Privacy Policy: 

Effective date

Welcome to THEBRANDSPUR LLC (“we,” “our,” “us”) website. Your privacy is important to us, and we are committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard your information when you visit our website https://thebrandspur.com/, use or request our chain management services and The Brand Spur Reporting Suite. 

This policy explains what data we access, how we use it, how we protect it, and the choices you have.

• We never request or store Amazon order-level customer PII (names, addresses, payment data) and we never access Gmail, Drive, Contacts, Calendar, or any Google service other than Sheets
• Our legal basis for processing data is contractual necessity when providing services to Amazon sellers, and legitimate interests for internal operational automation; all access to data is strictly governed by OAuth-based user consent.

Amazon SP-API Privacy:

Data Ownership: All Amazon Seller Central data accessed via our app remains the sole property of the Amazon Seller (the user). We do not claim ownership of any data retrieved via the SP-API. Users maintain complete control over their data and can revoke our access at any time.

1. Data Collection

Data We Collect:

We only collect the following types of data from your Amazon Seller Central account:

• Sales data
• Inventory data
• Order data
• Financial reports
• Advertising performance data (if you authorize us)

   

Data We Do NOT Collect:

We do not collect or permanently store:

• Personally Identifiable Information (PII) such as customer names, addresses, phone numbers, or payment details.
• Sensitive customer information from your Amazon orders.

   

Data Authorization:

• We only process data that you explicitly authorize via Amazon’s secure OAuth2 workflow.
• All API authorizations can be revoked at any time directly from your Amazon Seller Central account. (Revoke Access: Seller Central › Apps & Services › Manage Your Apps)

   

2. Data Storage and Retention

Temporary Data Storage:

We store data temporarily for backup and recovery purposes in the event of API request failures or service interruptions. This ensures we can retrieve and display the most recent data to the user if the API fails to deliver the requested information.

We do not retain temporarily stored data for analytics, internal analysis, long-term backups, or any processing beyond immediate user recovery.

All temporarily stored backup data is automatically deleted within 30 days or upon resolution of the API failure, whichever comes first.

Persistent Data:

• We do not persistently store sensitive Amazon Seller Central data.  
• We do not collect or store Personally Identifiable Information (PII).  
• Any non-sensitive operational data (such as sales summaries) is only cached temporarily for backup purposes and is automatically deleted within 30 days or upon API recovery.

Data Encryption and Secure Transmission:

• All Amazon Information is encrypted in transit using HTTP over TLS (HTTPS).
• Encryption in transit is strictly enforced across all internal and external endpoints.
• We apply data message-level encryption where TLS terminates on untrusted multi-tenant hardware, such as proxies.
• At no point is Amazon Information ever transmitted unencrypted.
• Any sensitive data temporarily stored is encrypted at rest using advanced encryption protocols (AES-256).

   

3. Data Usage

Purpose of Data Processing:

We process your data strictly to provide you with the services you request, including:

• Dashboards
• Reports
• Analytics
• Tax summaries
  (if you opt-in to these features)

   

No Hidden Data Usage:

• We do not use your data for internal analysis, data mining, or any undisclosed purposes.
• We do not perform any backend analysis for company insights or third-party sharing.
• All reports and dashboards are created solely for your view and upon your request.

   

4. Data Sharing

No Third-Party Sharing:

We never sell, share, or exchange your data with any third party for any purpose, including marketing, analytics, or service improvement.

External Service Providers:

Third-party service providers (such as Google Cloud or AWS) are used solely as secure hosting or processing environments. These providers do not access, use, or process the data beyond what is required for the technical delivery of our service. All providers meet Amazon’s data protection requirements.

5. Data Security

We employ robust security measures, including but not limited to:

• Secure OAuth2 authentication with Amazon SP-API.
• Encrypted HTTPS connections.
• Database encryption for sensitive data.
• Regular security audits and vulnerability assessments.

  • Access Management and Security Controls:

    • The list of people and services with access to Amazon Information is reviewed every 90 days.
    • Accounts that no longer require access are promptly removed.
    • Storing Amazon Information on personal devices is strictly prohibited.
    • Upon an employee’s departure, all access and user permissions are immediately revoked.
    • We enforce an account lockout policy that triggers upon detecting suspicious activities such as multiple failed logins or excessive requests.
    • Account permissions are immediately revoked and investigated by IT administrators in the event of suspicious activity.
    • All Amazon Information is accessed exclusively through company-managed systems. Accessing or storing Amazon Information on personal devices is strictly prohibited.
• Secure Coding Practices:
  • Sensitive credentials such as API keys, encryption keys, or passwords are never hardcoded in our codebase.
  • Sensitive credentials are securely stored and never exposed in public repositories.
  • We maintain separate environments for development, testing, and production to ensure data security.
  • Code reviews and vulnerability scans are performed prior to each release.

Data Breach: In the event of a confirmed security breach that may affect user data, we will notify affected users within 72 hours of detection, in accordance with industry best practices and applicable regulations.

