仙丽科技 LOGO仙丽科技彩卡特种纸供应链专业服务商
电话咨询添加微信申请合作

Optimal Trading Company Limited

Privacy Policy

This policy describes how information is handled through the Xianli Paper website and our private internal business systems.

Last Updated: July 14, 2026

1. Introduction

Optimal Trading Company Limited (“we,” “us,” or “our”) respects the privacy and security of information processed through our website and internal business systems. “Xianli Paper” is the website and business brand operated by Optimal Trading Company Limited.

This Privacy Policy explains how we collect, use, store, protect, and disclose information in connection with our public website and our private internal enterprise resource planning and advertising analytics tools, including information obtained through the Amazon Ads API.

Our internal application is used exclusively to operate and manage our own company’s Amazon advertising accounts. It is not offered to third-party sellers, advertisers, agencies, software providers, customers, or other external parties.

2. Information We Collect

2.1 Amazon Advertising Information

With authorization from our company’s Amazon account, we may process:

  • Profile and advertising account identifiers
  • Campaign, Portfolio, Ad Group, advertisement, and creative information
  • Keyword, Targeting, Search Term, Placement, Budget, Bid, and campaign settings
  • Impression, Click, Cost, Attributed Order, Attributed Sales, conversion rate, and other advertising performance metrics
  • Advertising reports and aggregated performance information

Our integration retrieves advertising-related data only. It is not designed to retrieve or process buyer names, delivery addresses, telephone numbers, payment card information, or other buyer-level personal information through the Amazon Ads API.

2.2 Authorization and Technical Information

We may process authorization status, application and Profile identifiers, Access Tokens, Refresh Tokens, API request timestamps, response status information, security events, error categories, system logs, IP addresses, and device or browser information used to access our internal systems.

Client credentials, Access Tokens, and Refresh Tokens are used only to establish and maintain authorized connections. They are not placed in public source code, browser-side code, public repositories, unsecured spreadsheets, public URLs, or ordinary logs.

2.3 Website and Contact Information

When a person visits our website or contacts us, we may collect:

  • Name and company name
  • Email address and telephone number
  • Message content and business inquiry information
  • Basic website access information, IP address, browser information, and technical logs

2.4 Cookies and Tracking

The public website does not currently use Google Analytics, Meta Pixel, Amazon Pixel, advertising cookies, or similar behavioral tracking technologies. Authenticated internal administration functions may use a strictly necessary, secure session cookie to maintain an administrator session. If our use of cookies or tracking changes, we will update this policy and implement any required consent controls before the change takes effect.

3. How We Use Information

We use information only for legitimate internal business purposes, including:

  • Retrieving and analyzing Amazon advertising reports
  • Managing campaigns, portfolios, ad groups, budgets, bids, keywords, placements, and targeting
  • Monitoring advertising cost, attributed orders, attributed sales, and campaign performance
  • Comparing advertising performance with inventory, sales, product cost, and financial information
  • Preparing internal operational, advertising, and profitability reports
  • Supporting campaign optimization and business decision-making
  • Diagnosing technical problems, maintaining reliability, and preventing unauthorized access or misuse
  • Complying with applicable legal, regulatory, accounting, contractual, and security obligations

We do not use Amazon advertising information to provide services to unrelated third parties.

4. Sources of Information

Amazon advertising information is obtained directly from Amazon through an authorized Amazon Ads API connection. Website and contact information may be provided directly by visitors, customers, suppliers, distributors, or other business partners. Technical logs are produced by the systems and infrastructure used to deliver and protect the website and internal tools.

We do not obtain Amazon advertising account information through unauthorized web scraping, data purchasing, credential sharing, or other unauthorized sources.

5. Information Sharing and Disclosure

We do not sell, rent, trade, or commercially distribute Amazon advertising information or personal information.

