Himanshu Trading Company | Developed by Park Universal | Version 1.0
ABOUT THIS POLICY
Himanshu Trading Company (24, Vachnamrit Industrial Park, Bakrol-Bujrang, Ahmedabad – 382430, Gujarat, India) is a manufacturer, wholesaler, and Amazon seller of fiberglass mesh, cloth, yarn, tape, and related construction materials, established in 2017 under the leadership of Mr. Sunil Agarwal and Ms. Vaishali Agarwal.
Park Universal (www.parkuniversal.in) is the authorized technology integration partner engaged by Himanshu Trading Company to develop and operate the Amazon SP-API integration with Tally ERP. Park Universal acts as the data processor on behalf of Himanshu Trading Company (data controller) for all Amazon data handled through this integration.
Integration Purpose: The sole purpose of this SP-API integration is to automatically fetch Amazon orders for fiberglass products and generate GST-compliant invoices in Tally ERP — eliminating manual data entry for Himanshu Trading Company's Amazon seller operations.
This policy is published to satisfy Amazon's SP-API Data Protection Policy (DPP) requirements and to inform individuals whose data may be processed through this integration of our data handling practices.
COLLECTION: WHAT DATA WE COLLECT
Amazon data is fetched exclusively through authorized Amazon Selling Partner API (SP-API) endpoints using OAuth 2.0 authentication. Data collection is triggered only by specific business events — a new order placement or an invoice generation request in Tally.
Data Types Collected from Amazon SP-API:
Order Data : Amazon Order IDs, order dates, order status, marketplace identifiers
Product Data : SKU codes, ASIN, product descriptions (fiberglass mesh/cloth/yarn/tape), quantities, unit prices
Buyer Shipping Data: Recipient name, delivery address, city, state, PIN code — required for GST invoice generation
Financial Data : Order totals, GST components (CGST/SGST/IGST), Amazon settlement amounts for Tally reconciliation
Seller Account Data: Seller ID, marketplace ID — no buyer payment card or banking details are collected
What we do NOT collect: Buyer payment card numbers, bank account details, Amazon account credentials, login history, or any browsing or behavioural data.
No bulk or speculative data collection occurs. All data fetched is directly necessary for invoice generation or Tally account synchronization.
PROCESSING: HOW WE PROCESS DATA
All Amazon data is processed on a dedicated VPS Cloud server managed by Park Universal. A Python Django application handles the SP-API to Tally data pipeline entirely on this server. No third-party analytics, advertising platforms, or AI cloud services receive Amazon data during processing.
Processing Activities:
Order Ingestion : SP-API order records are fetched and parsed into structured PostgreSQL records
Invoice Generation: Order data is mapped to GST invoice format and pushed to TallyPrime via Tally XML gateway
Financial Sync : Amazon settlement data is reconciled with Tally ledger accounts
Error Handling : Processing failures logged without PII; flagged for Park Universal administrator review and retry
Processing is restricted to automated application processes running under a dedicated Linux system user. No Park Universal employee manually handles raw Amazon buyer data during routine operations.
STORAGE: HOW WE STORE DATA
Processed Amazon data is stored in a PostgreSQL database on the VPS Cloud server. The following security controls apply:
- Encryption at Rest: The VPS disk is encrypted using AES-256 (Linux LUKS or equivalent cloud-provider encryption). All PostgreSQL data files reside on this encrypted volume.
- Database Access Control: Django connects via a dedicated DB user with minimum required permissions only (SELECT, INSERT, UPDATE, DELETE — no DDL). Administrative access requires SSH key-based authentication.
- Network Isolation: PostgreSQL listens on localhost (127.0.0.1) only. No remote database connections from the internet are permitted. VPS firewall blocks all external inbound access to the PostgreSQL port.
- Backup Encryption: Daily automated backups (pg_dump) are encrypted with GPG AES-256 before transfer to a geographically separate off-site backup location.
- No Local Storage: Amazon data is never stored on developer workstations, personal devices, or any location outside the designated VPS server and its authorized off-site backup.
USE: HOW WE USE DATA
Amazon SP-API data is used exclusively for the following defined purposes:
- Generating GST-compliant tax invoices in Tally ERP for Amazon orders of fiberglass products placed on Himanshu Trading Company's Amazon seller account
- Synchronizing Amazon order fulfillment and dispatch status in Tally
- Reconciling Amazon settlement payments in Tally ledger accounts
- Providing Himanshu Trading Company with order and sales reports within the integration dashboard
PROHIBITED USES: Amazon data is never used for advertising, marketing profiling, machine learning training, benchmarking, resale, or any purpose not directly required for the Tally invoice and order synchronization. Buyer personal data is not shared with Himanshu Trading Company for any marketing purpose beyond order fulfillment.
