Privacy Policy

Itervai, Inc. (“itervai,” “we,” “us,” or “our”) operates the itervai platform, which provides operations management software for e-commerce brands selling on Amazon and other online channels. This Privacy Policy describes how we collect, use, store, share, and dispose of information — including Personally Identifiable Information (PII) — in connection with our services.

By using our platform or services, you agree to the practices described in this policy.

Information you provide directly:

• Account registration information (name, email, company name)
• Contact information provided through forms or communication
• Payment and billing information for platform access or consulting engagements

Information obtained through Amazon Selling Partner API:

• Order data (order IDs, product details, order status)
• Inventory data (stock levels, FBA/AWD shipment details)
• Financial data (settlement reports, fee breakdowns)
• Product listing data (catalog information, pricing)
• Analytics data (Brand Analytics, sales performance)
• Tax-related Personally Identifiable Information: buyer name, shipping address, and order details — collected solely for tax invoice generation and sales tax calculation as required by law

Information collected automatically:

• Usage data (feature usage, session duration, interactions)
• Device and browser information
• IP addresses and approximate location data
• Cookies and similar tracking technologies

We use collected information exclusively to provide, maintain, and improve our services to authorized users:

• Platform operations: Managing inventory, fulfillment planning, order tracking, and financial reporting for the seller who authorized access
• Tax compliance: Generating legally compliant tax invoices and calculating sales tax obligations using buyer PII, as required by US state and local tax regulations
• Analytics and insights: Providing performance dashboards, profitability analysis, and operational recommendations
• Account management: Communicating with users about their accounts, billing, and platform updates
• Platform improvement: Analyzing aggregated, anonymized usage patterns to improve platform functionality

All data is stored within Amazon Web Services (AWS) infrastructure in the United States.

• Encryption at rest: All data is encrypted using AES-256. PII fields receive additional application-level encryption (AES-256-GCM) before database storage.
• Encryption in transit: All data transmitted between systems uses TLS 1.2 or higher.
• Key management: Encryption keys are managed through AWS Key Management Service (KMS) with automatic annual rotation and access restricted by IAM policies.
• Backups: Encrypted database backups are stored in a geographically separate AWS region for disaster recovery.

• Amazon buyer PII: Deleted within 30 days of order delivery. PII is retained only for the duration necessary to generate tax invoices and calculate tax obligations.
• Non-PII Amazon data: Retained for the duration of the seller’s active authorization. Deleted within 30 days of authorization revocation or contract termination.
• Account information: Retained for the duration of the user’s active account. Deleted within 30 days of account closure, except where retention is required by law.

All data disposal uses secure deletion methods that render data unrecoverable.

itervai does not sell, rent, or share Amazon Information with any third parties. Specifically:

• We do not share Amazon buyer data with any outside party
• We do not aggregate data across sellers or use it for cross-seller insights
• We do not provide Amazon data to advertising networks, data brokers, or analytics providers
• We do not use Amazon data to train or improve machine learning models
• The only data sharing that occurs is presenting a seller’s own Amazon data back to that authorized seller through our platform

We may disclose information if required by law, legal process, or government request, and we will notify affected users unless legally prohibited from doing so.

• All employees with access to Amazon Information have unique identities with Multi-Factor Authentication (MFA) enforced
• Access follows the principle of least privilege and is granted through role-based access control (RBAC)
• Access is reviewed quarterly and revoked immediately upon role change or termination
• Amazon Information is accessible only through company-managed systems — personal devices cannot access production data

We process all Amazon data within our own AWS infrastructure. Our infrastructure providers include:

• Amazon Web Services (AWS): Cloud infrastructure, database hosting, encryption key management, logging, and monitoring

We do not use third-party sub-processors for handling, processing, or storing Amazon seller or buyer data.

In the event of a security incident involving Amazon Information:

• We will notify Amazon at security@amazon.com within 24 hours of detection
• We will notify affected sellers promptly with details about the nature and scope of the incident
• Our incident response plan includes containment, investigation, remediation, and prevention procedures reviewed every 6 months

You may exercise the following rights by contacting us at privacy@itervai.com:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data, subject to legal retention requirements
• Portability: Request your data in a portable, machine-readable format
• Revoke authorization: Disconnect your Amazon seller account from our platform at any time through your account settings

We respond to all requests within 30 days.

Our website uses privacy-preserving analytics from Vercel to understand traffic patterns. Vercel Analytics is cookieless: it does not store identifiers on your device, does not track you across sites, and does not collect personal information.

We do not use advertising cookies, retargeting pixels, session recording tools, or third-party marketing trackers.

If you access an itervai client platform in the future, that product may use strictly necessary cookies for authentication and security. Those cookies will be disclosed separately within the platform itself.

itervai complies with the Amazon Services API Data Protection Policy, the Acceptable Use Policy, and the Amazon Services API Solution Provider Agreement. Our handling of Amazon Information adheres to all requirements specified in these policies, including but not limited to:

• PII retention limited to 30 days after order delivery
• Encryption of all PII at rest (AES-256) and in transit (TLS 1.2+)
• No use of Amazon data for AI/ML model training
• No sharing of Amazon data with third parties
• 24-hour incident notification to Amazon
• Quarterly access reviews and annual penetration testing