Privacy Policy

This policy explains how BIGDEALSUPPLY LLC (“we”, “us”) handles data on the administrative Portal at bigdealsupplyadmin.online and, where relevant, on bigdealsupply.com. The Portal is a private system for authorized personnel.

Contents

Scope & Roles
Data We Process
Purposes & Legal Bases
Sharing & Subprocessors
Retention & Deletion
Security Measures
Your Rights
Cookies & Tracking
International Transfers
Children’s Privacy
Changes to This Policy
Contact

1) Scope & Roles

For the Portal, we act as a controller of administrator account data. When we process Amazon order data via SP-API solely to fulfill orders, we act in accordance with Amazon’s requirements and our contractual obligations.

2) Data We Process

Admin account data: email, username, password hash, optional TOTP secret.
Operational logs: timestamps, login attempts, IP metadata, error diagnostics.
Amazon data (if applicable): order-related information retrieved for fulfillment workflows. We avoid collecting public end-customer PII in the Portal unless strictly necessary for such workflows.

3) Purposes & Legal Bases

Provide secure access to internal tools (legitimate interests/contract).
Security monitoring, fraud prevention, incident response (legitimate interests/legal obligations).
Amazon order fulfillment where applicable (contract/legitimate interests).

We do not sell data. We may share with vetted providers strictly for hosting, security (e.g., CDN/WAF), and email delivery. These providers are bound to protect data via contract and technical controls. We disclose data to authorities where required by law.

5) Retention & Deletion

Admin account data is retained while the account is active; access records follow security retention schedules.
Security logs are retained for at least 90 days unless a longer period is necessary for investigations.
Where Amazon PII is processed for fulfillment, retain only as long as necessary and not beyond 30 days after fulfillment unless legally required. Data is disposed of securely.

6) Security Measures

We employ TLS encryption, least-privilege access, optional/required MFA, rate limiting, logging/monitoring, and server-side protections. Direct access to /hornet/*.html is blocked; content is served only through an authenticated guard. See our Security & Data Protection statement for details.

7) Your Rights

Administrators may request access, correction, or deletion of their account data, subject to legal and contractual requirements. Contact details appear below.

8) Cookies & Tracking

Session cookies: essential for authentication (e.g., session ID, auth flag) with Secure, HttpOnly, and SameSite attributes.
No advertising cookies or third-party analytics are used on the Portal.

9) International Transfers

Where data is transferred across borders, we rely on appropriate safeguards (contractual and technical) consistent with applicable laws.

10) Children’s Privacy

The Portal is for authorized personnel and not intended for children.

11) Changes to This Policy

We may update this policy; material changes will be communicated to administrators.

12) Contact

Privacy: bigdealsupplyllc@gmail.com
Security: kozcuhadar@bigdealsupply.com
Phone: +1-917-477-3655

Last updated: 2025-08-21

This policy is designed to align with Amazon’s Data Protection Policy requirements where applicable. It does not replace or supersede Amazon’s terms.