Table of Contents
1. Introduction
MingCi ERP ("MingCi", "we", "our", or "us") provides a software-as-a-service (SaaS) platform that helps Amazon sellers manage orders, inventory, analytics, and related operations through the Amazon Selling Partner API ("SP-API").
This Privacy Policy explains what information we collect when you use our website (tozoaioo.com) and our application (collectively, the "Service"), how we use and protect that information, and the choices you have. By using the Service, you agree to the practices described in this policy.
2. Information We Collect
2.1 Information You Provide
- Account information: name, business name, email address, password (hashed), phone number, and billing details.
- Communications: messages, support requests, and feedback you send to us.
- Payment information: processed by our PCI-compliant payment provider; we do not store full card numbers on our servers.
2.2 Information Collected Automatically
- Usage data: log files, pages visited, actions taken, feature usage, and timestamps.
- Device data: IP address, browser type and version, operating system, device identifiers.
- Cookies and similar technologies: used for authentication, preference storage, and analytics. You can control cookies through your browser settings.
2.3 Information from Third Parties
- Amazon Seller Central (via SP-API): with your explicit authorization — see Section 3 for full details.
- Service providers: we may receive limited information from infrastructure, analytics, and payment partners.
3. Amazon Seller & SP-API Data
With your explicit authorization through Amazon's official Login with Amazon (LWA) flow, MingCi accesses your Amazon Seller Central data via the Selling Partner API in order to deliver the Service. We strictly comply with the Amazon Services API Developer Agreement, the Amazon Acceptable Use Policy, and the Amazon Data Protection Policy.
3.1 Categories of Amazon Data Accessed
- Order data: order IDs, order status, item details, quantities, prices, marketplace, and timestamps.
- Inventory data: SKUs, ASINs, fulfillment center quantities, and stock movements.
- Product listings: product titles, descriptions, attributes, and pricing.
- Financial reports: settlement reports, fees, refunds, and reimbursements.
- Performance metrics: seller performance indicators, return rates, and feedback.
- Customer Personally Identifiable Information (PII): buyer name, shipping address, and order-related contact information — accessed only when strictly necessary to fulfill an order or provide services authorized by you.
Amazon PII Compliance: Customer PII is treated as confidential at all times. It is encrypted in transit and at rest, accessible only to authorized personnel on a strict need-to-know basis, used exclusively for the purposes you authorize, and never shared with third parties for marketing or any other unauthorized use.
3.2 Source of Authorization
All Amazon data is obtained through Amazon's official OAuth-based SP-API authorization flow. You may revoke MingCi's authorization at any time from within your Amazon Seller Central account (Apps & Services > Manage Your Apps), which immediately terminates our ability to access new data.
4. How We Use Your Information
We use the information described above only for legitimate, disclosed purposes:
- To provide the Service: sync orders, manage inventory, generate reports, and operate features you have enabled.
- To improve the Service: diagnose technical issues, develop new features, and improve usability — using aggregated and anonymized data wherever possible.
- To communicate with you: send transactional emails, service announcements, security notices, and (with your consent) product updates.
- To ensure security: detect, prevent, and investigate fraudulent or unauthorized activity.
- To comply with legal obligations: respond to lawful requests from public authorities, enforce our agreements, and protect our rights.
We do not sell your personal information. We do not use Amazon customer PII for advertising, profiling, or any purpose other than fulfilling the specific function you have authorized.
5. Data Retention
We retain different categories of data for different periods, in accordance with applicable law and Amazon's policies:
5.1 Amazon Customer PII — 30 Days Maximum
Amazon Customer Personally Identifiable Information (PII) is retained for no longer than 30 days after order delivery, in strict compliance with the Amazon Data Protection Policy. After this period, customer PII is permanently and securely deleted from our active systems and backups, except where retention is required to comply with applicable tax, accounting, or legal obligations — in which case PII is moved to restricted, encrypted archival storage and is no longer accessible to operational systems.
5.2 Other Data
- Non-PII Amazon business data (e.g., aggregated sales reports, SKUs, inventory levels) is retained for as long as your account is active so we can provide historical analytics.
- Account information is retained for the life of your account and deleted within 90 days of account closure, unless longer retention is legally required.
- Logs and security data are retained for up to 12 months for security and audit purposes.
- Billing records are retained for the period required by applicable tax and accounting laws (typically 7 years).
5.3 Deletion on Authorization Revocation
If you revoke MingCi's SP-API authorization or close your MingCi account, we will delete Amazon Customer PII within 30 days and other Amazon data within 90 days, except as required to comply with legal obligations.
6. Third-Party Sharing
We do not sell or rent your information. We share information only in the limited circumstances below:
6.1 Service Providers (Sub-processors)
We share information with trusted infrastructure and operational partners who help us deliver the Service:
- Cloud hosting providers for secure data storage and computation.
- Payment processors for handling subscription billing.
- Email and communication providers for transactional and support emails.
- Analytics and monitoring tools for service performance and error tracking.
All sub-processors are contractually bound to confidentiality and data-protection obligations equivalent to or stricter than those in this policy, and may use the data only to perform the services we have engaged them for.
6.2 Legal Requirements
We may disclose information if required to do so by law, subpoena, court order, or other valid legal process, or to protect the rights, property, or safety of MingCi, our users, or others.
6.3 Business Transfers
If MingCi is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified by email and/or a prominent notice on our website of any such change.
6.4 No Marketing Use of Amazon PII
We never share, sell, or otherwise disclose Amazon customer PII to third parties for marketing or advertising purposes.
7. Data Security
We implement industry-standard technical and organizational safeguards designed to protect your information:
- Encryption in transit: all data is transmitted over TLS 1.2 or higher.
- Encryption at rest: sensitive data is encrypted using AES-256 in our databases and backups.
- Access controls: strict role-based access, multi-factor authentication for staff, and least-privilege principles.
- Audit logging: all access to Amazon data and customer PII is logged and reviewed.
- Vulnerability management: regular dependency scans, penetration testing, and timely security patching.
- Incident response: a documented process for detecting, containing, and notifying users of security incidents in accordance with applicable law.
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
8. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: request a copy of the personal information we hold about you.
- Correction: ask us to correct inaccurate or incomplete information.
- Deletion: request that we delete your personal information, subject to legal retention requirements.
- Restriction / Objection: ask us to restrict or stop certain processing activities.
- Data portability: receive your information in a structured, machine-readable format.
- Withdrawal of consent: withdraw consent for processing that is based on consent, at any time.
- Complaint: lodge a complaint with the appropriate data protection authority.
To exercise these rights, email us at mcyxtrade@outlook.com. We will respond within 30 days. We may need to verify your identity before processing your request.
9. International Data Transfers
MingCi operates internationally. Your information may be processed and stored in countries other than your country of residence, which may have data protection laws different from those in your country. Where required by law, we put in place appropriate safeguards (such as standard contractual clauses) to protect the transferred information.
10. Children's Privacy
The Service is intended for business use by adults. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child, please contact us so that we may delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or post a prominent notice on our website prior to the changes becoming effective. The "Last Updated" date at the top of this page indicates when the policy was most recently revised.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy inquiries: mcyxtrade@outlook.com
- General support: mcyxtrade@outlook.com
- Mailing address: Room 504, 5th Floor, Building F, Shengfulan Business Center, Jinjiang City, Quanzhou, Fujian Province