Internal Data Handling & Protection Policy

Hygient Corporation

Version: 1.1

Effective Date: January 1, 2025

Policy Owner: Nailesh Sangani, IMPOC

1. Introduction

This policy establishes the requirements for the receipt, storage, usage, transfer, and disposal of Amazon Information (including PII) within Hygient Corporation systems, ensuring compliance with the Amazon Data Protection Policy (DPP) and Acceptable Use Policy (AUP) .

2. Data Collection

  • We only retrieve Personally Identifiable Information (PII) that is strictly necessary for legal and tax compliance (e.g., VAT invoicing in the UK/EU and US sales tax calculation) or for Merchant Fulfilled Network (MFN) order fulfillment .+1
  • Data is collected solely via authorized Selling Partner API (SP-API) calls over TLS 1.2+ encrypted channels .+1

3. Data Processing

  • Processing is restricted to automated accounting entry creation within our ERPNext instance and the generation of legally mandated tax documents .+1
  • Data is processed in a dedicated, hardened Linux container environment that is logically separated from our public-facing ecommerce platforms .+1

4. Data Storage

  • At Rest: All Amazon Information is stored on a self-hosted VPS using a native OpenZFS storage pool encrypted with AES-256-GCM .+1
  • Backups: Encrypted backups (AES-256) are stored in a geographically separated AWS Region using an air-gapped vault with ‘Vault Lock’ to prevent unauthorized deletion .+1

5. Data Usage & Sharing

  • Usage: Information is used strictly for internal business operations and legal compliance. We do not use PII for marketing, customer profiling, or repeat-order analysis.+1
  • Sharing: We enforce a Zero-Sharing Policy. Amazon Information is not shared with any third-party services, vendors, or outside partners .+1

6. Data Disposal

  • PII Purging: All Personally Identifiable Information is automatically purged from our production databases within 30 days of order delivery .+1
  • Non-PII Records: Non-PII transaction data is retained only for as long as required by global tax laws.
  • Sanitization: Final disposal of any hardware or storage volumes containing Amazon Information is conducted in accordance with NIST 800-88 standards.

7. Accountability & Access Control

  • Access is restricted via a formal registration process using unique User IDs .
  • Credentials must meet a 12-character minimum, include special characters, and cannot contain the user’s name .+2
  • Quarterly access reviews are conducted by the IMPOC to ensure the principle of least privilege .+1

Shopping Cart
Scroll to Top