Compliance At XBoost Inc., we’re committed to meeting applicable industry and data-protection standards so you can trust AmazonGPT with your Seller Central and Ads data. 1. Data-Protection Regulations • GDPR & CCPA We honor user rights under the EU General Data Protection Regulation and the California Consumer Privacy Act. You may request access, correction, or deletion of your personal data at any time via contact@xboost.so. 2. Minimal Data Storage • We store only what’s strictly necessary: • Your Slack user ID and email for app installation • OAuth tokens (read-only) to fetch your Amazon metrics • Daily usage counters (to enforce the 200-call limit) • No prompts or AWS credentials are ever persisted beyond secure, short-lived cache. 3. Secure Transmission & Storage • In Transit: All Slack and Amazon API calls occur over TLS (HTTPS). • At Rest: Tokens and logs are encrypted (AES-256) in our U.S. data center. 4. Third-Party Certifications • Slack Leverages SOC 2 Type 2 controls and supports workspace-level 2FA. • OpenAI Operates under SOC 2 Type 2 audit compliance; does not train models on your data without explicit opt-in. 5. Continuous Monitoring & Incident Response • We monitor our infrastructure and API usage for anomalies. • In the unlikely event of a breach, we will notify affected users at contact@xboost.so within 72 hours. 6. Business Associate Agreements • While not typically required for Slack integrations, we’re prepared to sign a BAA with qualified partners upon request. XBoost Inc. 730 Arizona Ave, 2nd Floor, Santa Monica, CA 90401 contact@xboost.so