Ads123
  • Features
  • How It Works
  • Data Boundaries
  • Security
  • Pricing
  • FAQ
  • Privacy
  • Terms
  • Support
Request Access

Privacy Policy

Last updated: July 6, 2026

This Privacy Policy describes how Xiamen Yunzhongcheng Technology Co., Ltd. ("we", "us", or "our") collects, uses, stores, and protects data when you use Ads123 (the "Service"). The Service is a SaaS application that helps authorized Amazon sellers manage advertising campaigns and analyze advertising performance through the Amazon Advertising API.

By using the Service, you agree to the practices described in this Privacy Policy. This policy is designed to comply with the Amazon Advertising API Data Protection Policy, the Acceptable Use Policy, and applicable regional privacy regulations including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

Summary: We only access advertising data from your authorized Amazon advertising account through the Amazon Advertising API. We do not access buyer PII, do not merge Amazon data with third-party sources, do not sell or share your advertising data, and do not use your data for interest-based advertising. All data is encrypted in transit and at rest.

1. Introduction

Ads123 is a publicly available SaaS application that provides Amazon sellers with advertising campaign management and performance optimization tools. The Service monitors campaign performance, analyzes search terms, suggests bid adjustments, manages budgets, and generates performance reports across Sponsored Products, Sponsored Brands, and Sponsored Display campaigns.

All advertising data is accessed exclusively through the Amazon Advertising API, and only after an authorized seller explicitly grants access to the application through Amazon's secure OAuth authorization flow. We process advertising data solely for the authorized seller's own campaign management and performance reporting — never for buyer profiling, interest-based advertising, or resale.

2. Data We Collect

2.1 Advertising Campaign Data

After you explicitly authorize the application through Amazon's OAuth flow, we access the following advertising data from your Amazon advertising account exclusively through the Amazon Advertising API:

  • Campaign configuration data: Campaign names, campaign types (Sponsored Products, Sponsored Brands, Sponsored Display), targeting settings, and campaign status
  • Keyword and targeting data: Keywords, match types, negative keywords, and product targeting configuration
  • Bid and budget data: Keyword bids, placement bids, campaign daily budgets, and budget rules
  • Performance metrics: Impressions, clicks, spend, sales, ACoS (Advertising Cost of Sales), ROAS (Return on Ad Spend), conversions, and click-through rates
  • Search term reports: Aggregated search terms that triggered your ads, with associated click, spend, and sales metrics — shown as aggregated queries, not individual buyer identities
  • Placement and reporting data: Placement performance breakdowns and campaign reporting dimensions

2.2 Contact and Onboarding Data

When you request access to Ads123, we collect your email address, name, and company information for onboarding and communication purposes only. This data is used to process your access request, manage your subscription, and provide operational support to your authorized team.

2.3 Usage Data

We collect application usage logs and operation records necessary to provide and maintain the Service. This includes:

  • Application logs: Records of campaign configuration changes, bid adjustments, and budget modifications made within the application
  • Operation records: Timestamps of data retrieval from the Amazon Advertising API and alert delivery records
  • Authentication logs: Records of authorization grants and revocations through Amazon's OAuth flow

3. How We Use Your Data

We use the advertising data accessed through the Amazon Advertising API solely for the following purposes:

  • Campaign management: Displaying and managing your authorized advertising campaigns, keywords, bids, and budgets
  • Performance monitoring: Tracking impressions, clicks, spend, sales, ACoS, and ROAS against your configured targets
  • Search term analysis: Analyzing search term reports to identify scaling opportunities and negation candidates
  • Bid optimization: Generating bid adjustment suggestions based on your own campaign performance data
  • Budget management: Monitoring daily and monthly ad spend and alerting on budget depletion projections
  • Performance reporting: Generating customizable campaign, keyword, and search term reports for your internal teams

We do NOT use Amazon advertising data for: buyer profiling, interest-based advertising, behavioral retargeting, cross-seller aggregation, resale to third parties, insights about Amazon's business, or any purpose other than the advertising campaign management and performance reporting described above.

4. Data We Do Not Collect

We explicitly do not collect, access, or process:

  • Buyer Personally Identifiable Information (PII), including buyer names, email addresses, phone numbers, or shipping addresses
  • Buyer identity information or any data that could re-identify individual Amazon customers
  • Buyer browsing, purchase, or behavioral history beyond aggregated advertising performance metrics
  • Financial, banking, or payment card information
  • Amazon Information merged, combined, or enriched with any third-party data sources
  • Advertising data retrieved from any external or non-Amazon sources

Search term reports are processed as aggregated queries with associated performance metrics. We do not attempt to re-identify or reverse-engineer individual buyers from aggregated advertising data.

