We are making updates to the Amazon API Services Developer Agreement, Data Protection Policy (DPP), and Acceptable Use Policy (AUP). These updates will go into effect on August 22, 2022.
These updates may require changes to your existing application security or controls.
- Consolidation of existing licensing, data controllership and processing, rating/feedback, representation, and confidentiality provisions.
- Clarification that Transaction Information must not be given to End Users that you know or suspect will violate the Agreement or harm Amazon.
- Removal of testing requirement.
- Added and clarified requirements for:
- Network segmentation
- Data protection and IT security trainings
- User access registration, rights, and maintenance
- Minimum password requirements
- Risk assessment and management processes
- Data attribution
- Data loss prevention
- Penetration testing
- Increased timeline for deletion, on Amazon’s request, from 72 hours to 30 days.
- Removed requirement for cold storage.
- Added provisions calling out expectations to comply with privacy regulations.
- Clarified and highlighted due diligence, privacy regulations, and transparency that should be addressed prior to data sharing.
- Added references to Amazon Freight Services API terms and Amazon Business terms that are applicable for users of those APIs.
Across the agreement and all policies, the term “Amazon Partner Network” is changed to the “Amazon Selling Partner Appstore”. Your continued use of Amazon API Services after August 22, 2022 constitutes your acceptance of the updated agreement and policies. Our goal is to help you and all of our developers continue to succeed with Amazon and grow your businesses globally, while maintaining customer trust for data security. Thank you for being an Amazon API Services developer.
Best regards, The Selling Partner API team