6. User Control

Revoking Access:

• You can revoke our access to your Amazon Seller Central account at any time via the Amazon Developer Console or Seller Central app management page.

   

Data Deletion:

• Upon revocation, any temporary or cached data will be automatically deleted from our systems within 30 days.

7. Specific Data Categories

Advertising Data:

If authorized:

• We only access your Amazon advertising data to provide campaign performance summaries and insights.
• We do not share, analyze, or use ad data for our own purposes.

   

Financial Data:

• We process financial reports (e.g., settlement reports, tax summaries) solely for your dashboards and export requests.
• Financial data is never stored beyond temporary caching for processing.

   

Taxation Data:

• Tax reports are generated based on Amazon financial summaries.
• We do not retain historical taxation records beyond processing unless requested by the user.

   

8. Cookies and Tracking

Our website:

• May use essential cookies to improve user experience.
• Does not track users across websites.
• Does not use third party tracking or analytics cookies.

   

9. Children’s Privacy

Our services are not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Privacy Policy

We may update this Privacy Policy as needed. If we make significant changes, we will notify users via email or our platform interface. Continued use of our services indicates acceptance of the updated policy.

11. Incident Response Plan

We maintain a comprehensive Incident Response Plan to manage security incidents and service interruptions.

• The plan is reviewed every 6 months or after major infrastructure changes.
• Specific incident response procedures are defined based on the incident’s type, impact, and urgency.
• An escalation process is in place to promptly notify Amazon in the event of security incidents.
• Each security incident is thoroughly investigated and documented, including remediation actions and system/process improvements to prevent recurrence.
• We maintain a chain of custody for all security incident records. Documentation is available to Amazon upon request.

12. Vulnerability Management:

• We maintain a proactive vulnerability management plan to detect, assess, and remediate security vulnerabilities.
• Vulnerability scans are conducted every 180 days to identify potential risks.
• All application code is scanned for vulnerabilities prior to production release.
• Physical hardware containing Amazon Information is regularly monitored and protected from technical vulnerabilities.

   

We do not expose or include any supplier or third-party branding in communications, invoices, or reports generated through our Service.

As the user, you are solely responsible for fulfilling orders, managing returns, and ensuring compliance with all applicable Amazon selling policies.

For questions or concerns regarding this Privacy Policy, please contact us at:

Our website contact details

Email:

Term of usage:

1. Acceptance of Terms

By using this website, you agree to:

• Comply with these Terms of Use.
• Abide by all applicable laws and regulations.
• Only use the website for lawful purposes.

   

2. Changes to Terms

We may update these Terms of Use from time to time. Any changes will be posted on this page with an updated effective date. Continued use of the website constitutes your acceptance of the revised terms.

3. Website Content

• All content provided on this website, including text, graphics, images, logos, and downloadable files, is the property of The Brand Spur (TBS) and is protected by copyright, trademark, and other intellectual property laws.
• You may not copy, reproduce, distribute, or create derivative works from any content without our prior written consent.
• We make reasonable efforts to provide accurate and up-to-date information but do not guarantee the completeness or accuracy of the content.

   

4. User Conduct

You agree to use the website only for lawful purposes. You are prohibited from:

• Attempting to gain unauthorized access to the website, its servers, or other systems.
• Disrupting or interfering with the operation or security of the website.
• Using any automated systems or software to extract data (scraping) from the website without prior consent.
• Posting or transmitting any harmful, threatening, abusive, defamatory, or otherwise objectionable content.

   

5. Links to Third-Party Sites

Our website may contain links to third-party websites. These links are provided for convenience only. We do not endorse, control, or assume responsibility for the content, privacy policies, or practices of any third-party sites.

You access third-party websites at your own risk.

6. Intellectual Property

All trademarks, service marks, logos, and brand names displayed on this website are the property of The Brand Spur (TBS) or their respective owners. You may not use these marks without prior written permission.

7. Limitation of Liability

We are not liable for any damages arising from:

• Your use of or inability to use the website.
• Errors or inaccuracies in the website content.
• Any viruses or harmful components transmitted through the website.
• Third-party links or services accessed via the website.

   

Use of the website is at your own risk.

8. Disclaimer

This website and its content are provided “as is” without warranties of any kind, either express or implied.

We make no representations or guarantees regarding the website’s availability, reliability, or accuracy.

9. Privacy Policy

Your use of this website is also governed by our Privacy Policy, which describes how we collect, use, and protect your personal information.

10. Termination

We reserve the right to suspend or terminate your access to the website without notice if you violate these Terms of Use.

11. Governing Law

These Terms of Use are governed by the laws of [Your Country/State] 

Any disputes arising under these Terms will be subject to the exclusive jurisdiction of the courts located in [Your City/Country].

Google Sheets API Privacy:

Privacy Policy for Google Sheets:

Our Google Sheets integration complies with Google API Services User Data Policy, including the Limited Use requirements. We only use the Sheets API to read/write spreadsheets you select; we do not transfer Google data to third-party services or use it for advertising.

