Privacy Policy

Effective Date: November 1, 2025

1. Introduction

ClearEDI Inc. ("ClearEDI", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our enterprise EDI integration platform and related services (the "Services").

Data Controller:
ClearEDI Inc.
115 Garfield St. #21897
Sumas, WA 98295
Email: privacy@clearedi.io

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, company name, phone number, business address
  • Authentication Credentials: Login credentials, API keys, OAuth tokens for third-party integrations
  • EDI Transaction Data: Business documents (purchase orders, invoices, shipping notices), trading partner information, EDI account details
  • Communication Data: Support requests, correspondence, feedback

2.2 Information Collected Automatically

  • Usage Data: IP address, browser type, device information, access times, pages viewed
  • Log Data: API requests, transaction processing logs, system events, error logs
  • Cookies: Session management, authentication, analytics (see Section 9)

2.3 Amazon Seller Central Integration Data

When you connect your Amazon Seller Central account through our Services, we collect and process:

  • Seller Information: Seller ID, marketplace IDs, account credentials (refresh tokens)
  • Order Data: Order details, customer shipping information (name, address), fulfillment status
  • Product Information: Inventory levels, product listings, pricing information
  • Personally Identifiable Information (PII): Customer names, shipping addresses, and other data necessary for order fulfillment and tax compliance

Important: We process Amazon Seller Central data in accordance with Amazon's Data Protection Policy and retain PII for no longer than 30 days after order delivery, except as required by law for tax compliance or other legal obligations.

3. How We Use Your Information

3.1 Service Delivery

  • Provide, operate, and maintain our EDI integration platform
  • Process EDI transactions (X12, EDIFACT) between you and your trading partners
  • Facilitate connectivity via SFTP, AS2, and REST API protocols
  • Synchronize data with eCommerce platforms (Amazon, Shopify)
  • Generate functional acknowledgements and transaction reports

3.2 Business Operations

  • Authenticate users and manage access controls
  • Process billing and payments
  • Provide customer support and respond to inquiries
  • Detect, prevent, and address fraud or security issues
  • Comply with legal obligations and enforce our terms

3.3 Service Improvement

  • Analyze usage patterns to improve platform functionality and performance
  • Develop new features and services
  • Conduct internal research and analytics (using aggregated, de-identified data)

3.4 Amazon-Specific Data Usage

PII from Amazon Seller Central is used exclusively for:

  • Order fulfillment and shipping coordination
  • Tax calculation and invoice generation
  • Compliance with legal and regulatory requirements

We do not use Amazon PII for marketing, analytics model training, or any purpose beyond what is necessary for order fulfillment and legal compliance.

4. Legal Bases for Processing (GDPR)

For users in the European Economic Area (EEA), we process your personal data under the following legal bases:

  • Contractual Necessity: Processing necessary to perform our contract with you (service delivery, transaction processing)
  • Legitimate Interests: Fraud prevention, security, service improvement, business analytics
  • Legal Obligation: Compliance with tax laws, data protection regulations, court orders
  • Consent: Marketing communications, optional features (where consent is obtained)

5. Data Sharing and Disclosure

5.1 Service Providers

We share data with third-party service providers who assist us:

  • Cloud Infrastructure: Amazon Web Services (AWS) for hosting and storage (us-east-1 region)
  • EDI Processing: EdiFabric for X12/EDIFACT parsing, validation, and generation
  • Authentication: Auth0 for identity and access management
  • Payment Processing: Third-party payment processors for billing
  • Monitoring: New Relic for application performance monitoring

All service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 Trading Partners

With your authorization, we transmit EDI business documents to your designated trading partners as necessary for B2B transaction processing.

