Privacy Policy

1. Introduction

Caleffi Price Manager ("we," "our," or "us"), operated by Caleffi SPA, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our multi-tenant SaaS platform for Amazon price management.

2. Information We Collect

2.1 Amazon Seller Data

When you connect your Amazon Seller account, we collect:

• Amazon Seller Central OAuth refresh tokens (encrypted)
• Seller ID and marketplace information
• Product listings (SKU, ASIN, EAN, pricing data)
• Inventory information
• Order and sales data (if enabled)

2.2 Account Information

• Business name and contact information
• Email address
• Billing information (processed securely via third-party payment providers)

2.3 Usage Data

• Log files and access times
• IP addresses
• Browser type and version
• Platform usage statistics

3. How We Use Your Information

We use your information to:

• Provide automated price synchronization services
• Match products using EAN/ASIN codes
• Update pricing on Amazon Seller Central
• Generate analytics and reports
• Provide customer support
• Improve our platform and services
• Comply with legal obligations
• Process billing and payments

4. Data Security

We implement industry-standard security measures:

• Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• OAuth 2.0: Secure authentication with Amazon SP-API (credentials never stored)
• Access Control: Role-based access control (RBAC) and principle of least privilege
• Infrastructure: Hosted on Microsoft Azure with SOC 2 Type II compliance
• Monitoring: 24/7 security monitoring and intrusion detection
• Backups: Automated daily backups with 30-day retention

5. Data Sharing and Disclosure

We do NOT sell your data. We may share information with:

• Amazon: Via Amazon SP-API for price updates (as authorized by you)
• Service Providers: Cloud hosting (Azure), email services, payment processors
• Legal Requirements: When required by law or to protect our rights

All third-party providers are contractually bound to protect your data.

6. Data Retention

We retain your data for as long as your account is active. After account deletion, we retain:

• Transactional data: 7 years (legal requirement)
• Audit logs: 1 year
• Anonymous analytics: Indefinitely

You can request immediate data deletion by contacting support.

7. Your Rights (GDPR)

Under GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate data
• Erasure: Request deletion of your data ("right to be forgotten")
• Portability: Receive your data in machine-readable format
• Restriction: Limit processing of your data
• Objection: Object to certain data processing activities
• Withdraw Consent: Revoke OAuth authorization at any time

To exercise these rights, email: customer.care@caleffionline.it

8. Cookies and Tracking

We use essential cookies only:

• Authentication: HTTP-only cookies for secure login
• Session Management: Temporary session tokens

We do NOT use advertising or third-party tracking cookies.

9. International Data Transfers

Your data is primarily stored in EU data centers (Azure West Europe). If data is transferred outside the EU, we use:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by the European Commission
• Additional safeguards as required by GDPR

10. Children's Privacy

Our service is intended for businesses only. We do not knowingly collect data from individuals under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. Continued use of the platform after changes constitutes acceptance.

12. Contact Us

For privacy-related questions or to exercise your rights: