Last updated: 7 October 2025
Contact: security@prorefurbs.com

Data Scope

Pro Refurbs applications request only the minimum Amazon SP-API permissions required for order and fulfillment operations. PII is masked on screens where not needed.

Transport & Storage

• TLS 1.2 + for all API and web traffic
• AES-256 encryption at rest for databases and backups
• Encryption keys managed via Azure Key Vault
• Primary hosting region: Azure US East 2 (Virginia)

Access Controls

• Role-based least-privilege access
• MFA required for administrators and developers
• All privileged actions audited and logged

Monitoring & Logs

• Centralized logging via Azure Monitor and Log Analytics
• Alerts for unusual PII access patterns
• PII masked or hashed in logs

Retention & Deletion

• Automatic PII purge after 12 months (unless law requires longer)
• Encrypted backups with Azure lifecycle policies
• Quarterly restore tests for disaster recovery

Incident Response

We maintain documented procedures for detection, containment, remediation, and notification in accordance with U.S. data-breach laws and Amazon SP-API policies.

Third-Party Services

Only Microsoft Azure platform services are used for processing and storage of Amazon SP-API data.

Data Residency

All primary processing and storage occur within Microsoft Azure U.S. regions (US East 2 and Central US) with redundant geo-replication for availability.