Privacy Policy

Privacy Policy of Urbicode Services LLC

Last updated: 2025-09-01

Urbicode Services LLC (“Urbicode,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through this Privacy Policy. This document describes how we collect, use, disclose, and safeguard your information when you use our services, including integrations via OAuth 2.0 with third-party providers such as Google and Amazon.

Information We Collect

User-provided information:
Name, email address, account details, or any information you provide when registering or using our services.

OAuth 2.0 data:
If you connect your Google, Amazon, or another provider account, we may receive tokens and data limited to the scopes you explicitly authorize (for example, order data, fulfillment details, or inventory information for Amazon SP-API integrations).

Usage data:
Technical information such as IP address, device type, browser, operating system, and interaction logs with our services.

Transactional data:
Billing or subscription information, if applicable.

How We Use Information

We use the collected data to:

  • Deliver the functionality you request (e.g., importing orders, creating labels, or managing fulfillment through authorized integrations).
  • Authenticate users and maintain secure sessions.
  • Improve, monitor, and optimize our platform performance.
  • Prevent fraud, abuse, and unauthorized access.
  • Comply with applicable laws and legal obligations.

Processing of Amazon Data

When users connect their Amazon Seller Central accounts through the Selling Partner API (SP-API), Urbicode processes Amazon data only as authorized by the seller and as permitted under Amazon’s Developer Agreement and Data Protection Policy.

Specifically:

  • Collection: We collect data from Amazon only through secure, OAuth-based authorization granted by the user.
  • Processing and Use: Data such as orders, shipments, and inventory are processed solely to provide platform features like order synchronization, FBA management, and shipping label generation.
  • Storage:
    • Access and refresh tokens are encrypted in transit (TLS 1.2 or higher) and at rest using AES-256 encryption.
    • Amazon order and inventory data are stored securely within our infrastructure hosted in the United States.
  • Sharing:
    • Amazon data is not shared, sold, or disclosed to third parties except as required to deliver the user-requested functionality (e.g., label generation APIs or hosting services) or as required by law.
  • Retention and Disposal:
    • Amazon data is retained only as long as necessary to provide the service or as required by applicable law.
    • When a user revokes Amazon authorization or deletes their account, all associated Amazon data (including refresh tokens and cached order information) are permanently deleted within 30 days.

Urbicode does not use Amazon data for advertising, marketing, or any secondary purpose outside the scope of the authorized integration.

Legal Basis

Depending on your jurisdiction, processing may rely on:

  • Consent: For OAuth 2.0 connections, you explicitly consent to share specific data.
  • Contractual necessity: To provide the requested services.
  • Legitimate interests: For service improvement and security.
  • Legal obligations: To comply with regulatory requirements.

Data Retention

We retain data only as long as necessary for the purposes described. OAuth 2.0 access tokens are stored securely and may be deleted upon revocation. When you disconnect your account or request deletion, we will remove or anonymize personal data unless retention is required by law.

Data Sharing

We may share your data with:

  • Service providers and vendors: For hosting, infrastructure, and technical support.
  • Regulatory or legal authorities: When required by law.
  • No sale of personal data: Urbicode does not sell, rent, or trade your personal information.

Data Security

We implement administrative, technical, and physical safeguards to protect data against unauthorized access, alteration, disclosure, or destruction. This includes encryption, access controls, audit logging, and secure storage consistent with Amazon’s SP-API Data Protection Policy requirements.

User Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request corrections or deletions.
  • Revoke OAuth 2.0 permissions at any time via your Amazon or Google account or through our platform.
  • Restrict or object to processing.
  • File a complaint with a data protection authority.

International Data Transfers

Your information may be processed in the United States or other jurisdictions where our infrastructure or service providers operate. By using our services, you consent to such transfers, subject to appropriate safeguards.

Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes via email or a prominent notice on our website.

Contact Us

For any questions or concerns regarding this Privacy Policy or our data practices, please contact us:

Urbicode Services LLC
751 81th Street 
Miami Beach, FL 33141, United States
Email: info@urbicode.com