Privacy Policy

// last reviewed: 2026-05-21

This document describes how Ascend Partners Group LLC ("Ascend Retail", "we") handles information when sellers, operators, and end users interact with our platform and this website. It is written to satisfy the publication requirements of Amazon's Acceptable Use Policy and Data Protection Policy and the corresponding rules under GDPR and CCPA.

Using the service constitutes acceptance of the terms below. We do not solicit information beyond what's necessary to run the platform, and we do not sell or rent any of it.

Collection

What you provide directly

When you onboard or operate an account, we receive:

  • Operator profile — full name, work email, company legal name, contact phone (optional).
  • Authentication material — passwords (hashed) and SP-API refresh tokens, both stored inside AWS Secrets Manager and never exposed to the application runtime in plaintext.
  • Marketplace payload — listing, order, pricing, financial, and shipping records pulled from the Amazon Selling Partner API under your authorization.
  • Support correspondence — anything you send to contact@ascendpartnergroup.com or privacy@ascendpartnergroup.com.

What we collect by default

  • Request metadata — IP address, user agent, request ID, response status. Used for rate limiting and incident triage.
  • Product telemetry — which modules are opened, which workflows are triggered, when. Used to size capacity and prioritize roadmap.
  • Cookies and session tokens — short-lived JWTs in HttpOnly cookies. We do not run third-party advertising trackers on our marketing or product surfaces.

What partners send us

We receive structured payloads from Amazon and from any other marketplace or fulfillment partner you authorize through the platform. We do not enrich or join this data with third-party identity graphs.

Use

Service delivery

The dominant use of every byte we hold is operating the platform you pay for: serving the modules listed on the home page, displaying the dashboards, executing the automation rules you author, and answering support tickets.

Sharing — only when required to fulfill

Buyer shipping data leaves our environment only via secure API or EDI connections to the warehouse and 3PL partners you have explicitly enabled, and only for the orders you have asked us to fulfill. The receiving partner is bound by a confidentiality clause in our standard agreement.

Sharing — operational vendors

A short list of subprocessors keeps the platform running: AWS (hosting and managed services), a payment processor for invoicing, a transactional email provider for system messages, and an error-tracking service for stack traces. Each is bound by a data processing agreement and is regularly reviewed against this policy.

Things we never do

  • Sell, rent, or license any data we hold under any commercial arrangement.
  • Use Amazon-sourced data to inform any product surface other than the seller who owns it.
  • Display advertising to end users based on data we hold.
  • Train external machine-learning models on identifiable seller or buyer records.

Legal disclosure

We disclose data only in response to a binding legal order from a court of competent jurisdiction, or when necessary to protect the rights, property, or safety of Ascend Retail, our customers, or the public. We notify affected customers ahead of disclosure unless legally prohibited.

Business transfers

If Ascend Retail is acquired or merged, customer data may transfer to the acquiring entity under the terms of this policy. Material changes will be communicated in advance.

Security

Encryption

  • At rest — AES-256 encryption on every persistent store. Our primary warehouse is AWS Redshift with cluster-level encryption enabled.
  • In transit — TLS 1.2 or newer on every external request, including all SP-API calls.
  • Key management — AWS KMS, with key rotation enabled and audit logging through CloudTrail.

Access

  • Every employee has a unique IAM principal. Shared credentials are prohibited.
  • Marketplace data is reachable by fewer than 7 authorized personnel, scoped by job function.
  • All production access is logged via CloudTrail and reviewed on a quarterly cadence.
  • Access is revoked the same business day a role changes.
  • All personnel complete annual data-protection and Amazon-policy training.

Monitoring

Continuous monitoring runs across CloudTrail, GuardDuty, and AWS Security Hub. Suspicious events flow into an internal incident channel and trigger a documented response runbook.

Incident response

We maintain an incident response plan covering detection, containment, eradication, and recovery. In the event of a confirmed data breach, we notify affected marketplace partners and customers within 24 hours, as required by Amazon's policies and applicable law.

Honest caveat. No system is unbreakable. If you believe your account or data has been accessed without authorization, email privacy@ascendpartnergroup.com immediately so we can isolate the issue.

Your rights

Retention

  • Operator-account data — held for the lifetime of the account. Deleted on request or 90 days after termination, whichever is sooner.
  • Buyer PII (shipping addresses, contact details) — deleted within 30 days of order fulfillment. We do not maintain long-term backups of buyer PII.
  • Aggregated, non-identifying analytics — may be retained indefinitely for capacity planning.
  • Records subject to legal hold — retained as required by applicable accounting or regulatory law.

Requests you can make

  • Access — receive a copy of personal data we hold about you.
  • Correction — fix anything inaccurate.
  • Deletion — remove your personal data outside of legal-hold scope.
  • Portability — export your data in machine-readable form.
  • Opt-out — unsubscribe from any non-transactional communication.
  • Revocation — disconnect any marketplace integration at any time. Tokens are invalidated on our side immediately.

Requests go to privacy@ascendpartnergroup.com and are answered within 30 days.

Jurisdictional scope

The platform runs in AWS regions in the United States and Canada. If you connect to the platform from outside those regions, you understand that your data is transferred into them. We rely on Standard Contractual Clauses or equivalent safeguards for transfers originating in jurisdictions that require them.

Minors

The platform is sold to and operated by businesses. It is not designed for individuals under 18 and we do not knowingly collect personal data from minors.

Third-party links

This website and our product surfaces link to external documentation (Amazon, AWS, payment partners). We do not control those properties; their privacy practices are governed by their own policies.

Policy updates

We may amend this document in response to product, legal, or partner-policy changes. The "last reviewed" date at the top reflects the most recent revision. Material changes are announced via in-product banner and to operator email addresses on file.

Compliance posture

This policy is designed to align with GDPR, CCPA, and Amazon's Acceptable Use Policy and Data Protection Policy. Internal reviews are conducted at least once per quarter and any time those external policies are revised.

Contact

Ascend Partners Group LLC
Privacy and compliance: privacy@ascendpartnergroup.com
General: contact@ascendpartnergroup.com
Please don't include passwords, API keys, or payment details in unencrypted email.