Effective Date: (since company formed)

1. Purpose of the Google Integration

Our use of the Google Sheets API is strictly limited to:

• Automating the population of spreadsheets with data retrieved from Amazon Seller Central via authorized SP-API access.
• Organizing and visualizing inventory, sales, and financial reports for internal operations.
• Improving operational efficiency by reducing manual copy-paste work for employees.

Only employee Google accounts managed by The Brand Spur (TBS) are authorized to use this integration.This integration is not offered to the public, and is used exclusively within our company’s internal systems.

2. Data We Access

We access the following Google account data only after explicit user authorization via OAuth:

• Google Sheets metadata (title, ID, tab names)
• User-granted sheet write access for spreadsheets

   

We do NOT access, store, or use:

• Email content
• Google Docs, Drive, Calendar, Contacts, Gmail
• Personal user data unrelated to Google Sheets

   

3. Data We Write to Google Sheets

We only write structured data pulled from Amazon SP-API or from our internal database, such as:

• Inventory reports
• Sales summaries
• Advertising reports
• Tax summaries (if authorized)

   

No personal information, passwords, or sensitive user credentials are written to or stored in Google Sheets.

4. Data Storage

• We temporarily cache data to handle API interruptions and resume operations.
• Cached data is deleted automatically within 30 days, or earlier if the processing completes
• No permanent storage of Google user data is maintained on our servers.
• We do not store Google access tokens permanently in raw format.
  

5. Data Encryption and Security

• All communication between our systems and Google APIs is encrypted using HTTPS.
• Tokens are securely stored in encrypted format.
• No access is granted to any third-party apps, services, or personnel outside of our organization.
  Role-based access controls are enforced to limit access within our team.
• All access to Google data is logged and reviewed regularly.

   

6. Revoking Access

Users can revoke access to their Google account at any time by:

• Visiting https://myaccount.google.com/permissions
• Navigating to “Third-party apps with account access”
• Revoking access to our internal Reporting app

   

Upon revocation:

• All tokens and permissions are immediately invalidated
• Associated data is deleted within 30 days or sooner

   

7. Data Sharing

We do not:

• Share or sell your Google account data
• Allow third-party services to access your data
• Use your data for analytics, advertising, or marketing

   

8. Internal Use Only

This Google Sheets integration is used exclusively by The Brand Spur (TBS) employees for internal operational automation. It is not available to external users or sold as a product/service.

9. Contact

For questions regarding this privacy policy, please contact:

Email:  The Brand Spur (TBS) IT Dept (shammaztbs@gmail.com,Itdept.tbs@gmail.com)

Phone: The Brand Spur (TBS) (add internal phone)

Terms of Use:

Effective Date: Since registration

These Terms of Use apply to the internal use of our in-house Google Sheets integration tool by employees of The Brand Spur (TBS).

1. Scope of Use

• This integration is used only by The Brand Spur (TBS) employees for automating the updating of Google Sheets using Amazon SP-API data.
• The integration is not offered for public, commercial, or third-party use.
  

2. Ownership

• All Google Sheets created or updated by this integration remain the property of the associated Google account holder.
• The Brand Spur (TBS) claims no ownership over any user-created spreadsheets or account data.
  

3. Restrictions

You agree not to:

• Share access to this integration outside the organization
• Modify the codebase to include external users or third-party access
• Use the integration for unauthorized or illegal activities
  

4. Security

• Users must keep their Google account credentials secure.
• The Brand Spur (TBS) is not responsible for unauthorized access due to compromised credentials outside of our systems.
• Any suspicious activity should be reported immediately to The Brand Spur (TBS) IT administrators.

   

5. Revocation and Termination

• The Brand Spur (TBS) reserves the right to revoke integration access for users violating internal IT policies.
• Users may revoke access themselves at any time through their Google Account settings.
  

6. Disclaimer

This integration is provided “as-is” for internal use. We make no guarantees regarding uptime or uninterrupted service. Users assume all responsibility for use.

7. Changes to Terms

We may update these Terms of Use from time to time. Changes will be communicated internally.

8. Contact

For questions or issues related to this integration:

Email: The Brand Spur (TBS) IT Dept (shammaztbs@gmail.com,  or Itdept.tbs@gmail.com)

Phone: The Brand Spur (TBS) Internal Extension

Cookies and Tracking Technologies

We use cookies to enhance user experience. You can control cookie preferences through your browser settings. Disabling cookies may impact website functionality.

Third-Party Links

Our website may contain links to third-party websites. We are not responsible for their privacy practices, so we encourage you to review their policies before providing any personal data.

Updates to This Privacy Policy

We may update this policy from time to time. Any changes will be posted on this page with an updated “Last Updated” date. We recommend reviewing this policy periodically.

Contact Us

For any questions or concerns regarding this Privacy Policy, please contact us at: THEBRANDSPUR Website: https://thebrandspur.com/