Let’s Talk

eCom Triage Privacy Policy

Last Updated: June 5, 2026

This Privacy Policy explains how eCom Triage (“we,” “us,” “our”) collects, uses, stores, protects, shares, and deletes information. It covers two audiences: (1) visitors to ecomtriage.com and (2) our clients, Amazon sellers who grant us permission to act on their behalf in Seller Central. Our handling of Amazon-related data complies with Amazon’s Data Protection Policy and Acceptable Use Policy, and with applicable privacy regulations including the EU/UK General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA/CPRA).

1. Information We Collect

Website visitors:

  • Contact information you submit through our forms: name, email address, phone number, and the contents of your message.
  • Usage data: pages visited, actions taken, IP address, browser type, and device information, collected via cookies and analytics tools.

Clients (Amazon sellers):

  • Contact and business information you provide to us: your name, business and brand name, business address, email address, phone number, billing information, and the marketplaces in which you sell.
  • Seller Central data accessed under permissions you grant, e.g. Seller Support case data (case contents, status, and correspondence with Amazon) and read-only product review data (review text, star ratings, reviewer display names as publicly shown on Amazon, and associated ASINs).

What we do not collect: We do not access, collect, or store Amazon buyer personally identifiable information (PII). Our services do not require buyer names, addresses, contact details, order data, or payment information, and we do not request permissions that expose them.

2. How We Use Information

  • To deliver our services: identifying product reviews that violate Amazon’s Community Guidelines and filing and managing removal cases with Amazon on your behalf.
  • To communicate with you about your engagement, case outcomes, and billing.
  • To respond to inquiries and provide support.
  • To send marketing communications you have opted into, with the ability to opt out at any time.
  • To maintain the security and integrity of our systems.
  • To comply with legal obligations.

We use Amazon data solely to support each client’s authorized business on Amazon. We do not use it for any other purpose. We do not aggregate data across clients, sell or license data to any party, use Amazon data to target Amazon customers for marketing, or derive or share insights about Amazon’s business.

3. How We Protect Information

We maintain physical, administrative, and technical safeguards aligned with Amazon’s Data Protection Policy, including:

  • Encryption in transit: All data is encrypted in transit using TLS 1.2 or higher.
  • Encryption at rest: Stored client and Amazon-related data is encrypted at rest using AES-128 or stronger.
  • Access controls: Access is granted on a least-privilege, need-to-know basis. Each team member uses a unique account; shared or generic credentials are prohibited. Multi-factor authentication is required on all accounts with access to client data. Access rights are reviewed quarterly, and access for departing personnel is removed within 24 hours.
  • Training: Personnel with access to client data complete data protection and security awareness training annually.
  • No personal devices or removable media: Client and Amazon-related data may not be stored on personal devices or removable media.

4. Data Retention and Deletion

  • We retain client and Amazon-related data only for as long as necessary to provide our services, maintain business records, resolve disputes, comply with contractual obligations, and meet legal, tax, or regulatory requirements.
  • Data obtained from Amazon systems is retained only as long as necessary for the authorized business purpose and in accordance with applicable Amazon policies, agreements, and legal requirements. Where Amazon requires a shorter retention period for certain categories of data, we follow the shorter applicable period.
  • Upon termination of an engagement, or upon a valid deletion request from a client or Amazon, we delete or de-identify the relevant data within 30 days, unless retention is required for legal, tax, regulatory, security, fraud-prevention, dispute-resolution, or contractual compliance purposes.
  • Client and Amazon-related data is primarily stored in approved cloud-based systems with access controls. Deletion from cloud systems is performed using the deletion tools and retention controls provided by those systems. Where data has been temporarily downloaded, exported, cached, or stored on company-managed devices or storage media, we securely delete or sanitize such data when it is no longer needed, using methods aligned with industry-standard media sanitization practices, including NIST SP 800-88 where applicable.

5. Sharing Your Information

We do not sell personal information, and we do not share client or Amazon-related data with third parties, except:

  • Service providers (subprocessors): Vendors that support our operations, such as payment processing, scheduling, and secure cloud hosting. They are bound by confidentiality obligations, may only process data on our instructions, and are assessed for data security practices at least annually.
  • Legal requirements: When required to comply with law or respond to lawful requests from authorities.
  • Protection of rights: To protect the rights, property, or safety of eCom Triage, our clients, or the public.

6. Your Rights and Choices

Depending on your jurisdiction, you have the right to:

  • Access the personal information we hold about you.
  • Rectify inaccurate or incomplete information.
  • Erase your personal information (“right to be forgotten”).
  • Restrict or object to processing, including opting out of marketing at any time via the unsubscribe link in our emails or by contacting us.
  • Data portability, receiving your information in a structured, commonly used format.
  • Non-discrimination for exercising any of these rights.

To exercise any of these rights, contact privacy@ecomtriage.com. We respond to verified requests within the timeframes required by applicable law (30 days under GDPR, 45 days under CCPA). We also assist our clients in fulfilling data subject requests that relate to data we process on their behalf.

7. Cookies and Tracking

Our website uses cookies to remember preferences, enable site functionality, and provide analytics that help us improve our services. You can manage or disable cookies through your browser settings; some site features may not function without them.

8. International Data Transfers

We are based in the United States. If you access our services from outside the US, your information may be transferred to and processed in the US. Where required by law, we rely on appropriate safeguards for international transfers, such as standard contractual clauses.

9. Security Incident Notification

If we become aware of a security incident affecting your data, we will notify affected clients without undue delay and in accordance with applicable law. For incidents involving data accessed through Amazon systems, we notify Amazon within 24 hours of detection, consistent with Amazon’s Data Protection Policy.

10. Children’s Privacy

Our services are directed at businesses and are not intended for children under 13 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal information from children.

11. Updates to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The current version, with its effective date, will always be available at this page. Material changes will be communicated to active clients.

12. Contact Us

Email: privacy@ecomtriage.com

General inquiries: hello@ecomtriage.com

Your trust is vital to us, and we are committed to safeguarding your privacy.