Composed Mind
Privacy

Privacy Policy

Composed Mind Ads Analytics Dashboard

Last updated: 23 June 2026

Application name: Composed Mind Ads Analytics Dashboard

Operator / Data Controller: Composed Mind Ltd (registered in England and Wales, company number 15738661)

Contact: dev@composedmind.com

This Privacy Policy explains how Composed Mind Ads Analytics Dashboard ("we," "our," or "the Application") collects, uses, stores, protects, and deletes information when KDP authors use the Application to track Amazon advertising performance and book sales data.

The Application is currently a development-stage software product designed to help authors view Amazon Ads metrics, KDP royalty information, sales performance, and related profitability analytics in a private dashboard.

We are committed to protecting user privacy, complying with applicable data protection laws including the General Data Protection Regulation ("GDPR"), and meeting Amazon Ads API data protection requirements.

1. Data We Collect

We collect only the information necessary to provide analytics, reporting, and authorized campaign-management features.

1.1 Account Information

When you create or use an account, we may collect:

  • Name or display name
  • Email address
  • Account login information
  • Application preferences
  • User profile settings

1.2 Amazon Ads API Data

When you connect your Amazon Ads account, and only after your authorization, we may collect and process Amazon Ads API data including:

  • Advertising spend
  • Clicks
  • Impressions
  • Campaign names and campaign IDs
  • Ad group data
  • Keyword data
  • Targeting data
  • Bid data
  • Budget data
  • Sales and attribution metrics made available through the Amazon Ads API
  • Other campaign performance metrics available through the Amazon Ads API

This Amazon Ads API data is collected strictly for performance tracking, reporting, analytics, and user-authorized campaign optimization.

1.3 KDP Royalty and Sales Data

When you connect or provide access to your KDP-related data, we may collect and process:

  • Book sales data
  • Royalty data
  • Marketplace-level sales and royalty information
  • Title-level performance information
  • Revenue and profit-related reporting data

This data is collected strictly to help you understand book performance, advertising profitability, return on ad spend, and related business metrics.

1.4 Authentication and API Access Data

To connect your Amazon accounts and provide the Application's features, we may store:

  • OAuth authorization data
  • Access tokens
  • Refresh tokens
  • API profile identifiers
  • Connection status information

We do not ask for or store your Amazon account password.

1.5 Technical and Usage Data

We may collect limited technical information necessary to operate, secure, and improve the Application, such as:

  • IP address
  • Browser type
  • Device type
  • Operating system
  • Log data
  • Error reports
  • Security events
  • Date and time of access

2. How We Use Data

We use collected data only for the purposes described in this Privacy Policy.

2.1 Private Analytics Dashboard

We use Amazon Ads API data and KDP royalty data solely to display analytics, reports, charts, profitability calculations, and performance insights in your private dashboard.

This may include:

  • Campaign performance tracking
  • Spend and sales reporting
  • Profit and royalty analysis
  • Return on ad spend calculations
  • Keyword and targeting performance analysis
  • Book-level profitability reporting
  • Marketplace-level performance reporting

2.2 User-Authorized Campaign Automation

If you choose to enable campaign automation features, we may use your Amazon Ads API data to automate campaign bid adjustments, budget recommendations, or related campaign-management actions.

Such automation is performed only as authorized by you and only within the scope of permissions you provide.

You may disable automation features at any time.

2.3 Application Operation and Security

We may use technical and account data to:

  • Provide and maintain the Application
  • Authenticate users
  • Secure user accounts
  • Prevent unauthorized access
  • Diagnose technical issues
  • Monitor service reliability
  • Comply with legal and security obligations

2.4 No Independent Advertising Use

We do not use your Amazon Ads data, KDP data, or personal information to build third-party advertising audiences, retarget users, create lookalike audiences, sell marketing profiles, or provide data to outside advertising networks.

3. Legal Basis for Processing Under GDPR

Where GDPR applies, we process personal data based on one or more of the following legal bases:

  • Consent: when you authorize us to connect to Amazon services or enable optional features.
  • Contractual necessity: when processing is necessary to provide the Application and its dashboard features.
  • Legitimate interests: when processing is necessary to secure, maintain, and improve the Application, provided those interests are not overridden by your data protection rights.
  • Legal obligation: when processing is required to comply with applicable law.

You may withdraw consent for connected Amazon accounts at any time by disconnecting your account or requesting deletion of your profile.

4. Data Sharing

We do not sell, trade, rent, or share Amazon Ads data, KDP royalty data, or personal information with third parties or outside networks.

Specifically:

  • We do not sell user data.
  • We do not trade user data.
  • We do not share Amazon Ads API data with advertising networks.
  • We do not disclose Amazon Ads API data to third-party marketers.
  • We do not use user data for third-party ad targeting.
  • We do not permit outside parties to use Amazon Ads API data or KDP data for their own purposes.

If we use secure infrastructure, hosting, database, monitoring, or security providers, they may process limited data only on our behalf, only as necessary to provide the Application, and only under appropriate confidentiality, security, and data-processing obligations. Such providers are not permitted to use the data for their own purposes.

We may disclose information only if required by law, court order, regulatory obligation, or to protect the security and legal rights of users or the Application.

5. Data Security

We use technical and organizational measures designed to protect user data against unauthorized access, loss, misuse, alteration, or disclosure.

5.1 Encryption in Transit

All credentials, access tokens, refresh tokens, API data, and user information are transmitted using secure encrypted connections, including HTTPS/TLS.

