Privacy Policy

1. Who we are

EvenFee (“EvenFee”, “we”, “us”) is a service that helps Amazon FBA sellers identify and recover fulfillment and storage fees that were overcharged because of incorrect product dimension or weight measurements. EvenFee is operated by an independent sole proprietor based in Portugal (European Union), who acts as the data controller for the purposes of the EU General Data Protection Regulation (GDPR).

For any privacy question or request, contact us at hello@evenfee.com.

2. Data we access

With your explicit authorization, and only after you connect your account through Amazon's official Selling Partner API (SP-API), EvenFee accesses your own Amazon seller account data, namely:

• FBA fee data — fulfillment and storage fees charged to your account.
• Product dimension & weight records — the measurements Amazon holds for your products, and the resulting size-tier classification.
• Inventory data — your products, SKUs/ASINs, and stock information.
• Shipment data — inbound shipments and related logistics records.
• Financial / transaction data — fee transactions, settlements, and reimbursement records for your account.

We also process limited account & contact information that you provide directly — for example, your name and email address when you contact us or sign up — so we can communicate with you and administer your subscription.

3. No buyer personal data

4. Why we process it (purposes & legal bases)

We use the data above only for the following purposes:

• To audit your FBA fees and detect measurement-related overcharges and size-tier misclassifications across your catalog.
• To prepare and help file your reimbursement claims for the overcharges we identify, through Amazon's standard processes.
• To provide ongoing monitoring that flags new measurement errors.
• To communicate with you about your audit, claims, subscription, and support requests.

Under the GDPR, our legal bases are: performance of a contract with you (Art. 6(1)(b)); our legitimate interests in operating and improving the Service in a privacy-protective way (Art. 6(1)(f)); your consent where it applies, such as your SP-API authorization (Art. 6(1)(a)); and compliance with legal obligations such as accounting and tax rules (Art. 6(1)(c)). We do not use your data for advertising, profiling, or automated decisions that produce legal effects.

5. Authorization & your control

Access is granted through Amazon's official SP-API authorization flow. We never ask for or store your Amazon password. The access is used to read the account data described above so we can audit fees and prepare your claims.

You remain in control at all times: you can revoke EvenFee's access from your Amazon Seller Central account at any time. When you revoke access, we stop processing your data and delete it as described in section 8.

6. How we protect data

• Encryption in transit and at rest. Data is transmitted over TLS and encrypted while stored.
• Restricted access. Access to your data is limited to what is necessary to operate the Service, on a need-to-know basis.
• Secrets management. API credentials and other secrets are held in a dedicated secrets manager and are never stored in source code or shared in plain text.
• Data minimization. We request only the data needed to audit fees and prepare claims, and nothing about your buyers.

7. Sharing & sub-processors

We do not sell, rent, or trade your data, and we do not share it for advertising. We do not disclose your data to third parties except:

• Cloud hosting sub-processor. We use a reputable cloud provider to host and store data needed to operate the Service. Our hosting sub-processor is:

Sub-processor	Purpose	Location
Amazon Web Services (AWS)	Cloud hosting, compute, and encrypted data storage	European Union region

We also act on Amazon's SP-API to retrieve your authorized account data. Beyond the above, we may disclose data where required by law or to protect our legal rights. If we ever add or change a sub-processor, we will update this policy.

8. Retention & deletion

We keep your data only for as long as needed to provide the Service and while your authorization remains active. When you revoke access or close your account, we delete (or irreversibly anonymize) your account data within 30 days, except for the minimum records we are legally required to retain (for example, invoices for accounting and tax purposes), which are kept only for the period required by law and then deleted.

9. Your GDPR rights

If you are in the EU/EEA, you have the right to: access your personal data; request rectification of inaccurate data; request erasure (“right to be forgotten”); restrict or object to processing; request data portability; and withdraw consent at any time, without affecting processing already carried out.

To exercise any of these rights, email hello@evenfee.com. We will respond within one month. You also have the right to lodge a complaint with your local supervisory authority — in Portugal, the Comissão Nacional de Proteção de Dados (CNPD).

10. This website

This marketing website is a static site and does not set tracking cookies or use third-party advertising or analytics trackers. Contact links open your email client; we receive only the information you choose to send us. Our hosting provider may process basic, non-identifying server logs (such as request metadata) for security and reliability.

11. Changes & contact

We may update this policy as the Service evolves or as required by law. We will revise the “Last updated” date above and, where appropriate, notify you. Questions or requests? Contact hello@evenfee.com.

This Privacy Policy is provided for transparency and does not constitute legal advice.