes.
  • Usage telemetry: which features you use and how often, to improve the product.

Amazon Selling Partner data we access

  • Product Listings (read)To verify ASINs, confirm sellability, and detect restricted categories per marketplace.
  • Pricing (read)To pull Buy Box, FBA/MFN offer signals, and competition data per ASIN.
  • Inventory (read, optional)To flag products you already stock so you don't re-buy them. Only enabled if you opt in.
  • Catalog (read)To enrich rows with title, brand, category and dimensions.

What we don't collect

  • Buyer PII (names, shipping addresses, payment details).
  • Order-level data unless you explicitly enable an optional integration that requires it.
  • Browsing or storefront-scraping data — all Amazon data comes from the official SP-API.

How we protect it

  • In transit: TLS 1.2+ (TLS 1.3 by default) on every endpoint.
  • At rest: AES-256 encryption managed by AWS KMS with annual key rotation.
  • Refresh tokens and credentials stored in AWS Secrets Manager — never in code, never in repos.
  • MFA enforced on all internal accounts; account lockout after 10 failed attempts.
  • Monthly vulnerability scans; critical vulnerabilities resolved within 7 days, high within 30.
  • Centralized logging with 12-month retention and bi-weekly access review.

Where it lives

Customer data is stored in AWS regions matched to your primary marketplace (EU data in eu-west-1, US data in us-east-1). Backups are encrypted and geographically separated within the same region.

How long we keep it

  • Non-PII Amazon data (catalog, pricing, inventory, listings): retained up to 18 months maximum, in line with Amazon's Data Protection Policy. Older data is automatically purged.
  • Uploaded supplier files: retained for the lifetime of the job plus 30 days for re-export, unless you delete sooner.
  • Job results and exports: retained per your retention setting (7 / 30 / 90 / 365 days). Default is 90 days.
  • Account data: kept until you delete the account.
  • On OAuth revocation or account deletion: all customer data is purged within 30 days using NIST SP 800-88r1 methods.

Compliance with Amazon's Data Protection Policy

We are a registered Amazon Selling Partner Solution Provider and operate under the Solution Provider Agreement, the SP-API Acceptable Use Policy and the SP-API Data Protection Policy. We maintain an incident response plan reviewed every 6 months, a designated Incident Management Point of Contact (IMPOC) reachable at security@flipiqbatch.com, and we notify Amazon of security incidents within 24 hours as required by the DPP.

AI / ML use disclosure

Flip IQ Batch uses machine learning for opportunity scoring and explanation. Inference runs over your authorized data inside our infrastructure. We do NOT train shared or proprietary models on Amazon-sourced data, and Amazon Information is never used to develop or improve AI systems, in compliance with the November 2025 update to Amazon's Acceptable Use Policy.

Sub-processors

We rely on a small set of vendors to operate the service: Amazon Web Services (hosting, KMS, Secrets Manager), Stripe (billing), Resend (transactional email). All sub-processors are bound by data processing agreements and reviewed annually.

Your rights

You can request a full export or deletion of your data at any time by emailing privacy@flipiqbatch.com. We respond within 30 days, in accordance with GDPR, CCPA/CPRA and LGPD. You can revoke our access to your Amazon account at any time from Seller Central — see the Seller Authorization page for details.