Kayistra Contact

Privacy Policy

Last updated: May 2026

1. Who we are

Kayistra is an Amazon seller management platform operated by Mahmut Fuat Sahin, based in Istanbul, Turkey. We provide tools that help Amazon sellers manage orders, inventory, pricing, and shipping operations via the Amazon Selling Partner API (SP-API).

Contact: info@kayistra.com

2. Data we collect

To operate the platform, we access the following data from Amazon via SP-API with the seller's OAuth consent:

  • Order information (order ID, items, quantities, amounts, dates)
  • Shipping address and buyer contact (for shipping label generation)
  • Product and inventory data
  • Pricing and fee information

We collect only the data necessary to provide the service. No data is collected without the seller's explicit authorization.

3. How we use your data

Amazon data accessed via SP-API is used solely for:

  • Generating shipping labels via our carrier partner
  • Pushing fulfillment tracking numbers back to Amazon
  • Displaying order and inventory information in the seller dashboard
  • Automating pricing updates per the seller's configured rules

We do not use Amazon data for secondary purposes, advertising, machine learning training, or cross-seller analysis.

4. Data sharing

Shipping address and buyer contact information is shared exclusively with Shipentegra (a licensed carrier aggregator and Amazon Partner) for the sole purpose of generating shipping labels. Data is transmitted via TLS 1.3 encrypted API. No other third parties receive Amazon buyer data.

5. Multi-tenant data isolation

Kayistra is designed as a multi-tenant platform serving multiple Amazon sellers concurrently. We enforce strict data isolation between sellers at the database, application, and access-control layers. One seller's data — including orders, PII, credentials, and shipping addresses — is never accessible to another seller or surfaced in any cross-tenant analytics. Each seller's Amazon authorization (refresh token) is encrypted with tenant-specific key derivation. Detailed technical controls are documented in our Security Policy.

6. Data retention

Personally Identifiable Information (PII) — including shipping addresses and buyer contact details — is retained for a maximum of 30 days following confirmed order delivery. After this period, PII is permanently deleted or irreversibly anonymized.

Non-PII order metadata (order ID, amounts, dates, SKUs) may be retained for up to 5 years to comply with Turkish Commercial Code (TTK Art. 82) and applicable tax legislation. No PII is included in these long-term records.

7. Data security

We apply the following security measures to protect your data:

  • All data encrypted at rest using AES-256-GCM
  • All data transmitted via TLS 1.3
  • Credentials and API secrets never stored in plain text or version control
  • Access to production systems restricted to authorized personnel only
  • Regular security reviews and vulnerability assessments

8. Your rights

You may request access to, correction of, or deletion of your personal data at any time. To make a request, contact us at info@kayistra.com. We will respond within 30 days.

If you are located in the European Union, you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

9. Security incident notification

In the event of a data breach affecting your personal information, we will notify affected parties and relevant authorities within 72 hours of detection, in accordance with applicable law.

10. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. We encourage you to review this page periodically.

11. Contact

For privacy-related questions or data requests:

Mahmut Fuat Sahin
Kayistra
Istanbul, Turkey
info@kayistra.com