Data Protection & Security Policy数据保护与安全政策

The administrative, technical, and physical controls Miiyia uses to protect customer and Amazon data, aligned with the Amazon Data Protection Policy (DPP).Miiyia 用以保护客户数据与亚马逊数据的管理、技术与物理控制措施,与《Amazon 数据保护政策(DPP)》保持一致。

Effective date: June 16, 2026  ·  Last updated: June 16, 2026 生效日期:2026年6月16日  ·  最后更新:2026年6月16日

Dongguan Yinghai Technology Co., Ltd. (“Miiyia”) is committed to protecting all data we process, with particular care for information obtained through the Amazon Selling Partner API (SP-API) and the Amazon Advertising API. This Policy summarizes the safeguards we maintain. It is designed to be consistent with the principles of the Amazon Data Protection Policy (DPP) and the Amazon Acceptable Use Policy.

东莞市赢海科技有限公司(以下简称“Miiyia”)致力于保护我们处理的所有数据,并对通过 Amazon Selling Partner API(SP-API)与 Amazon Advertising API 获取的信息格外审慎。本政策概述了我们所采取的保障措施,旨在与《Amazon 数据保护政策(DPP)》及《Amazon 可接受使用政策》的原则保持一致。

Core commitment: Amazon Information is collected with authorization, used only to provide the Service to the authorizing seller, protected by encryption and strict access controls, retained no longer than necessary, and deleted on request or when no longer needed. We never sell, share, or repurpose it.

核心承诺:亚马逊信息在获得授权后收集,仅用于向授权卖家提供服务,通过加密与严格访问控制加以保护,保留期不超过必要时间,并在收到请求或不再需要时删除。我们绝不出售、共享或挪作他用。

1. Scope1. 适用范围

This Policy applies to all Miiyia systems, employees, and contractors that store, process, or transmit customer data, including any Amazon Information (as defined by the Amazon Data Protection Policy) and Personally Identifiable Information (PII).

本政策适用于所有存储、处理或传输客户数据的 Miiyia 系统、员工与承包方,包括任何亚马逊信息(依据《Amazon 数据保护政策》定义)与个人身份信息(PII)。

2. Governance & responsibility2. 治理与责任

  • A designated security owner is accountable for our information security program and this Policy.
  • 由指定的安全负责人对我们的信息安全计划及本政策负责。
  • Security policies are reviewed at least annually and after any material change or incident.
  • 安全政策至少每年审查一次,并在发生任何重大变更或事件后审查。
  • All staff receive security and data-handling training at onboarding and periodically thereafter.
  • 所有员工在入职时及之后定期接受安全与数据处理培训。

3. Encryption3. 加密

  • In transit: All data, including all Amazon Information, is encrypted in transit using TLS 1.2 or higher. Plaintext transmission of credentials or Amazon data is prohibited.
  • 传输中:所有数据(包括全部亚马逊信息)在传输过程中均使用 TLS 1.2 及以上版本加密。禁止以明文传输凭据或亚马逊数据。
  • At rest: Data is encrypted at rest using AES-256. Encryption keys are managed by a dedicated key-management service with restricted access and rotation.
  • 存储中:数据在存储时使用 AES-256 加密。加密密钥由专用密钥管理服务管理,访问受限并定期轮换。
  • Secrets: API credentials and tokens are stored in a secured secrets manager, never in source code or logs.
  • 密钥与凭据:API 凭据与令牌存储于受保护的密钥管理工具中,绝不写入源代码或日志。

4. Access control & least privilege4. 访问控制与最小权限

  • Access to Amazon Information and PII is granted on a strict need-to-know, least-privilege basis and is reviewed regularly.
  • 对亚马逊信息与 PII 的访问严格按照“按需知情、最小权限”原则授予,并定期审查。
  • Multi-factor authentication (MFA) is required for administrative and production system access.
  • 访问管理与生产系统须使用多因素认证(MFA)。
  • We request only the minimum SP-API and Advertising API scopes required for enabled features. Access is read-only by default.
  • 我们仅申请已启用功能所必需的最少 SP-API 与 Advertising API 权限范围;访问默认为只读。
  • Access is promptly revoked when an employee or contractor leaves or changes role.
  • 当员工或承包方离职或变更职责时,及时撤销其访问权限。