Information may be disclosed only:

  • To authorized personnel who need it to perform assigned duties
  • To carefully selected hosting, infrastructure, storage, security, or technical providers solely to operate and protect our systems
  • When required by applicable law, regulation, court order, or governmental authority
  • When reasonably necessary to protect our company, systems, legal rights, customers, or business partners from fraud, misuse, unauthorized access, or security threats
  • In a merger, acquisition, restructuring, financing, sale of assets, or similar transaction subject to appropriate confidentiality and data-protection requirements

Our public website uses Alibaba Cloud OSS and CDN services for hosting and delivery. Our server-side OAuth callback is hosted on Vercel. Encrypted authorization records may be stored using a managed Redis service such as Upstash when that storage is configured. These providers are required to process information only for the agreed purpose and under appropriate confidentiality and security safeguards.

6. Data Security

We apply reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, loss, destruction, or misuse. Measures may include least-privilege access, role-based controls, multi-factor authentication where available, encryption in transit, encryption of stored Refresh Tokens, restricted secrets, network controls, monitoring, software updates, vulnerability management, and credential revocation or rotation.

Access Tokens are short-lived and are not intended for long-term archival. Refresh Tokens are stored only in encrypted form by the server-side storage layer. No electronic system can be guaranteed to be completely secure, but we review and improve safeguards as systems and risks change.

7. Access Restrictions

Access to Amazon advertising information is limited to authorized personnel of Optimal Trading Company Limited according to job responsibilities and the principle of least privilege. Access may be reviewed, modified, suspended, or removed when duties change, access is no longer needed, employment or engagement ends, unauthorized activity is detected, or credential compromise is suspected.

8. Data Retention

We retain information only for as long as reasonably necessary to operate our internal ERP and advertising functions, complete reporting and reconciliation, maintain security and audit records, resolve disputes, and meet legal, tax, accounting, regulatory, or contractual obligations.

When information is no longer required, we may delete, anonymize, aggregate, or securely dispose of it. Temporary credentials may be replaced, revoked, or deleted when they expire or are no longer required.

9. International Processing

Optimal Trading Company Limited is registered in Hong Kong, while authorized personnel, infrastructure providers, and Amazon services may be located in other countries or regions. Information may therefore be accessed or processed across borders for legitimate internal business purposes. We take reasonable steps to protect it according to its nature, applicable legal requirements, and relevant contractual obligations.

10. Amazon Authorization and Revocation

Access to Amazon advertising information depends on authorization granted through the relevant Amazon account. An authorized Amazon account administrator may revoke access through the applicable Amazon account, advertising account, or authorization settings.

After revocation, our application will stop retrieving new information from the affected advertising account. Related credentials may be revoked or deleted, and previously retained information will be handled according to this policy and applicable retention requirements.

11. Personal Information Rights

Subject to applicable law and relevant exceptions, individuals may contact us to request confirmation of processing, access, correction, deletion, restriction, or withdrawal of consent where processing is based on consent. We may verify the requester’s identity and authority. Some information may need to be retained for legal, accounting, contractual, fraud-prevention, dispute-resolution, or security reasons.

12. Children’s Privacy

Our website, products, services, and internal application are intended for businesses and adults. We do not knowingly collect personal information from children through the Amazon Ads API or our internal ERP system.

13. Third-Party Services

Our website and internal systems may connect to services operated by Amazon and the technical providers described in this policy. Those services operate under their own terms, security requirements, and privacy notices. This policy describes information under our control and does not replace the policies or terms of Amazon or another provider.

14. Security Incident Response

If we identify a suspected incident involving Amazon information or application credentials, we may:

  • Investigate and document the incident
  • Restrict or suspend affected access and isolate affected systems
  • Revoke or replace affected credentials and tokens
  • Correct identified vulnerabilities and restore affected services
  • Notify relevant parties or authorities where required
  • Review the incident and improve applicable controls

15. Changes to This Privacy Policy

We may update this policy when our business operations, internal systems, legal obligations, security practices, service providers, or data-processing activities change. The updated version will be published on this page with a revised “Last Updated” date. Material changes may also be communicated through other reasonable methods where appropriate.

16. Contact Us

For privacy, security, personal information, or data-protection questions, please contact:

Optimal Trading Company Limited
Website: https://www.xianlipaper.com/
Email: optimal-gdgz@outlook.com
Registered Address: UNIT 806, 8/F TOWER 2 SOUTH SEAS CTR, 75 MODY RD, TSIM SHA TSUI, HONG KONG