5. Cookie and Tracking Disclosure

Ads123 uses essential cookies and similar technologies necessary to operate the application, maintain your authenticated session, and remember your preferences. These cookies are required for core application functionality and cannot be disabled if you wish to use the Service.

We do not use cookies or tracking technologies for interest-based advertising, behavioral profiling, or cross-site tracking of our users. We do not place advertising or retargeting cookies on the application.

Amazon's interest-based advertising: Please be aware that Amazon may place or recognize cookies on the application or related surfaces for the purpose of providing interest-based advertising and measuring advertising effectiveness, in accordance with Amazon's advertising practices. These cookies are governed by Amazon's privacy practices, not this Privacy Policy. To opt out of Amazon's interest-based advertising, you may use the following resources:

  • Amazon Ad Preferences: Manage your Amazon advertising preferences through your Amazon account settings
  • Digital Advertising Alliance (DAA): Visit optout.aboutads.info to opt out of interest-based advertising from participating companies
  • YourOnlineChoices: For users in the European Economic Area, visit youronlinechoices.com to manage interest-based advertising preferences

6. Data Authorization and Retrieval

All advertising data is retrieved exclusively through the Amazon Advertising API using Amazon's secure OAuth 2.0 authorization framework. The authorization process works as follows:

  • Explicit consent: Each selling partner must explicitly authorize Ads123 to access their Amazon advertising account through Amazon's OAuth consent screen
  • Scoped access: Authorization is limited to the campaign_management scope, granting access only to the advertising data operations required to provide the Service
  • Authorized sellers only: We process advertising data only for sellers who have explicitly granted authorization. We do not access data from unauthorized accounts
  • No broader access: Authorization does not grant access to buyer PII, seller central data, or any data outside the authorized advertising scope
  • Revocable at any time: You may revoke Ads123's authorization at any time through your Amazon advertising account settings. Upon revocation, we immediately cease accessing your advertising data

7. Data Sharing and Disclosure

We do not share, sell, rent, lease, or otherwise distribute Amazon advertising data to any third party. Advertising data accessed through the Amazon Advertising API is processed solely within our application infrastructure to provide the Service to the authorized seller.

Specifically, we do not:

  • Share Amazon advertising data with external parties for any purpose
  • Sell or license Amazon advertising data to any third party
  • Use Amazon advertising data for advertising targeting, retargeting, or audience building
  • Aggregate or combine advertising data across different sellers' accounts
  • Disclose Amazon advertising data except as required by applicable law or to comply with legal process

Each advertiser's data is processed independently within a multi-tenant isolated architecture. Cloud infrastructure providers used to host the Service act as data processors under confidentiality agreements and do not have access to Amazon advertising data beyond what is necessary for infrastructure maintenance.

8. Data Security

8.1 Encryption

All advertising data is protected with industry-standard encryption:

  • Encryption in transit: All data transmitted between our systems and the Amazon Advertising API, and between our systems and your browser, is encrypted using TLS 1.2 or higher. Insecure communication channels are disabled across all internal and external endpoints
  • Encryption at rest: All Amazon advertising data stored in our systems is encrypted at rest using AES-256 encryption. Encryption keys are managed through a dedicated Key Management System (KMS) and are accessible only to authorized application processes
  • Credential protection: Amazon Advertising API credentials and OAuth tokens are encrypted and never stored in plain text, in public repositories, or hard-coded into applications

8.2 Access Controls

Access to Amazon advertising data is governed by the following controls:

  • Role-based access control (RBAC): Access is granted based on job duties and business functions following the principle of least privilege (need-to-know basis)
  • Unique user IDs: Every individual accessing Amazon advertising data is assigned a unique identifier. Generic, shared, or default login credentials are prohibited
  • Quarterly access reviews: Personnel and service access lists are reviewed at least every 90 days. Accounts no longer requiring access are promptly removed
  • Multi-Factor Authentication (MFA): MFA is enforced for all internal systems that may come into contact with Amazon advertising data
  • Password policy: Passwords must be at least 12 characters with a mix of uppercase, lowercase, numbers, and special characters. Password history of the last 10 passwords is maintained to prevent reuse. Passwords are rotated at least every 365 days
  • Account lockout: Accounts are automatically locked after unsuccessful login attempts to prevent brute-force attacks
  • No personal device storage: Employees and contractors are prohibited from storing Amazon advertising data on personal devices

8.3 Incident Response (IMPOC)

We maintain a documented incident response plan that is:

  • Approved by senior management and reviewed at least every 6 months
  • Updated after significant infrastructure or system changes, and after lessons learned from any incident
  • Covering all standard phases: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned

We have designated an Incident Management Point of Contact (IMPOC) who is available at all times, has the authority to coordinate incident response activities, and can be reached quickly in the event of a data breach or security incident involving Amazon advertising data.

