Not on AWS Marketplace yet? We get you listed, integrated and earning — live in days, no specialist. See how we get you listed
Legal

Privacy Policy

Last updated: 31 August 2025
Terms & ConditionsData Processing AgreementPrivacy Policy

This privacy policy applies to the AWSsome website, the AWSsome SaaS application, and any related products or services (the "Solution").

Hosting

AWSsome runs on leading cloud services. The application is deployed on Microsoft Azure, Amazon Web Services or Google Cloud Platform when needed. Data is stored in the public cloud region automatically chosen for lowest latency; regions can be in the EEA, United Kingdom, United States, Canada, Asia-Pacific, Latin America, the Middle East or Africa. All providers offer high availability, built-in disaster recovery and ISO/IEC 27001-certified data centres.

Encryption

Every byte is encrypted in transit and at rest with service-managed keys. Back-ups are held in a separate availability zone in the same geography.

Authentication

Sign-in uses AWS IAM Identity Center Single Sign-On when the customer has an AWS Organization with federated identity configured. Where SSO is not available, AWSsome issues its own credentials. Passwords are stored using industry-standard salted hashing algorithms.

Protection of Personal Data

AWSsome is controller for account, billing and security data, and processor for any "Publisher Data" you upload. The rules for processor work are set out in the Data Processing Agreement.

The data we handle is low-sensitivity:

  • Publisher account data: company name, authorised-user work email, authorised-user name and surname.
  • Marketplace order data: end-customer email (mandatory), name (optional), role (optional), phone (optional) — defined by the Publisher.

Publishers must not upload special-category or criminal-history data.

Sub-processors

All sub-processors are vetted and bound by GDPR-level contracts.

International Transfers

When data leaves the EEA or UK, AWSsome relies on the EU Standard Contractual Clauses and the UK Addendum, and the EU-US Data Privacy Framework where the recipient is self-certified.

Retention

DataRetention
Active accountsKept while the contract is active
Customer-closedDeleted 30 days after closure
SuspendedDeleted 120 days from suspension
Back-ups30-day rolling window
Billing / taxContract term + 6 years
Security logs12 months
Support ticketsContract term + 24 months

After these periods, data is deleted or fully anonymised.

Security & Certifications

AWSsome maintains an ISO/IEC 27001-certified ISMS. Since 31 August 2025 we also hold a SOC 2 Type 2 attestation covering Security, Confidentiality and Availability. Key controls include SSO, least-privilege access, encryption, network segmentation, 24×7 monitoring and tested incident-response plans. Our most recent SOC 2 Type 2 report and ISO 27001 certificate are available to customers under NDA.

Your Rights

You may, under applicable law, ask to access, correct, delete, restrict or port your Personal Data, or object to our processing. Send requests to legal@awssome.io. We may verify identity before action.

Incident Notification

If a breach affects Publisher Data while we act as processor, we will inform the Publisher without undue delay as required by the DPA. If we act as controller, we will notify the CNIL and, where required, affected persons.

Children

The Solution targets business users only. We do not knowingly collect data from minors.

Changes

Material changes will be announced in-app or by email 30 days before they take effect. Continued use after that date means acceptance.

Contact

Email: legal@awssome.io