Last updated: October 2, 2025

Contact: security@gizmobing.com

Data Scope

This site requests only Amazon SP-API permissions needed for orders, fulfillment, and support. PII is masked in screens where not required.

Transport & Storage

TLS 1.2+ is enforced for all traffic. Data is encrypted at rest across databases, backups, and logs. Keys are managed within US regions.

Access Controls

We follow role-based, least-privilege access. MFA is required for privileged access, and administrative areas are restricted and audited.

Monitoring & Logs

We maintain centralized logging of sign-ins, configuration changes, and data access. Alerts are triggered on unusual PII access. All PII fields are redacted in logs.

Retention & Deletion

Personal data is automatically purged after <X months>, unless law requires longer retention. Backups are encrypted with lifecycle policies, and periodic restore tests are performed.

Incident Response

We maintain documented procedures for detection, containment, remediation, and notification, consistent with US legal requirements.

Third-Party Services

We use only vetted service providers for this site and maintain agreements requiring comparable security and privacy controls.

Data Residency

Primary data processing and storage are located in the United States.