Privacy Notice
In short: our software connects to your Amazon Advertising account, with your explicit permission, so it can show you reports and make the campaign changes you approve. We use that data to run the service for you and for nothing else. We do not sell it, and we do not share your advertising data with other customers or with advertisers who compete with you. You can disconnect at any time.
Who we are
Digimax is a registered advertising agency in the Republic of Korea, operating since January 2019. We build and operate advertising automation software, including Autopilot, a tool that manages Amazon Sponsored Products campaigns on behalf of the advertiser who owns them.
For any question about this notice or about your data, write to contact@digimax.co.kr.
What we collect
We collect two kinds of data, and they arrive by different routes.
1. Data you give us directly
- Account details: your name, email address, and company name.
- Your password, stored only as a one-way cryptographic hash. We never store, and cannot read, the password itself.
- Billing details, if you subscribe to a paid plan. Card data is handled by our payment provider and never reaches our servers.
2. Amazon Advertising data, only after you authorize it
When you choose to connect your Amazon Advertising account, Amazon asks you to grant permission through its own consent screen (Login with Amazon). Only after you grant it do we receive:
- Your advertising profiles: the accounts and marketplaces you manage.
- Campaign structure: campaigns, ad groups, keywords, product targets, negative keywords, and advertised products.
- Performance reports: impressions, clicks, spend, sales, orders, and search-term data for those campaigns.
- An access token that lets our software talk to Amazon on your behalf. It is stored encrypted, and it never appears in our logs or anywhere in the product.
3. Technical records
- Security and audit records: sign-in events, IP address, and a log of every change our software makes to your campaigns, so any action can be traced back to who approved it and when.
Why we use it
| Purpose | What that means in practice |
|---|---|
| Running the service | Showing you your campaign performance, calculating suggestions such as keywords to add or negate, and applying the changes you approve to your Amazon account. |
| Safety limits | Enforcing spending safeguards, such as daily caps on the number of changes and alerts when spend jumps unexpectedly. |
| Security and accountability | Detecting misuse, and keeping an audit trail of who changed what. |
| Support and billing | Answering your questions and, on paid plans, taking payment. |
We do not use your advertising data to train models for other customers, to build competitive intelligence, or for any advertising purpose of our own.
What we never do
- We do not sell your data, and we never have.
- We do not share your advertising data with other customers. Each customer's data is isolated from every other customer's at the database level.
- We do not use your data to advertise to you.
Who else touches your data
We use a small number of service providers to operate the product. They may process data only on our instructions, and only for the purpose listed:
| Provider | Purpose |
|---|---|
| Amazon Advertising | The source of your campaign data, and the destination of any change you approve. |
| Cloud hosting | Running the application and storing its database. |
| Email delivery | Sending transactional email such as verification and password-reset links. |
| Payment processing | Taking subscription payments on paid plans. Card details go directly to the provider. |
We disclose data to anyone else only where the law requires it.
How long we keep it
We keep your account and campaign data for as long as your account is open, because the product's suggestions depend on your performance history. When you close your account, or ask us to delete your data, we remove it from our live systems, and it drops out of routine backups within 30 days.
Security and audit records are kept longer where we are required to, or where they are needed to investigate misuse.
How we protect it
- Your Amazon access token is encrypted at rest. It is never written to a log file and never displayed in the product.
- Customer data is isolated at the database level, so one customer's queries cannot reach another customer's rows. This is enforced by the database itself, not by application code alone.
- Passwords are stored only as one-way hashes, using a modern algorithm designed to resist brute-force attack.
- Every change our software makes to your campaigns is recorded, along with who approved it.
No system is perfectly secure, and we will not pretend otherwise. If a breach ever affects your data, we will tell you and the relevant authority, as the law requires.
Your choices and your rights
You can disconnect your Amazon account at any time, from the settings screen inside the product or from your Amazon account's own permissions page. Once you disconnect, we stop receiving new data from Amazon and we make no further changes to your campaigns.
You may also ask us to show you the personal data we hold about you, correct it if it is wrong, delete it, stop processing it, or withdraw a consent you previously gave. Write to contact@digimax.co.kr and we will respond within the period the law allows.
Cookies
We use a single session cookie to keep you signed in, plus a token that protects your session against cross-site request forgery. We use no advertising or tracking cookies, and we run no third-party analytics that follow you across other sites.
Children
The product is a business tool. It is not directed at children, and we do not knowingly collect data from them.
Privacy officer and complaints
Under Korean law we designate a person responsible for personal data.
| Registered name | Digimax (디지맥스) |
| Business registration | 343-11-01203 |
| Privacy officer | Je Ha Bak, Representative |
| Contact | contact@digimax.co.kr |
| Registered office | Songpa Terra Tower 2, 201 Songpa-daero, Songpa-gu, Seoul, Republic of Korea |
If you are not satisfied with our answer, you may raise the matter with the Korea Internet and Security Agency Privacy Complaint Center (privacy.kisa.or.kr, 118), the Personal Information Dispute Mediation Committee (kopico.go.kr), or the Personal Information Protection Commission (pipc.go.kr).
Changes to this notice
If we change how we handle data, we will update this page and move the effective date at the top. Where a change is significant, we will tell you directly rather than rely on you noticing.