Privacy & Legal

Your privacy and data security are our top priorities.

Download Privacy Policy PDF Download Data Handling Statement

Privacy Policy

Last Updated: November 2025

1. Introduction

DeviceDesk ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our marketplace order and shipping management platform (the "Service").

2. Information We Collect

2.1 Information You Provide

  • Account information (name, email address, company name)
  • Payment and billing information
  • Marketplace API credentials and OAuth tokens
  • Support communications and feedback

2.2 Information from Marketplaces

When you connect marketplaces to DeviceDesk, we collect and process:

  • Order data (order IDs, customer information, product details, shipping addresses)
  • Inventory data (product listings, stock levels, SKUs)
  • Shipping and tracking information
  • Fulfillment status and updates

2.3 Automatically Collected Information

  • Usage data and analytics
  • Log files and system events
  • Device information and IP addresses
  • Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process orders and manage inventory across marketplaces
  • Generate shipping labels and update tracking information
  • Send notifications to marketplaces regarding order fulfillment
  • Authenticate and authorize marketplace connections
  • Respond to your inquiries and provide customer support
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

4. Amazon SP-API Data Handling

DeviceDesk is a Public Solution Provider for Amazon's Selling Partner API (SP-API). We handle Amazon data in accordance with Amazon's requirements:

  • Use Cases: Amazon data is used exclusively for order processing, inventory synchronization, FBA workflow management, shipping label generation, and tracking updates.
  • Data Sharing: We do not share Amazon data with third parties except as necessary to provide the Service (e.g., shipping carriers for label generation).
  • Data Retention: Amazon data is retained according to our retention policy and Amazon's requirements. See our Data Handling Statement for details.
  • Security: All Amazon data is encrypted at rest (AES-256) and in transit (TLS 1.2+). We maintain comprehensive security controls as detailed in our Security page.
  • Access Controls: Only authorized personnel with a legitimate business need can access Amazon data. All access is logged and audited.
  • No Marketing Use: Amazon data is never used for marketing purposes or shared for marketing purposes with third parties.

5. Personal Information (PII) Processing

We process personal information (PII) including customer names, addresses, and contact information that is included in marketplace orders. This information is:

  • Used solely for order fulfillment and shipping label generation
  • Stored securely with encryption at rest and in transit
  • Retained only as long as necessary for business and legal purposes
  • Not used for marketing or shared with third parties except as necessary for fulfillment
  • Subject to deletion upon request, subject to legal retention requirements

6. Information Sharing and Disclosure

We do not sell your information. We may share information in the following circumstances:

  • Service Providers: With third-party service providers who perform services on our behalf (e.g., hosting, payment processing, shipping carriers)
  • Marketplaces: With connected marketplaces as necessary to provide the Service (e.g., sending tracking updates)
  • Legal Requirements: When required by law, court order, or government regulation
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have provided explicit consent

7. Data Security

We implement industry-standard security measures to protect your information:

  • AES-256 encryption for data at rest
  • TLS 1.2+ encryption for data in transit
  • Secure secrets management for API credentials
  • Multi-tenant architecture with complete data isolation
  • Regular security assessments and vulnerability management
  • Comprehensive logging and monitoring
  • Incident response procedures

8. Data Retention and Deletion

We retain your information for as long as necessary to provide the Service and comply with legal obligations. Specific retention periods are outlined in our Data Handling Statement. You may request deletion of your data, subject to legal and contractual requirements.

9. Your Rights

Depending on your location, you may have the following rights:

  • Access: Request access to your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your information
  • Portability: Request a copy of your data in a portable format
  • Opt-Out: Opt out of certain data processing activities
  • Complaint: File a complaint with a data protection authority

To exercise these rights, contact us at support@devicedesk.store.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and assist with marketing efforts. You can control cookies through your browser settings.

11. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last Updated" date.

14. Contact Us

If you have questions about this Privacy Policy, please contact us at:

DeviceDesk
Email: support@devicedesk.store
Website: devicedesk.store

Terms of Service

Last Updated: November 2025

1. Acceptance of Terms

By accessing or using DeviceDesk, you agree to be bound by these Terms of Service. If you disagree with any part of these terms, you may not access the Service.