5. Network & application security5. 网络与应用安全

  • Production systems run in isolated, firewalled environments with restricted inbound access.
  • 生产系统运行于隔离、设有防火墙的环境中,入站访问受到限制。
  • We follow secure development practices, including code review, dependency scanning, and protection against common vulnerabilities (e.g., the OWASP Top 10).
  • 我们遵循安全开发实践,包括代码审查、依赖扫描,以及对常见漏洞(如 OWASP Top 10)的防护。
  • Systems are patched on a regular cadence, and security testing is performed periodically.
  • 系统按固定周期打补丁,并定期开展安全测试。

6. Logging & monitoring6. 日志与监控

  • Access to Amazon Information is logged. Logs are protected, retained for an appropriate period, and monitored for anomalous activity.
  • 对亚马逊信息的访问均记录日志。日志受到保护、保留适当期限,并对异常活动进行监控。
  • Alerts notify our team of suspicious access patterns or potential security events.
  • 告警机制会就可疑访问模式或潜在安全事件通知我们的团队。
  • We do not store Amazon Information in application logs.
  • 我们不会将亚马逊信息存储于应用日志中。

7. Data minimization, retention & deletion7. 数据最小化、保留与删除

  • Minimization: We collect and retain only the data necessary to provide enabled features.
  • 最小化:我们仅收集与保留提供已启用功能所必需的数据。
  • PII retention: PII derived from Amazon order data is deleted within 30 days of the relevant order processing, unless a longer period is required by law or by Amazon’s applicable policies.
  • PII 保留:源自亚马逊订单数据的 PII 在相关订单处理后 30 天内删除,除非法律或亚马逊适用政策要求更长期限。
  • Deletion on revocation: When you revoke authorization or close your account, associated Amazon data is deleted or anonymized within a commercially reasonable period (generally within 90 days).
  • 撤权即删除:当你撤销授权或关闭账户时,相关亚马逊数据将在商业上合理的期限内(通常为 90 天内)删除或匿名化。
  • On request: You may request export or deletion of your data at any time via support@miiyia.com.
  • 按请求处理:你可随时通过 support@miiyia.com 请求导出或删除你的数据。
  • Secure disposal: Decommissioned media and backups are securely erased or destroyed.
  • 安全销毁:退役的存储介质与备份将被安全擦除或销毁。

8. Backups & resilience8. 备份与韧性

  • Backups are encrypted and access-controlled. We maintain business-continuity and disaster-recovery procedures to restore service after a disruption.
  • 备份均加密并受访问控制。我们制定业务连续性与灾难恢复流程,以在中断后恢复服务。
  • Encrypted backups are retained for no longer than 90 days and are then securely deleted; when we delete or anonymize your data, that change propagates to backups within this window.
  • 加密备份的保留期不超过 90 天,到期后安全删除;当我们删除或匿名化你的数据时,该变更将在此期限内同步至备份。

9. Subprocessors, data location & cross-border transfers9. 子处理方、数据存储位置与跨境传输

We use a limited set of reputable infrastructure and service providers to operate the Service. Each subprocessor is vetted for security, bound by a written data-processing agreement to confidentiality and equivalent data-protection obligations, permitted to process data only on our documented instructions and only as needed to support the Service, and never permitted to use Amazon Information for its own purposes.

