Privacy Policy

Last updated: May 2026

Who we are

NotERP Seller Profit & Ads Control is operated by Hong Kong Ruilongtai Co., Limited. The service helps Amazon seller teams analyze operating data, review evidence, and manage governed actions.

Data we collect

We collect account, contact, billing, support, usage, and product-configuration information provided by customers. When a seller authorizes integrations, we process authorized business data required for enabled workflows, such as advertising performance, listing, inventory, pricing, financial, and operational metadata.

Brand Analytics data (SP-API)

When a Brand Registry seller authorizes the Brand Analytics role through SP-API OAuth, we ingest the seller’s own Brand Analytics and related search/traffic reports (Search Query Performance, Search Catalog Performance, Repeat Purchase Behavior, Market Basket, Amazon Search Terms, and the Sales & Traffic Business Report). These reports are aggregated at source by Amazon — no individual buyer identifiers are present. NotERP does not request the SP-API demographics, item-comparison, or alternate-purchase report types in the current release.

Brand Analytics data is:

• used only to produce operating views and recommendations for the authorized seller’s own account;
• stored only inside the authorized seller’s tenant boundary;
• never shared, merged, or aggregated across sellers;
• never resold, syndicated, or used to enrich a separate dataset;
• handled in line with sections 4.4 and 4.5 of the Amazon SP-API Acceptable Use Policy.

No buyer PII workflow

NotERP’s workflows — advertising governance, profit truth, inventory guardrails, Brand Analytics intelligence, finance reconciliation, listing review, and compliance review — do not read buyer names, buyer email addresses, delivery addresses, phone numbers, or any buyer-identifying data. Buyer PII never enters the AI decision plane, the analytics plane, or any personalisation, profiling, or marketing workflow.

In this release NotERP does not request the Amazon SP-API restricted shipping roles and does not purchase seller-fulfilled shipping labels. Buyer-seller messages, when enabled, are handled only inside Amazon’s managed messaging channel and are never read, stored, or rendered outside that channel. Any future workflow that would read buyer PII requires explicit seller authorization, a publicly documented business purpose, documented retention and access controls, and a corresponding update to this Privacy Policy before being enabled.

How we use data

We use data to provide the service, authenticate users, operate integrations, generate evidence packets, produce recommendations, support governed actions, maintain security, troubleshoot issues, and improve product reliability.

Sources of Amazon Information (SP-API Acceptable Use Policy 4.3)

All Amazon Information used by NotERP is retrieved directly from Amazon — the Selling Partner API (SP-API) and the Amazon Ads API — under the authorizing seller’s own OAuth authorization. NotERP does not retrieve, purchase, license, scrape, import, or otherwise obtain Amazon Information from any source external to Amazon. There are no non-Amazon data sources for Amazon Information. Amazon Information is never enriched, blended, or cross-referenced with any third-party dataset.

Sharing of Amazon Information (SP-API Acceptable Use Policy 4.6)

NotERP does not sell, rent, syndicate, license, or otherwise share Amazon Information with any third party for that third party’s own use, and does not share Amazon Information between sellers. The only external parties that ever process Amazon Information are the infrastructure subprocessors strictly necessary to operate the service:

• Cloud hosting / compute — runs the application that the authorizing seller uses;
• Managed database / storage — stores the authorizing seller’s own data inside their tenant boundary;
• Error monitoring / logging — operational reliability and incident response.

Each subprocessor is contractually bound by a data processing agreement to process data only on NotERP’s instructions, solely to provide infrastructure to NotERP, and is prohibited from using Amazon Information for any purpose of its own. Subscription billing is handled by a payment processor that processes the customer’s billing details only; the payment processor does not receive any Amazon Information.

Other sharing

We do not sell customer data. Beyond the infrastructure subprocessors described above, we disclose data only when required by law or to protect the rights, safety, and security of NotERP, our customers, or the public.

Retention and deletion

We retain seller-authorized business data (advertising, listings, inventory, finance, Brand Analytics) for as long as needed to provide the service, meet legal obligations, resolve disputes, enforce agreements, and maintain audit trails. When a seller off-boards, their authorized business data is deleted within 30 days, subject to legal-hold and audit obligations. Customers may request deletion of their account data or Brand Analytics data by contacting privacy@noterp.ai, subject to legal and operational retention requirements.

Security

We use administrative, technical, and organizational safeguards designed to protect customer data, including least-privilege access, encryption in transit, audit logging, credential protection, and incident response practices. See the security page for more.

Contact

Privacy requests can be sent to privacy@noterp.ai.