Apollo by eBrands← Back to home
Privacy Policy

Apollo by eBrands — Privacy Policy

Last updated: May 2026

1. Who we are

Apollo is a software platform operated by eBrands Holdings Oy ("eBrands", "we", "us"). The Apollo Amazon Seller Central connector at oauth.ebrands.com is the authorization entry point that enables Apollo to access your Amazon Seller Central data through Amazon's Selling Partner API (SP-API).

2. What this policy covers

This policy describes how Apollo collects, processes, stores, retains, and deletes Amazon-derived data accessed via the SP-API under your authorization. It is designed to comply with Amazon's Acceptable Use Policy (AUP) and Data Protection Policy (DPP).

3. What data we access

Under your authorization, Apollo reads only the SP-API data needed to deliver the features you have signed up for:

  • Orders: order IDs, line items, quantities, status, marketplace, and fulfillment timestamps.
  • Inventory: FBA and seller-fulfilled stock levels per warehouse and per ASIN.
  • Financials & settlements: settlement reports, fees, refunds, reserves, and payout estimates.
  • Catalog & listings: ASINs, SKUs, titles, prices, and listing status.
  • Reports: standard SP-API reports required for the modules above.

Apollo accesses Personally Identifiable Information (PII) — such as buyer name and shipping address — only when strictly necessary for fulfillment-related features, and handles it under stricter rules described in section 6.

4. How we use the data

Amazon-derived data is used solely to:

  • Provide the operations dashboard, deferred order estimates, and inventory planning features.
  • Aggregate brand performance across the marketplaces you sell on, for your own use.
  • Support and troubleshoot your Apollo account when you contact us.

We do not, and will not:

  • Use Amazon data to market to Amazon customers or solicit reviews.
  • Aggregate or sell competitive insights across other sellers' data.
  • Share Amazon data with advertising networks or unrelated third parties.

5. Legal basis

Where the GDPR or equivalent regimes apply, our legal basis for processing Amazon-derived data is the contract between eBrands and the partner who authorized the connector, and our legitimate interest in operating and securing the Apollo platform. For PII contained in order data, the controller is the partner brand; eBrands acts as processor.

6. Encryption and security

  • In transit: All Amazon data is transmitted using TLS 1.2 or higher.
  • At rest: PII is encrypted at rest using AES-256. Non-PII Amazon data is stored on encrypted volumes.
  • Access control: Unique user IDs, mandatory multi-factor authentication, least-privilege role-based access, and quarterly access reviews. No shared accounts. Off-boarded staff lose access within 24 hours.
  • Logging: Access to systems handling Amazon data is logged and monitored. Vulnerability scanning runs continuously; an incident response plan is documented and tested.

7. Retention

  • PII (e.g. buyer name, shipping address): retained for no more than 30 days after order delivery, except where a longer period is required by tax, legal, or accounting obligations.
  • Non-PII Amazon data (orders, inventory, settlements, catalog): retained for up to 18 months from collection unless a longer period is required by law or to provide the service you have contracted for.

8. Deletion and data removal

On revocation of authorization in Seller Central, or on written request to apollo@ebrands.com, Apollo permanently and securely deletes Amazon data tied to your brand within 30 days, in line with NIST media-sanitization guidance. Backup copies are purged on their normal rotation schedule.

9. Sub-processors

Apollo runs on Amazon Web Services (AWS) infrastructure inside the European Union. We review sub-processors handling Amazon data at least annually and contractually require equivalent protections. The current list of sub-processors is available on request.

10. International transfers

Amazon data is processed inside the EEA. If a transfer outside the EEA becomes necessary, we use Standard Contractual Clauses or another lawful transfer mechanism.

11. Incident response

In the event of a confirmed data incident affecting Amazon data, eBrands will notify Amazon within 24 hours of confirmation and affected partners as required by applicable law and the SP-API Data Protection Policy.

12. Your rights

You can revoke Apollo's authorization at any time from Seller Central → Apps & Services → Manage Your Apps. To request access, correction, deletion, or export of your data, contact apollo@ebrands.com. We respond within 30 days.

13. Contact

eBrands Holdings Oy
Email: apollo@ebrands.com
Website: ebrands.com

14. Changes

We may update this policy as the Apollo platform evolves or as Amazon's policies change. Material changes will be communicated to active partners by email.