**Data Loss Prevention (DLP) Policy**
**CustomHub.io**
**Effective Date:** March 19, 2025
**Last Updated:** March 19, 2025
—
## **1. Introduction**
CustomHub.io is committed to protecting Amazon Information and Personally Identifiable Information (PII) from unauthorized access, transfer, or leakage. This Data Loss Prevention (DLP) Policy outlines the security controls and monitoring mechanisms in place to prevent sensitive data from being accessed, stored, or transferred outside authorized environments.
## **2. Scope**
This policy applies to:
– Amazon Information retrieved via SP-API.
– Customer and business data stored within CustomHub.io’s infrastructure.
– Employees, contractors, and third-party service providers with access to sensitive data.
## **3. Data Access & Transfer Restrictions**
– **No Personal Device Access:** Amazon Information cannot be accessed, stored, or transferred to personal devices, including **USB drives, personal computers, mobile phones, or external storage services (Google Drive, Dropbox, etc.).**
– **Restricted File Transfers:** Employees are prohibited from sending Amazon Information via email, messaging apps, or unauthorized cloud services.
– **Encrypted Data Storage:** All Amazon Information is encrypted at rest using **AES-256 encryption** and in transit via **TLS 1.2+**.
## **4. Monitoring & Prevention Mechanisms**
– **Data Loss Prevention (DLP) Software:**
– Scans and blocks unauthorized data transfers.
– Detects and alerts security teams of suspicious activity.
– **Access Logs & Monitoring:**
– Tracks all user access and interactions with Amazon Information.
– Logs are retained for at least **90 days** for security review.
– **Automated Alerts:**
– Triggered if Amazon Information is accessed from unapproved devices or locations.
– Escalation to the security team for immediate investigation.
## **5. Incident Response & Enforcement**
– **Unauthorized access attempts result in immediate access revocation.**
– **Security incidents are investigated and documented**, with a root cause analysis performed.
– **Violations may lead to disciplinary action**, including termination for employees and contract termination for third-party vendors.
– **Amazon security incidents are reported to security@amazon.com within 24 hours.**
## **6. Compliance & Audits**
– **Quarterly security audits** ensure compliance with Amazon SP-API data protection policies.
– Employees undergo **annual security training** on data handling best practices.
– **Regular penetration testing** ensures DLP measures remain effective.
## **7. Policy Updates**
This policy is reviewed and updated periodically to align with industry best practices and compliance requirements.
## **8. Contact Information**
For security concerns, contact:
**Email:** support@customhub.io
**Address:** 1911 Ball Rd, Anaheim, CA, 92805