Full Send PCMS
SP API Compliance
A product of Bracken Labs LLC
This page describes how Full Send PCMS complies with Amazon Selling Partner API requirements, including Restricted Data Access, data governance, security controls, and operational safeguards.
Legal Entity and Product Ownership
This page describes how Full Send PCMS complies with Amazon Selling Partner API requirements, including Restricted Data Access, data governance, security controls, and operational safeguards.
Purpose of SP-API Access
Full Send PCMS accesses Amazon Selling Partner API data solely to enable fulfillment providers using the platform to process Amazon orders on behalf of sellers who have explicitly authorized access.
SP-API access is used for the following purposes:
- Retrieving Fulfilled by Merchant (FBM) orders
- Supporting pick, pack, and ship workflows
- Generating shipping confirmations and tracking updates
- Maintaining fulfillment state and inventory coordination required to complete warehouse operations
Full Send PCMS does not provide analytics, advertising, data brokerage, or seller intelligence services.
Relationship to Fulfillment Providers and Sellers
- Full Send PCMS is an independent SaaS platform operated by Bracken Labs LLC
- Fulfillment providers are customers of Full Send PCMS
- Sellers authorize SP-API access directly through Amazon
- Full Send PCMS processes Amazon data only within the scope authorized by sellers and required for fulfillment operations
Amazon data is never accessed without seller authorization.
Data Usage and Personally Identifiable Information
Why We Require PII
Full Send PCMS requires limited Personally Identifiable Information strictly to enable fulfillment of FBM orders.
This may include:
- Buyer name
- Shipping address
- Order identifiers
- SKU and quantity information
- Shipping service level
This information is required to:
- Generate shipping labels
- Fulfill and ship customer orders
- Confirm shipment and tracking information back to Amazon
Amazon data is not used for marketing, analytics, profiling, resale, or advertising.
Data Collection
- Data is collected exclusively via Amazon Selling Partner API
- No scraping, browser automation, or third-party enrichment is used
- Only the minimum API permissions required to perform fulfillment operations are requested
Data Storage and Protection
Storage
- Data is stored only as long as necessary to complete fulfillment and operational requirements
- Infrastructure is hosted on secure cloud services with industry-standard safeguards
Encryption
- Data is encrypted in transit using TLS
- Data is encrypted at rest using industry-standard encryption methods
Data Access Controls
- Role-based access controls are enforced
- Access is restricted to authorized operational and systems roles
- Least-privilege principles are applied
- Shared credentials are not permitted
Access is reviewed periodically and revoked immediately upon role change or termination.
Data Retention and Deletion
- Order and customer data is automatically deleted after fulfillment is completed and operational requirements are satisfied
- Sellers may request deletion of their data at any time
- Backup systems follow the same retention and deletion standards
Data Sharing
- Amazon data is never sold, rented, or shared with third parties
- Data is used exclusively to enable fulfillment operations authorized by sellers
- Data is not transferred outside the scope of fulfillment processing
Logging and Monitoring
Bracken Labs LLC maintains logging and monitoring controls for Full Send PCMS to detect, investigate, and respond to security events.
These include:
- Logging of SP-API access and system activity
- Authentication and authorization logging
- Monitoring for abnormal or unauthorized access patterns
- Log review during security or operational incidents
Incident Response and Risk Management
In the event of a suspected security incident, unauthorized access, or data exposure, Bracken Labs LLC follows a documented incident response process:
- Immediate containment and access restriction
- Assessment of scope and impact
- Credential rotation and access review
- Remediation of identified issues
- Internal review and corrective action
Amazon and affected parties are notified when required by policy or applicable law.
Credential Management
- Strong password requirements are enforced
- Password managers are used where applicable
- Secrets and API credentials are stored securely
- Credentials are never committed to source control
- API keys and credentials are rotated as needed
Secure Coding Practices
Full Send PCMS follows secure development practices, including:
- Environment-based configuration and secrets management
- Code reviews prior to deployment
- Separation of development and production environments
- Measures to prevent accidental exposure of credentials
Vulnerability Management
- Security findings are logged and tracked internally
- Issues are prioritized based on severity
- Remediation is completed before deployment where applicable
- Systems are reviewed following remediation
Change Management and Responsibility
Change management and system access for Full Send PCMS are managed by:
Role: Founder and Systems Lead, Bracken Labs LLC
Responsibilities include:
- Approving system changes
- Managing production access
- Reviewing security and data protection controls
Access is granted based on role and operational necessity.
Compliance Commitment
Bracken Labs LLC is committed to compliance with:
- Amazon Selling Partner API policies
- Amazon Data Protection Policies
- Applicable security and data protection standards
This page is reviewed periodically and updated as practices evolve.
Contact
For questions related to SP-API compliance, data protection, or security practices, please contact:
Bracken Labs LLC
Full Send PCMS – Security and Systems