Menu
Cart 0

Amazon Data Protection and Handling Policy

Network Protection

Bixme developers enforce AES-256 encryption and a network firewall to prevent unauthorized IP addresses from accessing the system. All public access is denied.
Each Bixme developer is assigned a unique ID, keys, or authentication methods to control and monitor access to Amazon Information. Developers cannot create or use generic, shared, or default login credentials. All access/authorization is controlled by the Bixme CEO.

Bixme developers implement mechanisms to ensure that only required user accounts have access to Amazon Information at all times. The Bixme CEO reviews the list of authorized people and services with access to Amazon Information monthly and removes accounts that no longer require access.

Bixme developers are prohibited from storing Amazon data on personal devices.
Account lockout mechanisms are enforced by detecting anomalous usage patterns or login attempts, and accounts with access to Amazon Information are disabled when necessary.

Bixme developers enforce HTTPS encryption for all Amazon Information in transit, within the network and between hosts. This security control applies to all external endpoints used in internal communication channels, including data propagation among storage nodes, connections to external dependencies, and operational tools.

Communication channels that do not provide encryption in transit, even if unused, are disabled. This includes removing dead code, configuring dependencies with encrypted channels, and restricting access credentials to only encrypted channels. Bixme developers use AWS Encryption SDK where channel encryption, such as TLS, terminates in untrusted multi-tenant hardware, such as untrusted proxies.

Data Retention and Recovery

Bixme developers retain Personally Identifiable Information (PII) only for the duration necessary to fulfill orders, but no longer than 30 days after order shipment, or for tax purposes. If required by law to retain archival copies for regulatory purposes, this archived Amazon Information is stored offline ("cold") and is not available for immediate access. All backups are stored in secure facilities, and archived data is encrypted. In the event of data loss, Bixme can recover all lost PII.

Data Governance

Bixme developers create, document, and follow the Bixme privacy and data handling policy, which governs the appropriate conduct and technical controls for managing and protecting information assets.
Bixme developers maintain an inventory of software and physical assets, including computers and mobile devices with access to PII, and regularly update it. A record of data processing activities (e.g., how data is collected, processed, stored, used, shared, and disposed) is maintained to ensure accountability and compliance with regulations.

Bixme developers comply with the Bixme privacy policy regarding customer consent and data rights, including access, rectification, deletion, and halting the processing of information, in line with applicable data privacy regulations.

Encryption and Storage

Bixme developers encrypt all PII at rest, using AES-256 encryption as per industry standards. Cryptographic materials, including encryption/decryption keys and cryptographic capabilities, are only accessible to authorized Bixme processes and services.

Bixme developers do not store PII on removable media (e.g., USB drives), unsecured public cloud platforms, or via publicly accessible links (e.g., Google Drive). Printed documents containing PII are securely disposed of.

Least Privilege Principle

Bixme developers implement fine-grained access control to grant rights only to the minimum set of data and configuration needed. Access to PII and configuration APIs is based on the principle of least privilege, and permissions are granted only on a "need-to-know" basis.

Logging and Monitoring

Bixme developers gather logs to detect security events, including access attempts, intrusions, or configuration changes. Logging mechanisms are applied to service APIs, storage-layer APIs, and administrative dashboards with access to Amazon Information.

All logs are protected from unauthorized access and tampering and are retained for at least 90 days. Logs do not contain PII.
Bixme developers continuously monitor logs and system activities for suspicious actions (e.g., multiple unauthorized requests, unexpected request rates, or data retrieval volumes). Investigations are triggered when alarms are raised, and each event is documented in the Developer's Incident Response Plan.

Audit

Bixme developers maintain all relevant records to verify compliance with the Acceptable Use Policy, Data Protection Policy, and Amazon Marketplace Developer Agreement. These records are kept for the duration of the agreement and for 12 months afterward.
Upon written request from Amazon, Bixme developers will certify in writing their compliance with these policies. Bixme will cooperate with Amazon or Amazon's auditor, and audits may occur at Bixme's or subcontractor's facilities. If any deficiencies are found, Bixme will take corrective action at its own cost within an agreed-upon timeframe.