How We Use Amazon Data

When a brand-owner client authorizes Revstep through Amazon's Selling Partner API consent screen, Revstep gains scoped access to the client's own Seller Central data under five Standard SP-API roles: Product Listing, Pricing (read-only), Selling Partner Insights, Inventory and Order Tracking (non-PII), and Brand Analytics (the client's own aggregate search and marketplace reports).

Revstep uses this access exclusively to deliver the contracted workflows for that client: listing audit and optimization, AM-reviewed listing updates submitted with client approval, keyword and search-term research, performance reporting, and stock-out flagging. Each client's data is siloed to their own account. We do not aggregate data across clients, benchmark one seller against another, or sell or share insights derived from one client's data with any other party.

Revstep does not retrieve or use buyer personally identifiable information. Buyer names, addresses, phone numbers, and shipment-level buyer data are explicitly out of scope. Revstep does not request Restricted SP-API roles.

Amazon data accessed through SP-API is stored encrypted in Revstep's managed Postgres database and is shared only with the authorizing client. AI subprocessors used to draft optimization recommendations receive listing content and aggregate performance summaries only; they never receive buyer PII, authentication tokens, or SP-API credentials. Revstep does not opt AI subprocessors into model training where account or contract controls allow data-use restriction.

Every SP-API read and write is logged to Revstep's internal audit log with the authorizing client identifier, the actor (AM user), and the resource accessed. Audit logs are retained for at least 12 months.