01Who We Are
Ecomstone Vietnam JSC ("Ecomstone," "we," "us," or "our") is a joint-stock company organized under the laws of Vietnam with its principal office at 4th Floor, Esymed Building, No. 8 LK29 Duong Noi Urban Area, Ha Dong District, Hanoi, Vietnam.
We operate as a Private Solution Provider on the Amazon Selling Partner API and deliver managed Amazon analytics and operations services under the Ecomstone Solutions program. This Privacy Policy applies to all data we process in connection with these services.
02Information We Collect
We collect information in three primary categories:
A. Information you provide directly
- Business contact information: name, email, phone, company name, job title
- Service inquiry and onboarding data provided during discovery calls and audits
- Communication records: emails, call notes, messages exchanged during engagement
- Billing information: invoicing details and payment records
B. Information obtained via Amazon SP-API (with your authorization)
When you engage our managed services and authorize SP-API access, we retrieve business data from your Amazon account strictly as needed to deliver the contracted services:
| Data Category | Purpose |
|---|---|
| Advertising performance Campaign metrics, impressions, clicks, ACOS, spend | Campaign management and optimization reporting |
| Product listings Title, bullets, description, images, keywords | Listing audits and optimization |
| Pricing & competition Product prices, Buy Box data | Profit analysis and competitive positioning |
| Inventory Stock levels, FBA shipments, storage fees | Stock planning and FBA forecasting |
| Brand Analytics Search query data, market share reports | Market intelligence and keyword strategy |
We do not access: customer personally identifiable information (PII), customer order addresses, payment information, or any other data outside the scope of our contracted services.
C. Automatically collected information
- Website usage data (cookies, page views, referrers) when you visit our websites
- Technical data: IP address, browser type, device information
- Security logs: access timestamps and activity logs for audit purposes
03How We Use Your Information
We use collected information exclusively for the following purposes:
- Service delivery: To provide the managed services contracted with you, including campaign management, listing optimization, and reporting.
- Communication: To respond to inquiries, deliver reports, schedule meetings, and send service-related updates.
- Billing and contracts: To issue invoices, process payments, and manage our contractual relationship.
- Legal compliance: To comply with applicable laws, respond to lawful requests, and protect our legal rights.
- Security and fraud prevention: To detect, investigate, and prevent unauthorized access or misuse.
AI model training · Analytics benchmarking across clients · Third-party marketing · Data resale · Any purpose not directly required to deliver your contracted services.
04Data Sharing and Disclosure
We do not sell, rent, or trade your data. We share data only in limited circumstances:
- Service providers: With trusted third-party providers (e.g., cloud hosting, payment processors, CRM tools) under strict contractual confidentiality obligations, and only to the extent necessary for them to perform services on our behalf.
- Legal requirements: When required by law, court order, or valid legal request from authorities.
- Business transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality protections.
- With your consent: When you explicitly authorize disclosure (e.g., public case study).
We never share Amazon-derived data across clients. Each client's SP-API data is isolated in per-client storage partitions with strict access controls.
05Data Security
We implement industry-standard technical and organizational measures to protect your data:
- Encryption in transit: All data transfers use TLS 1.3 encryption.
- Encryption at rest: Stored data is encrypted using AES-256.
- Access controls: Role-based access; only authorized team members can access specific client data.
- Audit logs: All access to client data is logged and auditable.
- Secure infrastructure: Data is hosted in reputable cloud providers with SOC 2 compliance.
- Incident response: Defined procedures for detecting, investigating, and notifying clients of security incidents.
06Data Retention
We retain data only as long as necessary to deliver services and meet legal obligations:
- Active client data: Retained throughout the engagement.
- Post-termination: Deleted within thirty (30) days of contract termination, except where retention is required by law (e.g., tax records).
- Communication records: Retained for up to three (3) years for contract and legal purposes.
- Billing records: Retained in accordance with Vietnamese tax and accounting law (typically 10 years).
Clients may request earlier deletion of their SP-API-derived data at any time by contacting [email protected].
07Your Rights
Subject to applicable data protection laws, you have the right to:
- Access the data we hold about you
- Correct inaccurate or incomplete data
- Delete your data (subject to legal retention requirements)
- Restrict or object to certain processing activities
- Portability: Receive your data in a machine-readable format
- Withdraw consent for processing based on consent, including revoking SP-API access
- Lodge a complaint with a supervisory authority in your jurisdiction
To exercise any of these rights, contact us at [email protected]. We will respond within thirty (30) days.
08Amazon Data Protection Policy Compliance
As a registered Private Solution Provider on the Amazon Selling Partner API, Ecomstone strictly adheres to Amazon's Data Protection Policy. This includes:
- Using Amazon-derived data only for delivering services to the authorizing selling partner
- Not combining Amazon data with data from other sources without explicit authorization
- Not using Amazon data for competitive benchmarking or AI training
- Maintaining strict access controls and audit logs
- Deleting data on client request or upon termination of the engagement
- Reporting security incidents promptly to both affected clients and Amazon as required
09Cookies and Website Tracking
Our websites use cookies and similar technologies for basic functionality and analytics. We use:
- Essential cookies required for site functionality
- Analytics cookies (Google Analytics) to understand site usage
You may disable non-essential cookies through your browser settings.
10International Data Transfers
Ecomstone is based in Vietnam. Data may be transferred to, processed, and stored in Vietnam and in cloud infrastructure regions we use (which may include Singapore, the United States, and the European Union). We implement appropriate safeguards to ensure lawful transfer and equivalent protection, regardless of where data is processed.
11Children's Privacy
Our services are directed exclusively to businesses and are not intended for individuals under the age of 18. We do not knowingly collect information from children.
12Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to active clients via email at least thirty (30) days before taking effect. The "Last updated" date at the top of this policy reflects the most recent revision.
13Contact Us
For questions, complaints, or to exercise your rights under this policy, contact us at:
4th Floor, Esymed Building
No. 8 LK29, Duong Noi Urban Area
Ha Dong District, Hanoi, Vietnam
Email: [email protected]
Phone: +84 334 999 811