Ensologic Logo

Data Protection Policy

Our commitment to safeguarding seller data with industry-leading security measures

1. Introduction

Ensologic Commerce Pvt Ltd ("Ensologic", "we", "us", or "our") is committed to protecting the confidentiality, integrity, and availability of all data entrusted to us by our clients and partners. This Data Protection Policy outlines the measures we implement to protect seller data accessed through Amazon's Seller Partner Network (SPN) APIs.

This policy applies to all employees, contractors, and third-party service providers who have access to seller data in the course of providing services on behalf of Ensologic.

2. Data Classification

We classify data based on its sensitivity level to ensure appropriate protection measures are applied:

Highly Sensitive

  • Customer Personal Identifiable Information (PII)
  • Financial account details
  • Authentication credentials
  • API tokens and secrets

Sensitive

  • Order and transaction data
  • Sales and revenue reports
  • Inventory information
  • Business analytics

Standard

  • Product catalog information
  • Public listing data
  • General business information
  • Marketing content

3. Technical Security Measures

3.1 Encryption

  • Data in Transit: All data transmitted between our systems and Amazon's APIs is encrypted using TLS 1.2 or higher.
  • Data at Rest: Stored data is encrypted using AES-256 encryption standards.
  • Key Management: Encryption keys are managed through secure key management systems with regular rotation.

3.2 Access Controls

  • Role-Based Access Control (RBAC): Access to seller data is restricted based on job function and necessity.
  • Multi-Factor Authentication (MFA): All systems containing seller data require MFA for access.
  • Principle of Least Privilege: Users are granted minimum necessary permissions to perform their duties.
  • Regular Access Reviews: User access rights are reviewed quarterly and revoked when no longer needed.

3.3 Network Security

  • Firewalls and intrusion detection/prevention systems (IDS/IPS)
  • Network segmentation to isolate sensitive data
  • Regular vulnerability assessments and penetration testing
  • Secure VPN connections for remote access

4. Administrative Controls

4.1 Employee Training

All employees with access to seller data receive:

  • Security awareness training upon hiring and annually thereafter
  • Specific training on Amazon SPN data handling requirements
  • Phishing awareness and social engineering prevention training
  • Incident response procedures training

4.2 Background Checks

All employees with access to sensitive data undergo appropriate background verification before being granted access.

4.3 Confidentiality Agreements

All employees and contractors sign non-disclosure agreements (NDAs) and confidentiality clauses as part of their employment/engagement terms.

4.4 Security Policies

  • Clear desk and clear screen policies
  • Acceptable use policies for company systems
  • Mobile device and BYOD security policies
  • Password policies requiring strong, unique passwords

5. Physical Security

Our physical security measures include:

  • Secure access controls for office premises
  • CCTV surveillance of critical areas
  • Visitor management and escort policies
  • Secure disposal of physical media containing sensitive data
  • Environmental controls for server rooms (if applicable)

6. Incident Response

6.1 Incident Detection

We maintain systems for:

  • 24/7 monitoring of security events
  • Automated alerts for suspicious activities
  • Regular log analysis and anomaly detection

6.2 Response Procedures

In the event of a security incident involving seller data:

  1. Identification: Confirm and assess the scope of the incident
  2. Containment: Isolate affected systems to prevent further damage
  3. Notification: Notify affected parties, Amazon, and relevant authorities as required
  4. Eradication: Remove the cause of the incident
  5. Recovery: Restore systems to normal operation
  6. Post-Incident Review: Analyze the incident and implement improvements

6.3 Breach Notification

In the event of a data breach involving seller data:

  • Amazon will be notified within 24 hours of discovery
  • Affected sellers will be notified as required by applicable laws
  • Regulatory authorities will be notified as required

7. Third-Party Management

When engaging third-party service providers who may access seller data:

  • Conduct security assessments before engagement
  • Require contractual data protection obligations
  • Limit data sharing to necessary minimum
  • Conduct regular reviews of third-party security practices
  • Ensure compliance with Amazon's data protection requirements

8. Compliance & Auditing

8.1 Regulatory Compliance

We comply with:

  • Amazon Seller Partner Network Data Protection Policy
  • Information Technology Act, 2000 (India)
  • IT (Reasonable Security Practices and Procedures) Rules, 2011
  • Applicable data protection regulations in jurisdictions where we operate

8.2 Auditing

  • Regular internal security audits
  • Periodic external security assessments
  • Audit trail maintenance for all access to sensitive data
  • Cooperation with Amazon's audit requests

9. Policy Review & Updates

This Data Protection Policy is reviewed annually and updated as necessary to reflect:

  • Changes in our business operations
  • Updates to Amazon's SPN requirements
  • Changes in applicable laws and regulations
  • Lessons learned from security incidents
  • Advances in security technology and best practices

Contact Information

For questions about this Data Protection Policy or to report a security concern:

Data Protection Officer: privacy@ensologic.com
Security Team: security@ensologic.com
General Inquiries: info@ensologic.com

Last Updated: January 2026