Privacy Policy

We collect the following categories of information:

Account data: Name, email address, and password (hashed) provided at registration.

Amazon SP-API data: Order data, package status, shipment tracking information, fulfillment status, estimated delivery dates, and account health status retrieved via the Amazon Selling Partner API on your behalf. This data is accessed exclusively using the Inventory and Order Tracking role — a standard, non-restricted SP-API role. We do not access, store, or process any Amazon customer Personally Identifiable Information (PII) such as buyer names, addresses, or payment details.

Billing data: Subscription and payment information processed by Stripe. We do not store payment card details directly — all payment data is handled by Stripe in accordance with PCI-DSS standards.

Usage data: Technical logs including IP addresses, browser type, and session activity, used for security monitoring and service improvement.

Amazon SP-API data is used exclusively to:

— Monitor your FBM orders for shipment risk signals (ghost shipments, stalled packages, EDD breaches, and related alert types) as described in our service.

— Generate and deliver alert notifications to you via email.

— Display alert history and order status in your account dashboard.

We do not use Amazon SP-API data for any purpose other than providing the monitoring service you have authorised. We do not sell, license, or share your Amazon data with third parties for marketing, advertising, or any other commercial purpose.

Account and billing data is used to operate your subscription, process payments, and communicate with you about your account.

DD7 Radar is built on the Amazon Selling Partner API. Our handling of data retrieved through the SP-API complies with Amazon's Data Protection Policy (DPP) and Acceptable Use Policy (AUP). Specifically:

— We access only the data necessary to provide the monitoring service. We request only the Inventory and Order Tracking role, which does not include access to customer PII.

— Amazon SP-API data is stored in encrypted form at rest and transmitted over encrypted connections (TLS).

— Access to SP-API data within our systems is restricted on a need-to-know basis.

— SP-API data is not used for any purpose beyond the specific service functionality you have authorised.

— You may revoke DD7 Radar's access to your Amazon account at any time from within Seller Central. Upon revocation, we will cease data retrieval immediately.

Your data is stored in a cloud-hosted PostgreSQL database (Neon). We implement the following security controls:

— All data is encrypted at rest using industry-standard encryption.

— All data in transit is encrypted via TLS/HTTPS.

— Access to production systems is restricted to authorised personnel only, protected by multi-factor authentication.

— API credentials and tokens are stored encrypted and are not exposed in logs or documentation.

— We conduct periodic reviews of our security controls in accordance with Amazon's Data Protection Policy requirements.

We retain your data only for as long as necessary to provide the service or as required by applicable law:

— Active accounts: Order and alert data is retained for the duration of your subscription to provide alert history and trend visibility.

— Cancelled accounts: Upon cancellation, your Amazon SP-API connection is revoked. Account data is deleted within 30 days of account closure unless retention is required by law.

— Data deletion requests: You may request deletion of your data at any time by contacting us at privacy@dd7radar.com. We will process deletion requests within 14 days.

We do not sell your data. We share data only with the following categories of service providers, strictly for the purpose of operating the service:

— Neon (database hosting): Encrypted storage of order and account data.

— Resend (email delivery): Transmission of alert notifications and account emails to you.

— Stripe (payment processing): Subscription billing and payment handling.

— Vercel (application hosting): Serving the web application.

— AWS (queue infrastructure): Real-time SP-API notification delivery via SQS.

All service providers are contractually obligated to handle data in accordance with applicable privacy regulations and are prohibited from using your data for their own purposes.

Depending on your jurisdiction, you may have the following rights with respect to your personal data:

— Access: Request a copy of the personal data we hold about you.

— Correction: Request correction of inaccurate or incomplete data.

— Deletion: Request deletion of your personal data, subject to legal retention requirements.

— Portability: Request a machine-readable export of your data.

— Objection: Object to certain processing of your data.

To exercise any of these rights, contact us at privacy@dd7radar.com.

We use an HTTP-only session cookie (sid) to maintain your login session. This cookie is not used for tracking or advertising purposes. No third-party tracking cookies are used.

We may update this Privacy Policy to reflect changes to our practices or legal requirements. We will notify you of material changes by email at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance of the updated policy.

For privacy-related questions, data requests, or to report a concern, contact us at:

support@dd7radar.com
Bloom Credits Inc, a Delaware corporation, operating as DD7 Radar
651 N Broad St, Suite 206, Middletown, DE 19709

This Privacy Policy is governed by the laws of the State of Delaware.

DD7 Radar is an independent monitoring tool built on the Amazon SP-API. It is not affiliated with or endorsed by Amazon.com, Inc. or its affiliates.