Any security incident involving Amazon advertising data will be reported to security@amazon.com within 24 hours of detection. We will investigate each security incident and document the incident description, remediation actions, and corrective processes or system controls implemented to prevent recurrence. All incident documentation will be provided to Amazon upon request.

8.4 Data Deletion (NIST 800-88)

Upon revocation of authorization — whether by the seller through Amazon advertising settings, by Amazon, or upon subscription termination — we will permanently and securely delete all associated Amazon advertising data within 72 hours of notification.

Data destruction follows NIST SP 800-88 standards, including:

  • Clear: Overwriting data with zeros or random patterns
  • Purge: Firmware-level erasure or cryptographic key destruction
  • Physical destruction: Shredding, crushing, or incineration of physical media when applicable

All active data stores and all backups/copies are destroyed. Data anonymization (e.g., hashing) is not considered an acceptable deletion method. When using cloud services, we use supported deletion mechanisms (such as delete APIs or TTL policies); simply removing object pointers or orphaning data is not accepted. Upon request, we will provide written certification that all Amazon advertising data has been securely destroyed.

9. Data Retention

We retain data only for as long as necessary to provide the Service:

  • Advertising campaign data: Retained for the duration of your active subscription and deleted within 30 days of subscription termination or authorization revocation
  • Security and access logs: Retained for a minimum of 12 months to support audit and incident investigation requirements
  • Contact and onboarding data: Your contact information (email, name, company) is retained for the duration of your active subscription and deleted within 30 days of subscription termination
  • Usage data: Application usage logs and operation records are retained for the duration of your subscription and deleted within 30 days of termination

We do not retain Amazon advertising data beyond what is necessary to provide the Service to the authorized seller. No Amazon advertising data is retained for any secondary purpose.

10. Your Privacy Rights (GDPR/CCPA)

As an authorized seller, you have the following rights under applicable data protection regulations, including the GDPR (for EU/EEA residents) and CCPA/CPRA (for California residents):

  • Right of access: Request a copy of the personal data we hold about you
  • Right to erasure ("right to be forgotten"): Request deletion of your personal data from our systems
  • Right to rectification: Request correction of inaccurate or incomplete personal data
  • Right to restrict processing: Request that we limit the processing of your personal data
  • Right to data portability: Receive your personal data in a structured, machine-readable format
  • Right to object: Object to the processing of your personal data for certain purposes
  • Right to revoke authorization: Disconnect Ads123 from your Amazon advertising account at any time through your Amazon advertising settings

To exercise any of these rights, contact us at contact@yzccn.com. We will respond to your request within 30 days. If you believe we have not adequately addressed your concerns, you have the right to lodge a complaint with your local data protection authority.

11. Consent Signal Requirements

For users located in the United Kingdom and the European Economic Area (EEA), Ads123 requires explicit consent before processing advertising data. We support recognized consent signaling frameworks to ensure compliance with regional privacy regulations:

  • IAB Transparency and Consent Framework (TCF): We support IAB TCF consent signals, allowing consent management platforms to transmit user consent preferences to the application
  • Amazon Consent Signal: We support Amazon's Consent Signal mechanism for transmitting user consent status through the Amazon Advertising API
  • Consent records: We maintain records of consent grants, including the timestamp, scope, and method of consent, for the duration required by applicable law
  • Granular control: Users in the UK/EEA may withdraw consent at any time, which triggers the data deletion process described in Section 8.4

Where consent is the lawful basis for processing, we will not process advertising data without a valid affirmative consent signal. Consent must be freely given, specific, informed, and unambiguous.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by email or through the Service at least 30 days before the changes take effect. The updated policy will be effective immediately upon posting after the notice period.

We encourage you to review this policy periodically to stay informed about how we collect, use, and protect your advertising data.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

  • General inquiries: contact@yzccn.com
  • Security incidents: security@yzccn.com
  • Phone: +86 186-0591-8653
  • Address: Xiamen Yunzhongcheng Technology Co., Ltd., Xiamen, Fujian, China
Ads123

Advertising performance monitoring and optimization SaaS for Amazon sellers. Built with the Amazon Advertising API.

A product of Xiamen Yunzhongcheng Technology Co., Ltd.

Product

  • Features
  • How It Works
  • Data Boundaries
  • Pricing

Legal

  • Privacy Policy
  • Terms of Service
  • Support

Contact

contact@yzccn.com security@yzccn.com +86 186-0591-8653 Xiamen, Fujian, China
© 2026 Xiamen Yunzhongcheng Technology Co., Ltd. All rights reserved. Ads123 is not affiliated with or endorsed by Amazon.com, Inc.