1. Introduction
This Privacy Policy explains how Blumead LLP, trading as Blue Meridian Advisory (“Blue Meridian”, “we”, “us”, or “our”), collects, uses, stores, protects, and discloses information in the course of providing digital commerce growth services to our clients.
Blumead LLP is registered at No. 20, D. Nagaraj Layout, Kaval Byra Sandra, R. T. Nagar Post, Bangalore – 560032, India. This policy covers information we handle through our website, our software tools (collectively, the Meridian Intelligence Layer), and the managed services we deliver for client brands operating on Amazon and other commerce platforms.
If you have any questions about this policy or how we handle data, please contact us at support@blumead.com.
2. Scope and our two operating modes
Blue Meridian operates in two distinct modes depending on the client engagement. This policy applies to both.
Mode A: Managed service inside the client’s own account. In this mode we perform account management directly within the client’s own Amazon Seller Central account, acting under the client’s authorisation and on their behalf. Data remains within Amazon’s environment, and we access it only through the client’s account in order to operate and optimise the account.
Mode B: Direct Selling Partner API (SP-API) integration. In this mode seller data is accessed through Amazon’s Selling Partner API and processed within Blue Meridian’s own tools, the Meridian Intelligence Layer, to deliver analytics, advertising optimisation, and reporting. In this mode we act as a processor of the data made available to us through the API for the purposes agreed with the client.
3. Information we collect
Depending on the engagement and operating mode, we may collect or process the following categories of information:
Marketplace performance data: sales, revenue, traffic, conversion, rank, and category performance metrics.
Advertising data: campaign structure, keyword and targeting data, bids, spend, and advertising performance metrics.
Inventory data: stock levels, fulfilment status, and replenishment information.
Order data: order and transaction records, which may include limited personally identifiable information (PII) such as a buyer name and shipping address where this is exposed by the platform.
Account credentials and authorisation tokens: the authorisations, access grants, and tokens required to operate within or connect to a client’s platform account.
Business contact details: names, email addresses, and similar contact information for client representatives and prospective clients.
4. How we use information
We use the information we collect solely to deliver our services to the relevant client. This includes account management, performance analytics, advertising optimisation, inventory and operations support, and reporting. We process platform data only for the purposes agreed with the client and only to the extent necessary to provide the service.
5. Amazon data
Where we access Amazon information, whether through a client’s Seller Central account or through the Selling Partner API, we comply with Amazon’s Acceptable Use Policy (AUP) and Amazon’s Data Protection Policy (DPP). We use Amazon information only to provide the agreed services to the relevant seller and for no other purpose.
6. Data retention
We retain data only for as long as necessary and in line with the following commitments, consistent with Amazon’s Data Protection Policy:
Personally identifiable information (PII): retained for no longer than 30 days after order delivery, unless we are required to retain it for longer to meet a tax, legal, or accounting obligation.
Non-PII data: retained for no longer than 18 months.
Security logs: retained for a minimum of 12 months.
7. Data security
We protect data using encryption in transit (TLS) and encryption at rest. We apply access controls on a least-privilege basis, so that team members can access only the data necessary for their role.
We manage credentials carefully: we do not use shared credentials, we enable multi-factor authentication (MFA) where the platform supports it, and we do not hardcode secrets in our code or tools. We review access rights regularly and remove access that is no longer required.
8. Incident response
We maintain a documented incident response plan. In the event of a data breach affecting Amazon data, we will notify Amazon and any affected parties promptly, in line with the requirements of Amazon’s Data Protection Policy and applicable law.
9. Data sharing
We do not sell personal or business data. We share data only with the subprocessors necessary to deliver our services, and only under contractual obligations equivalent to those set out in this policy. We do not share Amazon data with any third party except as required to provide the agreed service or as required by law.
10. Data deletion
Clients may request deletion of their data at any time. On termination of an engagement, data derived from Amazon and other platforms is deleted within the retention limits set out in Section 6, except where we are required to retain certain records to meet a tax, legal, or accounting obligation.
To request deletion of data, please email support@blumead.com.
11. Your rights
Subject to applicable law, including India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable regulations, you may have the right to access the personal data we hold about you, to request correction of inaccurate data, and to request deletion of your data. To exercise any of these rights, contact us at support@blumead.com.
12. International transfers
Blue Meridian is based in India, and data we process may be stored and processed in India. Where data is transferred across borders, we take appropriate steps to protect it in line with this policy and applicable law.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we do, we will revise the “Last updated” date at the top of this page. We encourage you to review this policy periodically.
14. Contact
If you have any questions about this Privacy Policy or our data practices, please contact us:
Blumead LLP, trading as Blue Meridian Advisory
No. 20, D. Nagaraj Layout, Kaval Byra Sandra, R. T. Nagar Post, Bangalore – 560032, India
Email: support@blumead.com