2. Description of Service

DeviceDesk provides a multi-channel order and shipping management platform that allows marketplace sellers to import orders, sync inventory, generate shipping labels, and manage fulfillment across multiple sales channels.

3. Account Registration

You must provide accurate, current, and complete information during registration. You are responsible for maintaining the security of your account credentials and for all activities that occur under your account.

4. Marketplace Connections

You are responsible for:

  • Maintaining valid marketplace API credentials and authorizations
  • Complying with all marketplace terms of service and API requirements
  • Ensuring you have the right to connect marketplaces to DeviceDesk
  • Any fees or charges imposed by marketplaces

5. Acceptable Use

You agree not to:

  • Use the Service for any illegal or unauthorized purpose
  • Violate any laws or regulations
  • Interfere with or disrupt the Service
  • Attempt to gain unauthorized access to the Service
  • Use the Service to transmit malicious code or harmful content

6. Fees and Payment

Subscription fees are billed in advance on a monthly or annual basis. Fees are non-refundable except as required by law. We reserve the right to change pricing with 30 days' notice.

7. Data and Content

You retain ownership of your data. By using the Service, you grant us a license to use, store, and process your data as necessary to provide the Service. We maintain strict data isolation between clients.

8. Intellectual Property

The Service, including all content, features, and functionality, is owned by DeviceDesk and protected by copyright, trademark, and other intellectual property laws.

9. Service Availability

We strive to maintain 99.9% uptime but do not guarantee uninterrupted access. We may perform maintenance that temporarily interrupts service.

10. Limitation of Liability

To the maximum extent permitted by law, DeviceDesk shall not be liable for any indirect, incidental, special, or consequential damages arising from your use of the Service.

11. Indemnification

You agree to indemnify and hold DeviceDesk harmless from any claims, damages, or expenses arising from your use of the Service or violation of these terms.

12. Termination

We may terminate or suspend your account immediately for breach of these terms. You may cancel your account at any time. Upon termination, your access to the Service will cease.

13. Changes to Terms

We reserve the right to modify these terms at any time. Material changes will be notified via email or through the Service.

14. Governing Law

These terms shall be governed by and construed in accordance with applicable laws, without regard to conflict of law provisions.

15. Contact Information

For questions about these Terms of Service, contact us at support@devicedesk.store.

Data Handling Statement

This statement provides detailed information about how DeviceDesk handles different types of data, including retention periods and deletion policies.

Data Type Purpose Retention Period Deletion Policy
Order Data Order processing, fulfillment, and tracking 7 years from order date Automated deletion after retention period. Export available before deletion upon request.
Customer PII Shipping label generation and order fulfillment As required by marketplace agreements (minimum 1 year) Deleted upon request or per marketplace requirements. Subject to legal retention obligations.
Inventory Data Inventory synchronization across marketplaces Active while account is active Deleted within 30 days of account closure. Export available before deletion.
Shipping Labels & Tracking Label generation and tracking updates 5 years from shipment date Automated deletion after retention period. Required records maintained per carrier requirements.
API Credentials & Tokens Marketplace and carrier API authentication Active while connection is active Immediately revoked and deleted upon disconnection or account closure.
Audit Logs Security monitoring and compliance 3 years from log date Automated deletion after retention period. Critical security logs may be retained longer.
Backup Data Data recovery and business continuity 90 days from backup date Automated deletion after retention period. Encrypted backups stored separately.
Account Information Account management and billing Active while account is active, then 7 years Deleted after retention period, subject to legal and accounting requirements.

Data Deletion Requests

You may request deletion of your data at any time by contacting support@devicedesk.store. We will process deletion requests within 30 days, subject to:

  • Legal retention requirements (e.g., tax records, accounting records)
  • Marketplace contractual obligations
  • Active legal proceedings or investigations
  • Legitimate business interests (e.g., fraud prevention)

Data Export

Before deletion, you may request an export of your data in a standard format (CSV, JSON). Export requests are typically processed within 7 business days.