Privacy and Data Handling Policy
Last Updated: April 15, 2026
Organization: SlingCenter.com
Contact: sales@slingcenter.com
1. Overview
SlingCenter.com ("SlingCenter," "we," "our") is an Amazon seller and distributor of safety-rated lifting slings, rigging equipment, and related industrial products manufactured by Liftex Corporation. This policy describes how we collect, process, store, use, share, and dispose of data received through the Amazon Selling Partner API ("SP-API") and other Amazon services, in compliance with the Amazon Data Protection Policy.
2. Data Collection
We collect the following categories of Amazon data exclusively through authorized channels:
- Order Information: Order IDs, order dates, item details (SKU, quantity, price), and order status — retrieved via Amazon SP-API and Amazon Channel/CED Commerce integration.
- Buyer Shipping Information (PII): Customer name, shipping address, city, state, ZIP code, and phone number — retrieved via SP-API solely to fulfill and ship orders.
- Financial Data: Settlement reports, fee information, and transaction details — used for accounting and reconciliation purposes.
- Inventory Data: FBA inventory levels and product catalog information.
No Amazon data is collected from any third-party or non-Amazon source. We do not collect buyer email addresses or payment information.
3. Data Processing
Amazon data is processed solely for the following business purposes:
- Order Fulfillment: Generating Purchase Orders for our manufacturer (Liftex Corporation) to ship products directly to Amazon customers.
- Shipping: Creating shipping labels and packing slips via Veeqo (an Amazon-owned shipping platform) for carrier label generation and shipment confirmation.
- Financial Reconciliation: Matching Amazon settlement payments to orders for accounting accuracy.
- Inventory Management: Monitoring FBA stock levels and planning replenishment shipments.
- Product Safety Compliance: Maintaining traceability records as required by federal product safety law (see Section 6).
Amazon data is never used for marketing, advertising, customer profiling, resale, or any purpose unrelated to order fulfillment and legal compliance.
4. Data Storage
All Amazon data is stored securely in our cloud-hosted database infrastructure:
- Database: Supabase (PostgreSQL hosted on Amazon Web Services).
- Encryption at Rest: All data is encrypted using AES-256 via AWS Key Management Service (KMS).
- Encryption in Transit: All data transmission uses TLS 1.2 or higher. No unencrypted connections are permitted.
- Access Control: Row-Level Security (RLS) is enforced on all database tables. Access requires authenticated API keys. Network Restrictions limit database connections to authorized IP ranges.
- No Local Storage: No Amazon data is stored on local machines, personal devices, removable media (USB drives), or unencrypted storage of any kind.
5. Data Sharing
Amazon data is shared only with the following parties, solely for order fulfillment:
- Liftex Corporation (manufacturer and fulfillment partner) — Customer ship-to name and address are included on Purchase Orders transmitted via encrypted email (TLS) so Liftex can ship products directly to customers.
- Veeqo (Amazon-owned shipping platform) — Order data is passed via authenticated API (HTTPS) to create shipping labels and confirm shipments back to Amazon.
We do not sell, license, rent, or otherwise transfer Amazon customer data to any marketing, analytics, advertising, data broker, or other third-party service. No Amazon data is shared with any party not directly involved in fulfilling the customer's order.
6. Data Retention and Disposal
Standard Retention (Non-PII)
Non-personally identifiable order data (order IDs, SKUs, quantities, financial summaries) is retained for up to 18 months for business operations and accounting, then deleted.
PII Retention — Fulfillment
Personally Identifiable Information (buyer name, shipping address, phone number) used solely for order fulfillment is deleted within 30 days of order delivery from all production systems.
PII Retention — Legal Compliance (Extended)
SlingCenter distributes safety-critical lifting slings and rigging equipment. As a distributor of these products, we are legally required to retain certain customer purchase records beyond 30 days under the following laws and standards:
- Consumer Product Safety Act (15 U.S.C. §2051 et seq.): Distributors must report product defects to the CPSC and participate in product recalls by identifying and notifying affected purchasers. CPSC regulations (16 CFR §1107.26) require retention of product safety-related records for a minimum of 5 years.
- OSHA 29 CFR 1926.251: Federal workplace safety regulations mandate traceability records for rigging equipment including slings throughout the supply chain.
- ASME B30.9-2021 (Slings Standard): The governing industry safety standard requires traceability from manufacturer through distributor to end user via unique product identification.
- State Product Liability Statutes: Statutes of limitations (including Delaware's discovery rule under Del. Code Title 10 §8106) require maintaining transaction records to respond to product liability claims that may arise years after the original sale.
PII retained for legal compliance purposes is moved to encrypted cold storage (AES-256, access-restricted) and is accessible only for recall/safety investigations or legal proceedings. This data is not used for any other purpose.
Disposal
When data reaches the end of its retention period, it is permanently deleted from all production systems, backups, and archives. Data anonymization is not used as a substitute for deletion. Disposal is verified to ensure completeness.
7. Security Controls
- Network Protection: Database access is restricted via Supabase Network Restrictions (IP allowlisting). Row-Level Security enforces access control at the database level. Application architecture separates frontend, API, and database layers.
- Authentication: All users are individually authenticated via Supabase Auth with unique credentials. Multi-Factor Authentication (MFA) is required on all accounts handling Amazon data.
- Password Policy: Minimum 12 characters with uppercase, lowercase, numbers, and special characters. No reuse of previous 10 passwords. Maximum 365-day expiration with mandatory rotation.
- Logging and Monitoring: Security logs are retained for a minimum of 12 months. Logs do not contain PII. Logs are reviewed bi-weekly for suspicious activity.
- Endpoint Protection: Developer workstations run current antivirus software with real-time protection and automatic updates. No Amazon data is stored on endpoints.
- Credential Management: All API keys and secrets are stored in encrypted vaults (Supabase Secrets). No credentials in source code or public repositories.
8. Incident Response
In the event of a suspected security incident involving Amazon data:
- Detection via Supabase/application alerts or log review.
- Immediate isolation of affected systems and revocation of compromised credentials.
- Assessment of scope using combined application and database audit logs.
- Notification to Amazon at security@amazon.com within 24 hours of confirmed incident.
- Notification to affected parties per applicable law.
- Root cause analysis, remediation, and post-incident review within 7 days.
9. Your Rights
If you are an Amazon customer whose data we have processed, you may contact us at sales@slingcenter.com to request information about what data we hold, request correction of inaccurate data, or request deletion of your data (subject to legal retention requirements described in Section 6).
10. Changes to This Policy
We may update this policy to reflect changes in our practices or legal requirements. The "Last Updated" date at the top of this page indicates when the most recent revision was made.
11. Contact
For questions about this policy or our data handling practices:
SlingCenter.com — Data Protection Contact
Email: sales@slingcenter.com
Website: www.slingcenter.com