Amazon data is collected, processed, stored, used, shared and disposed using various industry best practices, including:
- Network protection. Implemented network protection controls including network firewalls and network access control lists to deny access to unauthorized IP addresses. Any public access is only to approved users.
- Encryption in transit. All Information in transit is encrypted with secure protocols such as TLS 1.2+.
- Encryption at rest. The cryptographic materials used for encryption are only accessible to the developer’s processes.
- Access management and least privilege principle. Access rights are provided to employees based on their role inside the company. Each employee has its unique ID and email address. We do not use any shared user accounts. The list of employees with access to information is strictly and regularly reviewed. Storage of information on personal devices for employees and contractors is strictly forbidden. If / when information is granted to any other party, access is granted only on need-to-know basis, following the principle of least privilege.
- Data retention and governance. PII is retained for no longer than 30 days after delivery and only for the purpose of, and as long as is necessary to fulfill orders, calculate and remit taxes, produce tax invoices, meet legal requirements, including tax or regulatory requirements. Archival copies of PII when it’s required for regulatory purposes are not available for interactive use. A list of specific data fields is maintained, which defines how they are stored, processed, shared and used.
- Asset management. Employees are restricted to store any Amazon information (including PII) in removable media, personal devices or unsecured public cloud applications. List of all physical assets is maintained within the company and regularly updated. Maintenance and enforcement of “account lockout” is initiated after detecting anomalous usage patterns / log-in attempts, and disabling accounts with access to Amazon information as needed.
- Secure coding practices. All credentials are encrypted and not stored in public code repositories. Password vault is used to control access to shared passwords. Separate test and production environments are maintained.