Data Retention Policy
How long we retain seller data and our secure data deletion procedures
1. Introduction
This Data Retention Policy outlines how Ensologic Commerce Pvt Ltd ("Ensologic") manages the retention and deletion of seller data accessed through Amazon's Seller Partner Network (SPN) APIs. We are committed to retaining data only for as long as necessary to fulfill our service obligations and comply with legal requirements.
This policy ensures that we:
- Retain data only for legitimate business and legal purposes
- Securely delete data when no longer needed
- Comply with Amazon's data protection requirements
- Meet applicable regulatory requirements
2. Data Retention Periods
Different types of data are retained for different periods based on business needs and legal requirements:
| Data Category | Retention Period | Justification |
|---|---|---|
| Order Data | Duration of service + 90 days | Service fulfillment, dispute resolution |
| Customer PII | Minimum necessary; deleted within 30 days of order completion | Order processing only |
| Inventory Data | Duration of active service | Real-time inventory management |
| Sales Analytics | Duration of service + 1 year | Historical reporting, trend analysis |
| Advertising Data | Duration of service + 6 months | Campaign optimization, performance review |
| Financial Reports | 7 years | Legal/regulatory compliance (Indian tax laws) |
| Catalog Data | Duration of active service | Product listing management |
| Audit Logs | 3 years | Security auditing, compliance |
| API Access Logs | 1 year | Security monitoring, debugging |
3. Data Retention Principles
Purpose Limitation
Data is retained only for the specific purposes for which it was collected and as long as necessary to fulfill those purposes.
Data Minimization
We avoid collecting or retaining more data than necessary. When full datasets are not required, we use aggregated or anonymized data.
Legal Compliance
Where legal or regulatory requirements mandate longer retention periods, we comply while maintaining appropriate security measures.
Regular Review
Retention periods and stored data are reviewed regularly to ensure compliance with this policy and identify data eligible for deletion.
4. Data Handling Upon Service Termination
When a client terminates their service agreement with Ensologic, the following process is followed:
Service Termination
Client notifies Ensologic of service termination. Active API access is revoked.
Data Export (Optional)
Upon request, client can receive an export of their data in standard formats.
Operational Data Deletion
Active operational data (inventory, catalog, order processing data) is permanently deleted.
Analytics Data Deletion
Historical analytics and reporting data is deleted unless longer retention is legally required.
Legal Hold Data
Data required for legal, tax, or regulatory compliance is retained for the mandated period.
5. Data Deletion Procedures
5.1 Secure Deletion Methods
When data reaches the end of its retention period, it is deleted using secure methods:
- Digital Data: Secure deletion using industry-standard methods that render data unrecoverable
- Database Records: Permanent deletion from all database instances, including backups (within backup rotation period)
- Physical Media: Secure destruction using certified data destruction services
- Cloud Storage: Cryptographic erasure and secure deletion from cloud storage systems
5.2 Deletion Verification
All data deletion activities are:
- Logged for audit purposes
- Verified by a secondary reviewer
- Documented with deletion certificates when required
5.3 Backup Data
Backup systems are configured to:
- Automatically expire backup data according to retention schedules
- Ensure deleted data is removed from backups within the backup rotation cycle (typically 30-90 days)
- Maintain encrypted backups with controlled access
6. Seller Rights Regarding Data Retention
6.1 Right to Request Data Deletion
Sellers may request early deletion of their data, subject to:
- Completion of any outstanding service obligations
- Legal and regulatory retention requirements
- Contractual obligations
6.2 Right to Information
Sellers can request information about:
- What data we hold about them
- How long specific data will be retained
- The purposes for which data is being retained
6.3 Deletion Request Process
To request data deletion:
- Submit a written request to privacy@ensologic.com
- Include your business name and account details
- Specify the data you want deleted
- We will respond within 30 days with confirmation or explanation of any limitations
7. Exceptions to Standard Retention
Data may be retained longer than the standard period in the following circumstances:
Legal Hold
When data is subject to legal proceedings, investigations, or anticipated litigation, it will be preserved until the hold is released.
Regulatory Requirements
Where regulations require longer retention (e.g., tax records, financial audits), data will be retained for the required period.
Contractual Obligations
If service agreements specify different retention periods, the contractual terms will apply.
Dispute Resolution
Data relevant to ongoing disputes will be retained until the matter is resolved.
8. Compliance & Auditing
8.1 Internal Compliance
- Regular audits of data retention practices
- Automated monitoring of retention periods
- Employee training on data retention requirements
8.2 Amazon Compliance
- Full compliance with Amazon SPN data retention requirements
- Cooperation with Amazon's audit requests
- Immediate notification to Amazon of any data breaches
8.3 Documentation
- Maintenance of data retention schedules
- Records of deletion activities
- Audit trails for data access and modifications
9. Policy Review & Updates
This Data Retention Policy is reviewed annually and updated as necessary to reflect:
- Changes in Amazon's SPN requirements
- Updates to applicable laws and regulations
- Changes in our service offerings
- Technological advancements in data management
- Feedback from audits and assessments
Contact Information
For questions about data retention or to submit a deletion request:
Last Updated: January 2026