Amazon customer PII and order PII
Maximum 30 days after order delivery unless a shorter retention period applies, or retention is required by applicable law, tax obligation, dispute resolution, fraud prevention, chargeback, return, refund or a permitted marketplace business purpose.
Deleted, anonymized, redacted or securely archived according to the permitted purpose. Customer PII is not used for marketing, resale, profiling or unrelated activity.
Flipkart, Meesho and other marketplace customer PII
Default maximum 30 days after order delivery or service completion unless the marketplace requires a stricter rule or applicable law requires a longer period.
Deleted or redacted from active working files once the support, shipment, return, billing or marketplace purpose is complete.
Seller business contact, onboarding and service records
For the duration of the service relationship plus a reasonable business/legal retention period where required for invoices, contracts, support history, tax compliance or dispute resolution.
Reviewed periodically. Records no longer required are deleted, anonymized or archived with restricted access.
Marketplace authorization tokens, API credentials and user access records
Only while authorization is active and required for the approved service. Access is removed when the service ends, the seller requests revocation, or the role is no longer required.
Tokens are revoked, access is removed, credentials are rotated or deleted, and permissions are reviewed under least-privilege principles.
Non-PII marketplace data, catalog data and performance reports
Amazon non-PII data is not retained beyond 18 months unless required by law or a permitted service purpose. For other portals, OTOECOM follows the marketplace requirement or this same conservative limit where practical.
Aggregated, anonymized, deleted or archived for legitimate business analysis, reporting, training or service improvement without exposing customer PII.
Support tickets, case notes and training records
Retained only while needed for the service, issue resolution, training completion or follow-up support. PII included in notes is removed or redacted when no longer required.
Working files are reviewed periodically. Sensitive screenshots or screen-share notes are deleted or redacted after the approved purpose is complete.
Security logs, access logs and audit logs
Maintained for at least 12 months where required for security monitoring and auditability, unless a longer period is required by law, investigation or contract.
Logs are access-controlled and used for security, investigation, incident response and compliance validation.
Backups and disaster recovery copies
Retained only according to the backup rotation schedule. Backup data is encrypted and not used for active processing.
If deleted PII is restored during disaster recovery, it is re-deleted or re-redacted promptly after recovery validation.
Invoices, tax and statutory records
Retained as required by applicable Indian tax, accounting, company, contract or legal obligations.
Stored with restricted access. Unnecessary customer PII is not kept inside invoice or accounting files unless legally required.
If multiple retention rules apply to the same data, OTOECOM follows the stricter marketplace requirement unless a longer retention period is legally required. Data that is no longer needed is deleted, anonymized, redacted or securely archived with restricted access.