Last updated: 14 April 2026
Company: Gizmo Bing LLC
Contact: security@gizmobing.com

Data Scope

Gizmo Bing applications request and process only the minimum Amazon SP-API permissions and data required for order processing, packing, shipment, fulfillment operations, delivery tracking, and related support. Personally identifiable information (PII) is masked on screens and in workflows where full visibility is not required.

Transport and Storage Security

All Amazon SP-API and related web traffic is protected using TLS 1.2 or higher. Amazon data is encrypted at rest using AES-256 for databases, storage, and backups. Encryption keys are securely managed through Azure Key Vault with restricted access controls.

Hosting and Data Residency

Primary processing and storage are hosted on Microsoft Azure in U.S. regions, including US East 2 (Virginia) and Central US. Geo-redundant replication is used to support availability and disaster recovery.

Access Controls

Access to Amazon information is restricted through role-based, least-privilege controls. Each employee is assigned a unique user account. Shared accounts are not permitted. MFA is required for administrators and developers. Access is granted only on a need-to-know basis and is reviewed periodically. Administrative access is restricted to designated personnel and revoked immediately upon role change or termination.

Endpoint and Device Restrictions

Amazon information is accessible only through secured backend systems and authorized administrative environments. Unauthorized copying of Amazon information to personal devices, removable media, USB storage, or unapproved endpoints is prohibited. Access attempts and abnormal activity are logged and reviewed.

Logging and Monitoring

Centralized logging and monitoring are implemented through Azure Monitor and Log Analytics. Logs are access-controlled and monitored for suspicious activity, including failed login attempts, unauthorized access attempts, privilege changes, unusual API behavior, and abnormal PII access patterns. PII is masked, hashed, or redacted in logs wherever possible.

Retention, Backup, and Deletion

Amazon PII is retained only for operational support and legal or statutory requirements. Unless law requires a longer period, Amazon PII is automatically purged or anonymized after 12 months. Encrypted backups are maintained using Azure backup and lifecycle controls and stored with geographic separation from the primary environment. Restore procedures are tested quarterly as part of disaster recovery readiness. Estimated Recovery Time Objective (RTO) is 24 hours and Recovery Point Objective (RPO) is up to 24 hours.

Testing and Non-Production Use

Production Amazon PII is not used in test environments unless strictly required for troubleshooting. Where possible, masked, anonymized, or synthetic data is used. Any temporary access to production data for support or troubleshooting is restricted, approved, logged, time-bound, and removed immediately after use.

Credential and Secret Protection

Credentials and secrets are never hard-coded in source code or shared through email or messaging tools. Sensitive credentials are stored in secure, access-controlled configuration systems and are available only to authorized services and personnel. Credential access is logged and reviewed periodically. Credentials are rotated when required, and suspected or compromised credentials are revoked immediately.

Password Management

Passwords for systems handling Amazon information must be at least 12 characters long and include uppercase letters, lowercase letters, numbers, and special characters. Passwords must not contain any part of the user’s name. A minimum password age of 1 day and a maximum expiration period of 365 days are enforced. Shared credentials are prohibited, and repeated failed login attempts result in account lockout. MFA is required where applicable.

Vulnerability Management

Security findings from vulnerability scans, dependency checks, code reviews, and penetration testing are tracked with assigned owners and remediation timelines. Vulnerabilities are prioritized by severity, verified after remediation, and escalated until closure. Critical issues are targeted for remediation within 7 days, High within 30 days, and Medium within 60 days.

Incident Response

We maintain documented incident response procedures covering detection, containment, investigation, remediation, recovery, and notification. Security incidents involving Amazon data are handled in accordance with applicable U.S. data breach laws and Amazon SP-API requirements. If Amazon data is involved in a confirmed security incident, Amazon is notified in accordance with applicable policy requirements.

Third-Party Services

Only Microsoft Azure platform services are used for the processing, storage, monitoring, and protection of Amazon SP-API data.

Incident Management Point of Contact (IMPOC)

Name: Jaswant Singh
Email: security@gizmobing.com