5.2 Encryption at Rest

Credentials, access tokens, refresh tokens, and sensitive account connection data are encrypted at rest within secure database systems.

5.3 Access Controls

Access to production systems and user data is restricted to authorized personnel or systems that require access for legitimate operational, security, or support purposes.

5.4 Token Protection

Amazon API access tokens and refresh tokens are treated as sensitive credentials. We store them securely, restrict access to them, and use them only to provide authorized Application functionality.

5.5 Security Monitoring

We may use logging, monitoring, and security controls to detect unauthorized access, suspicious activity, system errors, and potential vulnerabilities.

6. Data Retention

We retain personal data, Amazon Ads API data, KDP royalty data, and related analytics data only for as long as necessary to provide the Application, maintain user-requested reporting, comply with legal obligations, resolve disputes, and enforce agreements.

6.1 Amazon API Tokens

Users may disconnect their Amazon accounts at any time.

When a user disconnects an Amazon account or deletes their Application profile, stored Amazon API access tokens and refresh tokens associated with that account will be immediately and permanently deleted from active systems.

6.2 Account Deletion

Users may delete their profile at any time by using the available account deletion feature or by contacting us at the contact email listed above.

Upon profile deletion:

  • Stored Amazon API tokens are permanently deleted.
  • Account connection data is deleted.
  • Personal profile information is deleted or anonymized.
  • Stored dashboard data associated with the profile is deleted or anonymized unless retention is legally required.

6.3 Backup Systems

If backup systems are used, deleted data may remain in encrypted backups for a limited period until those backups are overwritten or securely deleted according to our backup retention schedule. Backup data is not restored except for disaster recovery, security, or legal necessity.

7. User Control and Amazon Account Disconnection

You remain in control of your connected Amazon accounts.

You may:

  • Disconnect your Amazon Ads account
  • Revoke API permissions
  • Disable campaign automation
  • Delete stored account connections
  • Delete your Application profile
  • Request deletion of personal data
  • Request access to your personal data

Disconnecting an Amazon account may limit or disable features that depend on Amazon Ads API access or KDP data access.

8. GDPR Rights

Where GDPR applies, you may have the following rights:

  • The right to access your personal data
  • The right to correct inaccurate personal data
  • The right to request deletion of your personal data
  • The right to restrict processing
  • The right to object to processing
  • The right to data portability
  • The right to withdraw consent at any time
  • The right to lodge a complaint with a competent data protection authority

To exercise these rights, contact us at: dev@composedmind.com

We may need to verify your identity before fulfilling certain requests.

9. Automated Campaign Adjustments

The Application may offer optional automation features that adjust advertising bids, budgets, or campaign settings based on performance rules, targets, or preferences selected by the user.

These features operate only when enabled and authorized by the user.

The Application does not make automated decisions that produce legal or similarly significant effects on individuals. Campaign automation is limited to advertising account optimization based on user-approved settings and Amazon Ads performance data.

Users may review, modify, pause, or disable automation settings at any time.

10. International Data Transfers

Depending on the infrastructure used to operate the Application, data may be processed in countries other than your country of residence.

Where required by applicable law, we use appropriate safeguards for international transfers of personal data, such as contractual protections, data processing agreements, and other legally recognized transfer mechanisms.

11. Cookies and Similar Technologies

The Application may use cookies or similar technologies for:

  • Authentication
  • Session management
  • Security
  • User preferences
  • Basic application functionality
  • Service reliability

We do not use cookies to sell user data or to share Amazon Ads data with third-party advertising networks.

12. Data Minimization

We collect and process only the data reasonably necessary to provide analytics, reporting, account connection, security, and authorized automation features.

We do not intentionally collect sensitive personal data such as government identification numbers, payment card numbers, health information, or biometric data.

13. Children's Privacy

The Application is intended for business and professional use by authors and publishers. It is not intended for children, and we do not knowingly collect personal data from children.

If we become aware that we have collected personal data from a child without appropriate consent, we will delete it.

14. Amazon Data Protection Commitments

To support compliance with Amazon Ads API data protection requirements, we make the following commitments:

  1. Data Collection: We collect Amazon Ads API data, including spend, clicks, impressions, campaign metrics, and related advertising performance data, as well as KDP royalty data, strictly for performance tracking, analytics, reporting, and user-authorized optimization.
  2. Data Usage: We use Amazon Ads API data and KDP royalty data solely to display analytics in the user's private dashboard and to automate campaign bid adjustments or related campaign actions only as authorized by the user.
  3. Data Sharing: We do not sell, trade, rent, or share Amazon Ads API data, KDP royalty data, or personal information with third parties or outside networks.
  4. Data Security: Credentials, access tokens, refresh tokens, and sensitive account connection data are encrypted in transit using HTTPS/TLS and encrypted at rest within secure database systems.
  5. Data Retention: Users may disconnect Amazon accounts or delete their profiles at any time. When this occurs, stored API access tokens and refresh tokens are immediately and permanently deleted from active systems.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Application, legal requirements, security practices, or Amazon API requirements.

When we make material changes, we will update the "Last updated" date and, where appropriate, provide notice through the Application or by email.

16. Contact

For questions, privacy requests, account deletion requests, or data protection concerns, contact:

Composed Mind Ltd

Email: dev@composedmind.com

Address: 71-75 Shelton Street, Covent Garden, London WC2H 9JQ, United Kingdom

Company registration number: 15738661 (registered in England and Wales)