Privacy Policy

Last Updated: 10-04-2026

1. Introduction

Welcome to SirDaksh (“we,” “our,” or “us”).

This Privacy Policy explains how we collect, use, store, protect, share, and delete user data, including data accessed via Amazon Services APIs, in compliance with:

• Amazon Data Protection Policy (DPP)

• Amazon Solution Provider Agreement

• Applicable data protection laws (e.g., GDPR, CCPA, local regulations)

By using our services, you agree to the practices described in this policy.

2. Scope of This Policy

This policy applies to:

• All users of our website/application

• All data collected directly or via Amazon Services API

• All systems that process, store, or transmit such data

3. Data We Collect

We may collect the following categories of data:

3.1 Personal Data (PII)

• Name

• Email address

• Phone number

• Shipping/billing address

• Order details

• IP address and device identifiers

3.2 Amazon Data

• Seller/vendor data accessed via Amazon APIs

• Order and fulfillment information

• Tax and invoice data

3.3 Technical Data

• Browser type and version

• Device information

• Cookies and usage data

4. How We Collect Data

We collect data through:

• Direct user input (forms, registrations)

• Amazon Services APIs

• Cookies and tracking technologies

• System logs and monitoring tools

5. Purpose of Data Use

We use collected data strictly for:

• Providing and improving our services

• Processing orders and transactions

• Tax calculation and invoicing

• Customer support

• Legal and regulatory compliance

• Security monitoring and fraud prevention

We do NOT use Amazon data for unauthorized purposes.

6. Legal Basis for Processing (Where Applicable)

We process data based on:

• User consent

• Contractual necessity

• Legal obligations

• Legitimate business interests (security, service improvement)

7. Data Retention Policy

7.1 Personally Identifiable Information (PII)

• Retained no longer than 30 days after order delivery, unless legally required

• Only used for:

  • Order fulfillment

  • Tax and legal compliance

  • Invoice generation

7.2 Non-PII Data

• Retained for up to 18 months, unless required longer by law

7.3 Deletion Requests

• Data is deleted within 30 days of request or Amazon instruction

• Secure deletion follows NIST 800-88 standards

8. Data Storage and Security

We implement industry-leading safeguards as required by Amazon DPP:

8.1 Network Security

• Firewalls and access control lists

• Intrusion detection/prevention systems

• Anti-virus and anti-malware tools

• Network segmentation

8.2 Access Control

• Unique user IDs for all users

• No shared or generic accounts

• Role-based access (least privilege principle)

• Account lockout after failed login attempts

• Access revoked within 24 hours of termination

8.3 Encryption

• In transit: TLS 1.2+, SFTP, SSH

• At rest: AES-128 or RSA-2048 encryption

8.4 Credential Security

• Strong password policies (minimum 12 characters)

• Mandatory Multi-Factor Authentication (MFA)

• API keys encrypted and rotated annually

8.5 Secure Development

• No hardcoded credentials

• Separate production and test environments

9. Data Sharing and Disclosure

We may share data only:

• With authorized service providers (under strict contracts)

• With Amazon as required

• With legal authorities when required by law

We do NOT sell personal data.

All third parties undergo annual security and risk assessments.

10. Logging and Monitoring

We maintain logs for:

• Access attempts

• System activity

• Security events

Logs:

• Are protected from unauthorized access

• Retained for at least 12 months

• Do not contain PII unless legally required

We use monitoring systems to detect:

• Suspicious activity

• Data breaches

• Unauthorized access

11. Incident Response

We maintain a formal Incident Response Plan that includes:

• Detection and classification of incidents

• Defined response roles and escalation paths

• Notification to Amazon within 24 hours of incidents

• Documentation and corrective actions

12. User Rights

Depending on your jurisdiction, you may have rights to:

• Access your data

• Correct inaccurate data

• Request deletion

• Restrict or object to processing

• Withdraw consent

To exercise rights, contact us at: info@sirdaksh.in

13. Data Attribution and Segregation

We ensure:

• Amazon data is stored separately OR clearly tagged

• Data origin is always identifiable

• No mixing of unauthorized datasets

14. Data Transfers

If data is transferred internationally:

• Appropriate safeguards are implemented

• Transfers comply with applicable laws

15. Cookies and Tracking

We use cookies to:

• Improve user experience

• Analyze traffic

• Maintain session security

Users can manage cookies via browser settings.

16. Subcontractors and Third Parties

All vendors:

• Undergo annual risk assessments

• Must comply with equivalent data protection standards

• Are contractually bound to protect data

17. Compliance and Audits

We:

• Maintain records of data processing activities

• Cooperate with Amazon audits

• Provide compliance evidence when requested

• Remediate any identified issues promptly

18. Children’s Privacy

Our services are not intended for children under 13 (or applicable age). We do not knowingly collect their data.

19. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be posted with a revised “Last Updated” date.

20. Definitions

Terms such as:

• “PII”

• “Amazon Services API”

• “Authorized User”

• “Security Incident”

shall have the same meanings as defined in the Amazon Data Protection Policy (DPP).