我们使用少量信誉良好的基础设施与服务提供商来运营本服务。每一家子处理方均经过安全审核,并通过书面数据处理协议承担保密及同等的数据保护义务,仅可按我们成文的指示、且仅在支持本服务所需的范围内处理数据,绝不得将亚马逊信息用于其自身目的。

Category类别 Purpose用途 Amazon Information?是否处理亚马逊信息 Location & safeguard位置与保障
Cloud hosting & infrastructure云托管与基础设施 Run the Service; store account and Amazon data运行服务;存储账户与亚马逊数据 Yes Stored in the region provisioned for your account; encrypted at rest (AES-256); backups kept in the same region存储于为你的账户预置的区域;静态加密(AES-256);备份保存于同一区域
Payment processing支付处理 Process subscription billing处理订阅扣费 No Card data handled by the processor; we do not store full card numbers卡片数据由支付处理商处理;我们不存储完整卡号
Transactional email事务性邮件 Send alerts and account notifications发送预警与账户通知 No (account email only)否(仅账户邮箱) Content limited to the notification; no Amazon Information transferred内容仅限通知本身;不传输亚马逊信息

Data location. Amazon Information is stored in the cloud region provisioned for your account and is accessible only to authorized Miiyia personnel and systems on a need-to-know basis, with access logged. The specific hosting provider and storage region are documented in our subprocessor list, available on request at support@miiyia.com.

数据存储位置。亚马逊信息存储于为你的账户预置的云区域,且仅授权的 Miiyia 人员与系统可在“按需知情”原则下访问,访问均记录日志。具体的托管商与存储区域记载于我们的子处理方清单,可通过 support@miiyia.com 索取。

Cross-border transfers. Where providing the Service requires transferring personal information across borders, we apply the safeguards required by applicable law — for example, the standard contract for outbound transfer of personal information under the PRC PIPL, or Standard Contractual Clauses — and we transfer only the minimum data necessary.

跨境传输。当提供本服务需要跨境传输个人信息时,我们会采用适用法律要求的保障措施——例如依据中国 PIPL 的个人信息出境标准合同,或标准合同条款——并仅传输必要的最少数据。

10. Incident response & breach notification10. 事件响应与泄露通知

  • We maintain a documented incident-response plan covering detection, containment, eradication, recovery, and post-incident review.
  • 我们制定成文的事件响应计划,涵盖检测、遏制、清除、恢复与事后复盘。
  • In the event of a confirmed data breach involving Amazon Information, we will investigate promptly and notify Amazon and affected parties as required by Amazon’s policies and applicable law — within 72 hours of becoming aware where required.
  • 若发生涉及亚马逊信息的已确认数据泄露,我们将迅速调查,并依据亚马逊政策与适用法律通知亚马逊及受影响方——在法律要求时,于知悉后 72 小时内通知。
  • Suspected security issues can be reported to support@miiyia.com.
  • 如发现可疑安全问题,可发送邮件至 support@miiyia.com 报告。

11. Acceptable use of Amazon data11. 亚马逊数据的可接受使用

Consistent with the Amazon Acceptable Use Policy, Amazon Information is used solely to provide the Service to the authorizing seller. We do not sell, lease, share, or transfer Amazon Information to third parties for their own use; we do not combine PII across sellers; and we do not use Amazon data to compete unfairly. See our Acceptable Use Policy for details.

依据《Amazon 可接受使用政策》,亚马逊信息仅用于向授权卖家提供服务。我们不向第三方出售、出租、共享或转让亚马逊信息供其自用;不跨卖家合并 PII;也不利用亚马逊数据进行不正当竞争。详见我们的《可接受使用政策》

12. Your controls12. 你的控制权

  • Authorize and revoke Amazon access at any time from Amazon Seller Central (Apps & Services → Manage Your Apps).
  • 随时在亚马逊卖家平台(应用与服务 → 管理你的应用)授权与撤销亚马逊访问。
  • Request a copy of, or deletion of, your data via support@miiyia.com.
  • 通过 support@miiyia.com 请求获取你数据的副本或删除你的数据。

13. Contact13. 联系方式

Security, data-protection, or privacy questions: support@miiyia.com · Dongguan Yinghai Technology Co., Ltd., Room 1111, Building 1, No. 2 Keji 4th Road, Songshan Lake Park, Dongguan, Guangdong, China.

安全、数据保护或隐私问题:support@miiyia.com · 东莞市赢海科技有限公司,中国广东省东莞市松山湖园区科技四路2号1栋1111室。