SHARING: HOW WE SHARE DATA
Amazon data is not sold, rented, or shared with any third party. The only authorized data flows are:
Amazon SP-API → Django App : OAuth 2.0 | HTTPS / TLS 1.2+
Django App → PostgreSQL DB : Localhost only | AES-256 encrypted disk
Django App → Tally ERP (on-premise) : Local network at Himanshu Trading Company premises only | No internet exposure
PostgreSQL → Off-site Backup : GPG AES-256 encrypted | Geographically separate | Automated, no human transfer
No external analytics platforms, advertising networks, data brokers, or cloud AI services receive any Amazon data at any stage of this integration.
RETENTION: DATA RETENTION & DISPOSAL
Amazon data is retained only for the minimum period required for operational and legal compliance:
Invoice records (orders + buyer address) : 7 years — Required by Indian GST Act & Income Tax Act
Order sync & application logs (no PII) : 12 months — Operational audit and security investigation
Encrypted database backups : 90 days rolling — Disaster recovery window; older backups auto-purged
Security access logs : 12 months — Security incident investigation and audit compliance
Temporary debug logs (if PII present) : 48 hours max — Auto-purged; access restricted to named administrators only
Disposal: Data past its retention period is deleted via scheduled PostgreSQL cleanup jobs. Backups are purged automatically. On VPS decommissioning, all disks are securely wiped per NIST SP 800-88 media sanitization guidelines.
SECURITY: SECURITY MEASURES
Park Universal implements a layered security approach across its infrastructure, application, and database environments to ensure strong protection of systems and data.
Access and authentication are tightly controlled using secure, key-based access methods, with password-based access disabled wherever possible. Multi-factor authentication (MFA) is required for all critical systems and administrative interfaces. Strong password policies are enforced, including minimum length, complexity requirements, and regular rotation. Access permissions are assigned based on the principle of least privilege, ensuring users and services only have the access necessary to perform their functions.
Sensitive credentials and secrets are securely stored using industry-standard encryption practices and are never included in source code repositories. Automated safeguards are in place to prevent accidental exposure of credentials during development and deployment processes. Separate credentials are maintained for different environments, such as production and testing, to ensure proper isolation. Credentials are rotated periodically and immediately if any compromise is suspected.
All external communications are secured using encrypted protocols such as TLS 1.2 or higher, with unencrypted traffic strictly blocked. Network access is restricted באמצעות firewall configurations that allow only essential inbound connections. Database systems are not publicly accessible and can only be reached through secure internal channels.
The application environment is configured with security best practices, including disabling debugging features in production and enforcing strict host and request validation. Built-in protections are implemented to guard against common web vulnerabilities such as cross-site request forgery and injection attacks. Regular static code analysis and dependency vulnerability scanning are performed as part of the deployment workflow. Security headers and secure session handling mechanisms are also enforced.
Continuous monitoring systems are in place to detect suspicious activity, including unauthorized access attempts and abnormal usage patterns. Alerts are generated to notify administrators of potential security incidents, enabling timely response. Sensitive information is excluded from logs to prevent unintended exposure. Any identified security incidents are addressed promptly and reported in accordance with applicable requirements and policies.
RIGHTS: DATA SUBJECT RIGHTS
Under the Digital Personal Data Protection Act, 2023 (India) and applicable laws, individuals whose personal data is processed through this integration have the following rights:
- Right to Access : Obtain confirmation of whether your personal data is held and receive a copy
- Right to Correction : Request correction of inaccurate personal data
- Right to Erasure : Request deletion of your data, subject to legal retention obligations (GST invoice records retained 7 years under Indian law)
- Right to Grievance : Lodge a complaint with our Grievance Officer — responded to within 30 days
- Right to Nominate : Nominate a person to exercise rights on your behalf in the event of death or incapacity, as provided under DPDP Act 2023
To exercise any right, contact the Grievance Officer at the details below. We respond to verified requests within 30 days.
CONTACT & GRIEVANCE OFFICER
For privacy queries, data subject requests, or concerns about this policy:
Grievance Officer — Himanshu Trading Company (Data Controller):
Organization : Himanshu Trading Company
Address : 24, Vachnamrit Industrial Park, Bakrol-Bujrang, Ahmedabad – 382430, Gujarat, India
Phone : +91 9251474748 | +91 7014828528 | +91 9662979662
Website : www.himanshufiberglassmesh.com
Response Time : Within 30 days of a verified request
Technology Integration Partner — Park Universal (Data Processor):
Organization : Park Universal
Role : Authorized Data Processor — Amazon SP-API & Tally ERP Integration Developer
Website : www.parkuniversal.in
Amazon Security Incidents: Notified within 24 hours of detection
This policy was last reviewed on the current date. We reserve the right to update this policy as practices or applicable laws change. Material updates will be communicated via the seller integration dashboard.