Privacy Policy

Parcel & Plenty Pty Ltd (“Parcel & Plenty”, “we”, “us”, or “our”) operates the Parcel & Plenty digital shelf intelligence platform (“Platform”) and the website parcelandplenty.com.au. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you access our website or use our Platform.

We are committed to complying with the Australian Privacy Act 1988 (Cth) (“Privacy Act”) and the Australian Privacy Principles (“APPs”). Where applicable, we also comply with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the UK GDPR.

2.1 Information you provide directly: When you submit a demo request, contact us, or create an account, we collect: full name, business email address, company name, job title, Amazon marketplace details, revenue information, and any other information you choose to provide.

2.2 Amazon Seller Central data (SP-API): For clients who authorise our platform via Amazon's OAuth 2.0 flow, we access data from your Seller Central account strictly within the scope of permissions you have granted. This data is used solely to provide the Platform services to you and is never shared with other clients or third parties. All SP-API data access complies with Amazon's Selling Partner API Data Protection Policy.

2.3 Usage data: We automatically collect information about how you interact with our website and Platform, including IP address, browser type, pages visited, and time spent on pages. This data is used for platform improvement and security purposes.

We use information we collect to: provide, operate, and improve the Platform; communicate with you about your account, your demo request, and our services; comply with legal obligations including Amazon's Data Protection Policy requirements; detect and prevent fraud and security incidents; and send you relevant product updates (with your consent, where required by law).

As an Amazon SP-API developer, we are bound by Amazon's Data Protection Policy (DPP). In accordance with those requirements: we access SP-API data only for the specific purposes authorised by you; we do not share your SP-API data with any third party except as strictly necessary to provide our services (e.g., our AWS hosting provider); we retain SP-API data only for the duration of our service agreement with you plus a 90-day wind-down period, after which it is permanently deleted; and we implement technical and organisational measures consistent with Amazon's security requirements.

We do not sell your personal information. We may share your information with: AWS (infrastructure provider, bound by data processing agreements); third-party services used to operate the Platform (e.g., analytics, email delivery), each bound by appropriate data processing agreements; and regulatory or law enforcement authorities where required by applicable law.

We retain your personal data for as long as your account is active or as needed to provide services. Upon termination of your account, we retain data for 90 days to allow for account recovery, after which it is permanently deleted. Certain data may be retained for longer periods where required by law (e.g., financial records for 7 years under Australian law). SP-API data is retained in strict accordance with Amazon's Data Protection Policy.

Under the Australian Privacy Act and, where applicable, the GDPR, you have the right to: access the personal information we hold about you; correct inaccurate or incomplete information; request deletion of your personal information (subject to legal retention requirements); object to or restrict certain processing of your data; and withdraw consent where processing is based on consent. To exercise any of these rights, contact us at privacy@parcelandplenty.com.au.

We implement industry-standard security measures including AES-256 encryption at rest, TLS 1.3 encryption in transit, multi-factor authentication, role-based access controls, and regular third-party security audits. We are SOC 2 Type II certified. Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong, unique passwords for your account.

Our primary infrastructure is located in Australia (AWS ap-southeast-2, Sydney). Some of our service providers may process data in other jurisdictions. Where we transfer data outside Australia, we take steps to ensure that appropriate safeguards are in place in accordance with the Privacy Act and, where applicable, the GDPR.

Our website uses essential cookies required for site functionality and security. We do not use tracking cookies or third-party advertising cookies without your consent. You may disable cookies in your browser settings; however, this may affect the functionality of certain parts of our website.

For privacy enquiries, data access requests, or to exercise your rights under applicable privacy law, please contact our Privacy Officer at:

Email: privacy@parcelandplenty.com.au
Company: Parcel & Plenty Pty Ltd
Country: Australia

If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.