5.3 Legal Requirements

We may disclose information when required to:

  • Comply with legal obligations, court orders, or subpoenas
  • Enforce our Terms of Service or other agreements
  • Protect the rights, property, or safety of ClearEDI, our users, or the public
  • Investigate fraud, security incidents, or policy violations

5.4 Amazon Data Sharing Restrictions

Data obtained from Amazon Seller Central APIs is subject to Amazon's Data Protection Policy and will not be:

  • Sold, rented, or disclosed to third parties for marketing
  • Used to develop or train large language models or AI systems
  • Subjected to data mining, scraping, or unauthorized extraction
  • Retained beyond the permitted retention period (30 days for PII)

6. Data Security

We implement industry-standard security measures to protect your data, aligned with Amazon's Data Protection Policy requirements:

6.1 Encryption

  • Data in Transit: TLS 1.2+ for all API communications, SFTP and SSH-2 for file transfers
  • Data at Rest: AES-256 encryption for all stored data, including credentials and PII
  • Key Management: Secure key generation, storage, rotation, and revocation procedures

6.2 Access Controls

  • Multi-factor authentication (MFA) for all user accounts
  • Role-based access control (RBAC) with least privilege principle
  • Unique user IDs; no shared credentials
  • Quarterly access reviews and 24-hour termination protocols

6.3 Network Security

  • Firewalls and network segmentation
  • Intrusion detection and prevention systems
  • Regular vulnerability scanning (monthly minimum)
  • Annual penetration testing

6.4 Incident Response

  • 24-hour breach notification procedures
  • Immediate reporting to affected parties and regulatory authorities
  • Annual incident response plan reviews and updates

If you suspect a security incident, please report immediately to security@clearedi.io.

7. Data Retention

7.1 General Data

We retain your data for as long as:

  • Your account is active and you continue using our Services
  • Necessary to provide Services, resolve disputes, or enforce agreements
  • Required by law for tax, accounting, or regulatory purposes

Upon account termination, we will securely delete your data within 30 days, unless retention is legally required.

7.2 Amazon PII Retention

Personally Identifiable Information from Amazon Seller Central:

  • Retained for no longer than 30 days after order delivery
  • Exception: Data required by law for tax compliance may be retained as legally mandated
  • Non-PII data is deleted within 18 months unless legally required

7.3 Secure Deletion

All data deletion follows NIST 800-88 standards or equivalent industry-standard sanitization processes.

8. Your Rights and Choices

8.1 Access and Portability (GDPR Article 15, 20)

You have the right to request a copy of the personal data we hold about you in a structured, commonly used format.

8.2 Rectification (GDPR Article 16)

You may request correction of inaccurate or incomplete personal data.

8.3 Erasure (GDPR Article 17, CCPA)

You may request deletion of your personal data, subject to legal retention requirements.

8.4 Restriction and Objection (GDPR Articles 18, 21)

You may request restriction of processing or object to processing based on legitimate interests.

8.5 Opt-Out (CCPA/CPRA)

California residents may:

  • Request disclosure of categories and specific pieces of personal information collected
  • Request deletion of personal information
  • Opt-out of data sales (we do not sell personal data)
  • Exercise rights without discrimination

8.6 Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time.

8.7 How to Exercise Your Rights

Contact us at privacy@clearedi.io. We will respond within 30 days (GDPR) or 45 days (CCPA).

9. Cookies and Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Authentication, session management, security
  • Analytics Cookies: Usage statistics, performance monitoring

You can control cookies through your browser settings. Disabling essential cookies may affect platform functionality.

10. International Data Transfers

Your data may be transferred to and processed in the United States (AWS us-east-1 region). For EEA users, we rely on:

  • Standard Contractual Clauses (SCCs) approved by the EU
  • Adequate safeguards as required by GDPR Article 46

11. Children's Privacy

Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children.

12. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for their privacy practices. Review their privacy policies before providing information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated effective date. Material changes will be communicated via email or prominent notice.

14. Contact Us

For questions or concerns about this Privacy Policy or our data practices:

Email: privacy@clearedi.io
Mail: ClearEDI Inc., 115 Garfield St. #21897, Sumas, WA 98295
Support: Contact Support

15. Supervisory Authority

If you are in the EEA, you have the right to lodge a complaint with your local data protection authority if you believe we have not complied with applicable data protection laws.