This Privacy Policy explains how [LEGAL ENTITY NAME] ("Scalavio", "we", "us", or "our"), a company registered in Vietnam, collects, uses, stores, protects, and deletes information when you use the Scalavio profit-and-PPC analytics service for Amazon sellers (the "Service").
By connecting your Amazon account and using the Service, you agree to the practices described here.
1. Who we are
Scalavio is operated by [LEGAL ENTITY NAME], [BUSINESS ADDRESS], Vietnam. For any privacy or data-protection question or request, contact us at support@scalavio.com.
We are an independent software provider. Scalavio is not affiliated with, sponsored by, or endorsed by Amazon. The Service is built on Amazon's Selling Partner API (SP-API) and Amazon Ads API; "Amazon", "FBA", and related marks are trademarks of Amazon.com, Inc. or its affiliates.
2. The data we collect
2.1 Account & authentication data
When you sign up and connect your Amazon account, we collect:
- Your name and email address, and the credentials needed to manage your Scalavio account.
- OAuth authorization tokens issued by Amazon (via Login with Amazon) so the Service can call Amazon's APIs on your behalf. We store these tokens securely and never see or store your Amazon password.
2.2 Amazon seller data accessed via SP-API (read-only, non-PII)
With your authorization, we read — on a read-only basis — the following from Amazon's SP-API, scoped to non-restricted roles only (Finance and Accounting + Inventory and Order Tracking):
- Finances data — revenue, Amazon fees (referral, FBA, etc.), refunds, and settlement adjustments.
- Orders data — order amounts, SKUs, quantities, and order status.
We do not collect buyer personal information (PII). We never request Amazon's restricted roles, and we do not access buyer names, addresses, emails, or any other buyer PII. The data we read is the aggregate money-and-units information needed to calculate your profit.
2.3 Amazon Advertising data accessed via the Ads API
If you separately authorize the Amazon Ads API, we access your advertising data — campaign, ad group, keyword / search-term, spend, and performance metrics — to power PPC analytics and recommendations.
2.4 Data you provide
Cost figures you enter yourself (e.g. cost of goods sold, COGS) so the Service can compute true net profit.
2.5 Basic usage & technical data
Standard log and device data (e.g. IP address, browser type, pages used) to operate, secure, and improve the Service. The marketing website is fully static and does not use advertising trackers.
3. How we use your data
We use the data only to provide the Service to you, the authorizing seller, for your own benefit — namely to:
- Calculate your real net profit after Amazon fees, refunds, ad spend, and COGS.
- Show PPC performance and suggest advertising actions (see §4).
- Operate, secure, support, and improve the Service.
We do not use your Amazon seller data or advertising data for our own marketing, for advertising to others, to train machine-learning / AI models, or for any purpose unrelated to providing the Service to you. This is a lawful, limited purpose consistent with Amazon's Data Protection Policy and Ads API Data Protection Policy.
4. Advertising actions (write actions)
Reading your finance and order data via SP-API is read-only — Scalavio cannot change your listings, inventory, or money through SP-API.
Advertising actions such as negating a keyword, adding a keyword, or adjusting a bid are writes to your Amazon Ads account, performed through the Amazon Ads API. They are available only after you have completed the separate Amazon Ads API authorization, and each action runs only when you explicitly approve it. We do not automatically change your campaigns without your approval.
5. No sale and no sharing of your Amazon data
We never sell your data, and we never share your Amazon seller or advertising data with third parties — except with the limited sub-processors listed in §6 that are necessary to run the Service, or where we are legally required to do so by valid law. Your Amazon data is not shared with other sellers and is not pooled or resold in any form.
6. Sub-processors and third parties
We use a small number of service providers ("sub-processors") to run the Service. They process data only on our instructions and under confidentiality and data-protection obligations:
| Sub-processor | Purpose | Data involved |
|---|---|---|
| Cloudflare | Hosting of the public website (and CDN / security) | Website visitor technical data |
| [CLOUD HOSTING PROVIDER] | Hosting of the application and database | Account data + your read-only Amazon finance/order and advertising data |
| Amazon (SP-API / Ads API, Login with Amazon) | Source of your seller and advertising data, and authentication | The data you authorize us to read |
We will keep this list current. If we add or change a sub-processor that handles your Amazon data, we will update this policy.
7. How we protect your data
- Encryption in transit and at rest — all data is transmitted over HTTPS/TLS and stored encrypted at rest.
- Access control — only authorized personnel can access systems holding seller data, on a least-privilege basis; Amazon OAuth tokens and other secrets are stored in protected secret storage, not in source code.
- Network protection — the application runs behind standard network protections, and access to production systems is restricted.
(These controls are consistent with our Amazon security-control questionnaire answers.)
8. Data retention and deletion
- We retain your account data and the Amazon data we read for as long as your account is active and you keep the Amazon authorization connected, so the Service can show your historical profit and PPC trends.
- You can revoke the Service's access at any time — either from within Scalavio or directly from your Amazon account (Seller Central → Apps & Services / Manage Your Apps, and from the Amazon Ads console for advertising access).
- You can request deletion of your Amazon data and your account at any time by emailing support@scalavio.com. When you revoke access or request deletion, we delete the Amazon seller and advertising data we hold for you within 30 days, including from routine backups on their normal expiry cycle. We may retain minimal records where required by law (e.g. tax or accounting records), kept only as long as legally necessary.
9. Your rights
Subject to applicable law, you may request to access, correct, or delete your personal data, or to revoke your authorization. To exercise any of these, contact support@scalavio.com. We aim to respond within a reasonable time and within any period required by law.
10. International transfers
We operate from Vietnam and use sub-processors that may store and process data in other countries. Where data is transferred across borders, we take reasonable steps to ensure it remains protected consistent with this policy.
11. Children
The Service is a business tool for Amazon sellers and is not directed to children. We do not knowingly collect data from anyone under 18.
12. Changes to this policy
We may update this Privacy Policy as the Service evolves. We will revise the "Last updated" date above and, for material changes affecting how we handle your Amazon data, take reasonable steps to notify you.
13. Contact
[BUSINESS ADDRESS], Vietnam
Support, privacy & data requests: support@scalavio.com