Privacy Policy

Last Updated: March 4, 2026

1. Introduction

Shenzhenshi Linma Maoyi Youxiangongsi ("we," "our," or "us") operates the Linma ERP System (the "Service"), an enterprise resource planning solution designed for Amazon sellers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting the privacy and security of all data processed through our Service. This policy is designed to comply with the Amazon Data Protection Policy (DPP), Amazon Acceptable Use Policy (AUP), and applicable data protection laws and regulations.

2. Information We Collect

We collect information that you provide directly to us and information that is automatically collected when you use our Service.

2.1 Personal Identifiable Information (PII)

PII includes but is not limited to:

  • Full name and contact information (email address, phone number, mailing address)
  • Business identification information (company name, tax identification numbers)
  • Amazon Selling Partner account information
  • Authentication credentials (access tokens, API keys)
  • Financial information related to orders and transactions
  • Customer order data (shipping addresses, purchase history)

2.2 Selling Partner Data

Through our integration with Amazon Selling Partner API (SP-API), we may process:

  • Order management data
  • Inventory information
  • Product listing details
  • Sales analytics and reports
  • Customer shipping information for order fulfillment

3. Data Security and Encryption

We implement industry-leading security measures to protect all data processed through our Service.

Encryption Standards

  • Data at Rest: All stored data is encrypted using AES-256 (Advanced Encryption Standard with 256-bit keys) encryption.
  • Data in Transit: All data transmitted between your systems and our Service is encrypted using TLS 1.2 or higher protocols.

3.1 Security Measures

  • Role-based access control (RBAC) with principle of least privilege
  • Multi-factor authentication (MFA) for all administrative access
  • Regular security audits and vulnerability assessments
  • Secure coding practices and code review processes
  • Encrypted backup systems with geographic redundancy
  • Network security including firewalls and intrusion detection systems

4. Data Sharing and Third-Party Disclosure

No Third-Party Sharing Commitment

We do not share Selling Partner Data with any third parties. Your data is used solely for providing and improving our Service to you. We do not sell, rent, trade, or otherwise transfer your PII or Selling Partner Data to external parties for their marketing or business purposes.

4.1 Permitted Disclosures

We may disclose information only in the following limited circumstances:

  • With Your Consent: When you explicitly authorize us to share specific information.
  • Service Providers: To trusted third-party service providers who assist us in operating our Service (e.g., cloud hosting providers), subject to strict contractual obligations prohibiting further disclosure.
  • Legal Requirements: When required by applicable law, regulation, legal process, or governmental request.
  • Protection of Rights: To protect the rights, property, or safety of our company, our users, or others.

5. Data Retention and Deletion Policy

30-Day Data Retention Policy

We delete all PII data within 30 days of the request or when it is no longer needed for business purposes. This policy applies to all personal data and Selling Partner Data stored in our systems.

5.1 Retention Guidelines

  • We strictly delete all Personally Identifiable Information (PII) within 30 days of receipt.
  • Active user data is retained for the duration of the service relationship
  • Upon account termination or data deletion request, all associated PII is permanently deleted within 30 days
  • Aggregated, anonymized analytics data may be retained for service improvement purposes
  • Data required for legal compliance may be retained as required by applicable law

5.2 Data Deletion Process

Upon receiving a data deletion request, we will:

  • Verify the identity of the requesting party
  • Process the request within 30 days
  • Securely delete all associated PII from production systems
  • Remove data from backup systems within 90 days (backups are rotated)
  • Provide written confirmation of deletion completion

6. Incident Response and Breach Notification

24-Hour Breach Notification Commitment

In case of data breach, we notify Amazon within 24 hours. We are committed to transparent and prompt communication regarding any security incidents affecting Selling Partner Data.

6.1 Incident Response Procedures

In the event of a confirmed or suspected data breach, we will:

  • Immediately initiate our incident response protocol
  • Contain and mitigate the breach to prevent further unauthorized access
  • Notify Amazon within 24 hours of breach confirmation
  • Notify affected users without undue delay
  • Conduct a thorough investigation to determine the scope and cause
  • Implement corrective measures to prevent recurrence
  • Document the incident and provide reports as required

7. Amazon Data Protection Policy Compliance

Our Service is designed and operated in full compliance with the Amazon Data Protection Policy (DPP) and Acceptable Use Policy (AUP). We commit to:

  • Processing Selling Partner Data only for authorized purposes
  • Implementing and maintaining appropriate technical and organizational security measures
  • Not using Selling Partner Data for advertising, marketing, or any unauthorized purpose
  • Not disclosing Selling Partner Data to any third party except as permitted
  • Providing users with access to their data and the ability to request deletion
  • Maintaining audit trails and documentation of data processing activities
  • Cooperating fully with Amazon's compliance audits and assessments

8. Your Rights and Choices

You have the following rights regarding your personal information:

  • Access: Request access to the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete data
  • Deletion: Request deletion of your personal data (subject to 30-day processing)
  • Portability: Request a copy of your data in a portable format
  • Objection: Object to certain processing of your personal data
  • Withdrawal of Consent: Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us using the information provided in Section 12.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to enhance your experience on our Service. These technologies help us:

  • Authenticate users and maintain session security
  • Remember user preferences and settings
  • Analyze Service usage patterns for improvement
  • Detect and prevent fraudulent activity

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect Service functionality.

10. Data Transfers

Your data may be processed and stored on servers located in China and other jurisdictions. We ensure appropriate safeguards are in place for cross-border data transfers, including:

  • Standard contractual clauses where applicable
  • Data localization requirements as mandated by applicable law
  • Encryption of all data during transfer and storage

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

  • Posting the updated policy on this page
  • Updating the "Last Updated" date at the top of this policy
  • Sending email notification for significant changes

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Shenzhenshi Linma Maoyi Youxiangongsi

Shenzhen Longgang District, BanTian Street, Wuhe Community, Guangya Garden District 2 Industrial Zone, Lvcheng Science Park, Building B, 2nd Floor, B203-A

Email: privacy@golinma.cn

Data Protection Officer: dpo@golinma.cn

We will respond to all legitimate requests within 30 days of receipt.

13. Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the People's Republic of China, without regard to its conflict of law provisions. Any disputes arising from this policy shall be resolved in the courts of Shenzhen, Guangdong, China.

← Back to Home