Your data. Our responsibility.

Who we are and what this policy covers.

DataDoe, Inc. ("DataDoe", "we", "our", "us") operates a data layer for Amazon sellers, vendors, and agencies. We provide structured access to your Amazon data through dashboards, our API, and MCP integrations.

This Privacy Policy describes how we collect, use, store, and share information when you use our platform. It applies to all users of DataDoe and is designed to comply with the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

The data that flows through DataDoe.

We collect four categories of information when you use our service:

Account data

When you create an account, we collect your name, email address, and authentication credentials. This is the minimum required to identify you and secure your account.

Amazon connection data

You connect your Amazon Seller Central, Vendor Central, or Advertising accounts to DataDoe via OAuth authorization using Amazon's SP-API and Ads API. We never receive or store your Amazon login credentials — only the OAuth tokens Amazon issues to us.

Usage metrics

We collect chat prompts, AI interactions, and your activity within the platform. This helps us operate the service, debug issues, and improve features.

Technical data

We log device information, browser type, IP address, and platform usage logs through AWS RUM (Real User Monitoring) for performance, security, and reliability purposes.

What we do — and don't do — with your data.

We use the information we collect strictly to operate and improve DataDoe:

• Service provision — fetching, structuring, and delivering your Amazon data.
• AI insights delivery — powering reports, recommendations, and AI-assisted analytics.
• Communications — service updates, security notices, and platform announcements.
• Platform security — fraud prevention, abuse monitoring, and access control.

Where your data lives and how long we keep it.

Your data is stored on AWS servers in the United States. We use AWS infrastructure with industry-standard security configurations.

We retain your data for the duration of your use of our services and for 30 days after termination of your account. After that period, your data is deleted from our active systems.

Who has access to your information.

We do not sell, trade, or rent your personal information. Period.

We share data only with trusted service providers solely to operate our infrastructure — for example, AWS (hosting), payment processors, and observability tools. These providers are contractually bound to protect your data and may only use it for the specific services they provide to us.

What you can do with your data.

Under GDPR and CCPA, you have the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — ask us to correct inaccurate or incomplete data.
• Deletion — request that we delete your personal data (subject to legal retention requirements).
• Restriction — limit how we process your data in specific circumstances.
• Portability — receive your data in a structured, commonly used format.
• Opt-out of data sales — though, as stated above, we do not sell your data.

To exercise any of these rights, contact us at contact@datadoe.com.

How we protect your data.

We protect your information using encryption (in transit and at rest), access controls (least-privilege principles for our team), and regular monitoring of our infrastructure.

No system is perfectly secure, but we follow industry best practices and continuously work to harden our platform. If we ever discover a breach affecting your data, we will notify you and the relevant authorities as required by GDPR and CCPA.

When and how we update this policy.

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the platform before the changes take effect.

The "Effective" date at the top of this page reflects when this version was published. Continued use of DataDoe after a policy update means you accept the revised terms.