Privacy Policy

Catalyst Partner LLC

Effective Date: April 9, 2026

Last Updated: April 9, 2026

1. Introduction

Catalyst Partner LLC ("Catalyst," "we," "us," or "our") operates as a full-stack Amazon account management service partnered with authorized distributors. This Privacy Policy describes how we collect, use, store, share, and dispose of information — including Amazon Information and Personally Identifiable Information (PII) — in the course of operating Amazon Seller Central accounts on behalf of the brands and distribution partners we represent.

This policy applies to all data accessed through Amazon's Selling Partner API (SP-API), Amazon Advertising API, and any related Amazon services.

Contact for privacy inquiries: founder@catalystpartnerllc.com

2. Information We Collect

In the course of managing Amazon seller operations, we access and process the following categories of information:

2.1 Amazon Order Data

• Order IDs and order status
• Product SKUs, ASINs, and quantities
• Order pricing and fee breakdowns
• Shipment tracking information

2.2 Buyer Personally Identifiable Information (PII)

• Buyer name (recipient name on order)
• Shipping address
• Order-related buyer messages (when relevant to fulfillment or customer service)

2.3 Seller Account Data

• Listing information (titles, descriptions, images, keywords)
• Inventory levels and stock movements
• Account health metrics
• Advertising performance data
• Search Query Performance and Brand Analytics data

2.4 Financial Data

• Settlement reports
• Fee breakdowns
• Refund and return data

We do not collect buyer payment information, credit card details, or any financial data belonging to buyers. Amazon handles all buyer payment processing.

3. How We Collect Information

All Amazon Information is retrieved directly from Amazon's official APIs over encrypted TLS connections:

• Selling Partner API (SP-API) for orders, inventory, listings, finances, and account health
• Amazon Advertising API for campaign and performance data
• Amazon Messaging API for buyer-seller communications

We do not retrieve Amazon Information from any third-party source, scraped data, or unauthorized intermediary.

4. How We Use Information

We use the information we collect strictly for the following operational purposes:

Purpose	Information Used
Fulfilling Amazon orders	Buyer name, shipping address, order details
Generating shipping labels and tracking	Buyer name, address, order ID
Responding to buyer messages	Order details, buyer message content
Processing returns and refunds	Order details, return reason
Managing product listings	SKU, ASIN, listing content
Pricing and Buy Box monitoring	ASIN, competitor pricing data
Internal financial reporting	Order revenue, fees, refunds
Account health monitoring	Order Defect Rate, Late Shipment Rate, policy compliance
Advertising optimization	Sales, search query data, conversion metrics

We do not use Amazon Information for:

• Marketing or advertising to buyers outside of Amazon
• Building buyer profiles or behavioral databases
• Selling, renting, or transferring buyer data to third parties
• Any purpose unrelated to direct Amazon seller operations

5. Data Sharing

Catalyst Partner LLC does not sell, rent, or trade Amazon Information to any third party.

We share limited Amazon Information only with the following parties, only when strictly necessary, and only in the minimum amount required:

5.1 Authorized Distribution Partners

We share order fulfillment data (buyer name, shipping address, product SKU, quantity, order ID) with our authorized distribution and fulfillment partners — including Randmar Inc. — solely for the purpose of fulfilling Amazon orders. These partners are contractually bound to handle this information in accordance with Amazon's Data Protection Policy and applicable privacy laws.

5.2 Service Providers

We use a limited set of vetted service providers (cloud hosting, secrets management, monitoring) to operate our infrastructure. These providers do not access Amazon Information directly and are bound by data processing agreements that require equivalent or stronger security controls.

5.3 Legal Requirements

We may disclose information if required by law, subpoena, or court order, or if necessary to protect the rights, property, or safety of Catalyst Partner LLC, our partners, or others.

6. Data Storage and Security

6.1 Encryption at Rest

All Amazon Information at rest is encrypted using AES-256 at the database layer. Database files are stored on encrypted volumes with full-disk encryption enabled.

6.2 Encryption in Transit

All data transmitted between Amazon, Catalyst systems, and authorized partners is encrypted using TLS 1.2 or higher.

6.3 Key Management

Encryption keys are managed via a dedicated Key Management System with annual key rotation. Keys are never stored in code, configuration files, or version control.

6.4 Access Controls

Access to Amazon Information is restricted on a need-to-know basis through role-based access controls. Each team member has a unique named account with Multi-Factor Authentication enforced.

6.5 Network Security

All databases and application servers operate behind firewalls with no direct public internet exposure. Access is restricted to allowlisted IPs and authenticated sessions only.

6.6 Logging and Monitoring

All access to Amazon Information is logged with timestamp, user ID, source IP, and action performed. Logs are retained for a minimum of 12 months and reviewed bi-weekly for suspicious activity.

7. Data Retention and Disposal

We retain Amazon Information only for as long as necessary to fulfill the operational purposes described in this policy:

Data Category	Retention Period
Buyer PII (name, shipping address)	Less than 31 days after order shipment
Order metadata (ID, SKU, quantity, status)	Up to 24 months for financial reconciliation and reporting
Listing content	Retained as long as the listing is active
Aggregated sales and performance data	Retained for historical reporting (no PII)
Logs and audit records	12 months minimum

After the retention period expires, PII is permanently deleted from our production systems and backup archives through automated purge processes.

8. Backups and Disaster Recovery

We maintain encrypted backups of all production data. Backups are:

• Encrypted with AES-256 prior to transfer
• Stored in a geographically separated cloud region distinct from production
• Subject to the same access controls and retention policies as production data
• Tested quarterly to verify integrity and restore procedures

Recovery Time Objective (RTO): 4 hours
Recovery Point Objective (RPO): 24 hours

9. Incident Response

In the event of a security incident, data breach, or unauthorized access involving Amazon Information, Catalyst Partner LLC follows a documented incident response plan:

1. Detection — Automated alerts and monitoring identify suspicious activity
2. Containment — Affected systems are isolated, credentials rotated, and access revoked
3. Assessment — Scope of exposure is determined within 12 hours
4. Notification — Amazon is notified at security@amazon.com within 24 hours of detection. Affected parties are notified as required by applicable law.
5. Remediation — Root cause identified and resolved
6. Post-Mortem — Incident documented within 7 days, plan updated as needed

The incident response plan is reviewed every 6 months.

10. Your Rights

If you are an Amazon buyer whose information has been processed by Catalyst Partner LLC in connection with an order, you may have rights under applicable privacy laws, including:

• The right to know what information we hold about you
• The right to request deletion of your information
• The right to correct inaccurate information
• The right to opt out of certain processing activities

To exercise these rights, contact us at founder@catalystpartnerllc.com. We will respond within 30 days.

Please note: because we process buyer information solely on behalf of Amazon sellers and Amazon itself, certain requests may need to be directed to Amazon directly via your Amazon account.

11. Children's Privacy

Catalyst Partner LLC does not knowingly collect information from children under the age of 13. Our services are not directed at children. If we become aware that we have collected information from a child, we will delete it promptly.

12. International Data Transfers

Amazon Information may be processed and stored in data centers located outside of your country of residence. Where we transfer data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

13. Compliance with Amazon Policies

Catalyst Partner LLC operates in full compliance with:

• Amazon Services API Solution Provider Agreement
• Amazon Acceptable Use Policy
• Amazon Data Protection Policy
• Amazon's Personally Identifiable Information (PII) requirements for Restricted SP-API roles

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or legal obligations. Material changes will be posted on this page with an updated "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or requests related to this Privacy Policy or our handling of Amazon Information: