Legal

Privacy Policy 隐私政策

Last updated: May 22, 2026 · Applies to mint-hub.com and the Mint Hub Operations SP-API application.

最后更新:2026年5月22日 · 适用于 mint-hub.com 及 Mint Hub Operations SP-API 应用程序。

1. Who We Are

1. 关于我们

This Privacy Policy applies to Mint Hub, operated by 浅草枢(鄂尔多斯)信息技术有限公司 ("Mint Hub", "we", "our", or "us"). We provide cross-border e-commerce operations automation tools for sellers on platforms including Amazon, Walmart, and GigaCloud.

本隐私政策适用于由浅草枢(鄂尔多斯)信息技术有限公司(以下简称"Mint Hub"、"我们"或"我方")运营的 Mint Hub。我们为在 Amazon、Walmart 和 GigaCloud 等平台经营的卖家提供跨境电商运营自动化工具。

Our website is mint-hub.com. Our internal operations dashboard is accessible at hub.mint-hub.com (authorized personnel only).

我们的官方网站为 mint-hub.com,内部运营工作台访问地址为 hub.mint-hub.com(仅限授权人员)。

For questions about this policy, contact us at: TODO: replace with verified support email

如对本政策有疑问,请通过以下方式联系我们:TODO: replace with verified support email

2. What Data We Collect

2. 我们收集哪些数据

2.1 Website Visitors

2.1 网站访客

When you visit mint-hub.com, our web server may log standard request metadata such as your IP address, browser type, and pages visited. This is standard server logging and is not used to identify individuals. We do not use third-party analytics scripts, advertising trackers, or cookies beyond what is strictly necessary for page functionality.

当您访问 mint-hub.com 时,我们的服务器可能记录标准请求元数据,例如您的 IP 地址、浏览器类型和访问页面。这属于标准服务器日志,不用于识别个人身份。我们不使用第三方分析脚本、广告追踪器,也不使用页面功能所必要以外的 Cookie。

2.2 Contact Form Submissions

2.2 联系表单提交

If you submit a message through our contact page, we collect the information you provide (such as your name and email address) solely to respond to your inquiry. This information is not shared with third parties.

如果您通过联系页面提交信息,我们收集您提供的内容(如姓名和电子邮件地址),仅用于回复您的咨询。这些信息不与第三方共享。

2.3 Amazon SP-API Authorization Data

2.3 Amazon SP-API 授权数据

When an Amazon seller authorizes the Mint Hub Operations application (once that feature is enabled), we receive and store the following data provided by Amazon through the SP-API OAuth flow:

当 Amazon 卖家授权 Mint Hub Operations 应用程序(功能启用后),我们将通过 SP-API OAuth 流程接收并存储以下 Amazon 提供的数据:

  • Selling Partner ID — the unique identifier for the authorized Amazon store
  • Selling Partner ID — 已授权 Amazon 店铺的唯一标识符
  • Authorization code — a short-lived code used to obtain a refresh token; discarded immediately after use
  • 授权码 — 用于获取刷新令牌的短效码,使用后立即丢弃
  • Refresh token — a long-lived credential that allows us to fetch access tokens on behalf of the authorized store; encrypted at rest
  • 刷新令牌 — 允许我们代表已授权店铺获取访问令牌的长效凭证,静态加密存储

We also access operational data from the seller's Amazon account as permitted by the SP-API roles the seller authorized, which may include inventory levels, order summaries, and advertising performance records.

我们还将根据卖家授权的 SP-API 权限,访问其 Amazon 账户的运营数据,包括库存水平、订单摘要和广告绩效记录。

3. Why We Collect This Data

3. 我们为何收集数据

We collect data only for the following purposes:

我们仅出于以下目的收集数据:

  • To respond to contact inquiries
  • 回复联系咨询
  • To maintain secure, authorized access to an Amazon seller's SP-API data on their behalf
  • 代表卖家维护对其 Amazon SP-API 数据的安全授权访问
  • To display inventory, order, and advertising information within the seller's private operations workspace
  • 在卖家专属运营工作台中展示库存、订单和广告信息
  • To maintain system security, detect abuse, and ensure service stability
  • 维护系统安全、检测滥用行为并确保服务稳定性

We do not collect data for advertising, profiling, or resale.

我们不为广告投放、用户画像或数据转售目的收集数据。

4. How We Use SP-API Data

4. 我们如何使用 SP-API 数据

SP-API data is used exclusively for the operational purposes described in Section 3. Specifically:

SP-API 数据仅用于第3条所述的运营目的,具体包括:

  • Inventory data is shown only within the authorized seller's private workspace
  • 库存数据仅在已授权卖家的专属工作台中展示
  • Order data is used only to support operational decisions within the seller's workspace
  • 订单数据仅用于支持卖家工作台中的运营决策
  • Advertising records are shown alongside inventory data to support budget and promotion decisions
  • 广告记录与库存数据并排展示,支持预算和推广决策

SP-API data is never used to build profiles, train models on seller-specific competitive data, or inform decisions for any party other than the authorizing seller.

SP-API 数据绝不用于构建用户画像、基于卖家竞争数据训练模型,或为授权卖家以外的任何一方提供决策依据。

5. Third-Party Sharing

5. 第三方共享

We do not sell, rent, or transfer your data to third parties. We do not share SP-API data obtained through seller authorization with any party other than the authorizing seller's own team.

我们不向第三方出售、出租或转让您的数据。通过卖家授权获取的 SP-API 数据,不与授权卖家团队以外的任何方共享。

We may use infrastructure providers (cloud servers, database hosting) to operate our services. These providers process data on our behalf under contractual agreements and are not permitted to use the data independently.

我们可能使用基础设施提供商(云服务器、数据库托管)来运营服务。这些提供商依据合同协议代我方处理数据,不得独立使用该数据。

6. Data Retention

6. 数据留存

  • Contact form messages — retained for up to 12 months, then deleted
  • 联系表单消息 — 保留最长12个月后删除
  • Server logs — retained for up to 90 days
  • 服务器日志 — 保留最长90天
  • SP-API refresh tokens — retained while the seller's authorization is active; deleted within 30 days of revocation or deletion request
  • SP-API 刷新令牌 — 在卖家授权有效期间保留;授权撤销或收到删除请求后30天内删除
  • SP-API operational data — retained for up to 12 months to support historical reporting, then deleted or anonymized
  • SP-API 运营数据 — 为支持历史报告保留最长12个月,之后删除或匿名化处理

7. How We Protect Refresh Tokens and Authorization Data

7. 我们如何保护刷新令牌和授权数据

The following controls apply once the Amazon SP-API integration is active:

以下控制措施在 Amazon SP-API 集成激活后适用:

  • Encryption at rest — refresh tokens are encrypted using a server-side key before being written to the database
  • 静态加密 — 刷新令牌在写入数据库前使用服务端密钥加密
  • Ephemeral access tokens — short-lived access tokens are held only in memory during an API request and are never written to disk
  • 临时访问令牌 — 短效访问令牌仅在 API 请求期间保留于内存中,绝不写入磁盘
  • Access control — each seller's tokens and data are logically isolated; no internal user can access another seller's data
  • 访问控制 — 每位卖家的令牌和数据逻辑隔离,内部用户无法访问其他卖家的数据
  • Minimum privilege — only the SP-API roles required for declared features are requested
  • 最小权限 — 仅申请功能声明所需的 SP-API 权限
  • Incident response — in the event of a breach affecting seller tokens, we will notify affected sellers promptly and revoke compromised credentials
  • 应急响应 — 如发生影响卖家令牌的安全事件,我们将及时通知受影响卖家并撤销受损凭证

8. Your Rights: Data Deletion and Revocation

8. 您的权利:数据删除与授权撤销

To revoke Amazon authorization:

撤销 Amazon 授权:

Log in to Amazon Seller Central → Settings → Apps & Services → Manage Your Apps, and revoke access for Mint Hub Operations. We will delete your refresh token and stop all API access within 30 days.

登录 Amazon Seller Central → 设置 → 应用程序与服务 → 管理您的应用程序,撤销 Mint Hub Operations 的访问权限。我们将在30天内删除您的刷新令牌并停止所有 API 访问。

To request deletion of your data:

申请删除您的数据:

Send a written request to TODO: replace with verified support email with the subject line "Data Deletion Request". Include your Selling Partner ID or the email address associated with your inquiry. We will process your request within 30 days and confirm deletion in writing.

请发送书面申请至 TODO: replace with verified support email,邮件主题请注明"数据删除申请"。请提供您的 Selling Partner ID 或与咨询相关的电子邮件地址。我们将在30天内处理您的申请并书面确认删除结果。

9. Children's Privacy

9. 未成年人隐私

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

我们的服务不面向18周岁以下人群。我们不会有意收集未成年人的个人数据。

10. Changes to This Policy

10. 政策变更

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated "Last updated" date at the top of this page.

我们可能不时更新本隐私政策。重大变更将通过更新页面顶部的"最后更新"日期加以体现。

11. Contact

11. 联系方式

  • Email: TODO: replace with verified support email
  • 电子邮件:TODO: replace with verified support email
  • Company: 浅草枢(鄂尔多斯)信息技术有限公司 (Mint Hub)
  • Address: TODO: replace with verified company address
  • 地址:TODO: replace with verified company address