Compliance
Amazon SP-API compliance.
Catalora is a registered Amazon Selling Partner API developer. We handle Amazon Information in accordance with Amazon's Acceptable Use Policy and Data Protection Policy. Below is a plain-English summary of how we connect, store, and protect your data.
OAuth via Login with Amazon
We use the official Login with Amazon authorization flow. We never request, store, or share Seller Central passwords. You can revoke access at any time from Seller Central.
Encryption
All Amazon Information is encrypted at rest using AES-256 and in transit using TLS 1.2 or higher. Keys are managed by our cloud provider's KMS.
Least-privilege access
Access to Amazon Information is restricted on a need-to-know basis, protected by MFA, and fully audit-logged. Production data is isolated from development environments.
Retention & deletion
Amazon Information is deleted within 30 days of account disconnection or upon written request, except where retention is required by law.
Acceptable Use Policy alignment
We use Amazon Information solely to provide the Services to the seller it relates to. We do not sell, share, or transfer Amazon Information to unauthorized third parties.
Sub-processors
Cloud hosting, payment processing, and error monitoring providers are bound by data-protection terms substantially equivalent to our DPA.
Independent product notice
Catalora is operated by JG INTL TRADE LLC and is an independent software product. It is not affiliated with, endorsed by, or sponsored by Amazon.com, Inc. Amazon, the Amazon logo, and Selling Partner API are trademarks of Amazon.com, Inc. or its affiliates.