1) Retention windows
This policy defines how SellerUX by Nestos Shop protects Amazon Information through retention limits, backup controls, and tested recovery runbooks.
- Amazon customer PII is retained for operational use no longer than 30 days after order delivery unless law requires longer retention.
- If legal retention is required, information is moved to restricted archival storage with encrypted access controls.
2) Backup encryption standard
- Backups and archives are encrypted at rest using AES-256.
- Data in transit to backup systems is protected with TLS 1.2+.
- Key material is centrally managed and access is restricted to approved security/operations roles.
3) Geographically separated backup location
- Primary production workloads run in one region.
- Encrypted backup copies are stored in at least one geographically separate region for disaster recovery.
- Cross-region replication is configured for backup artifacts and immutable backup policies are enforced where applicable.
4) Restore procedures and objectives
- RTO target: service restoration within 8 hours for critical Amazon-related operations.
- RPO target: data recovery point within 4 hours for critical records.
- Restore runbooks define incident triage, backup selection, integrity verification, staged restoration, and service validation before reopening full access.
5) Backup and recovery testing
- Backup jobs are monitored continuously with failure alerting.
- Recovery drills are performed at least semi-annually and after major architecture changes.
- Drill evidence (timestamps, systems restored, issues found, corrective actions) is maintained for audit and compliance review.
6) Vulnerability management linkage
- Vulnerability scans are performed at least every 180 days.
- Penetration tests are performed at least every 365 days.
- Code vulnerability scans are required before each release.