[IMP] amazon_connector: update form answers to redirect to odoo policies

sales/amazon_connector/apply.rst

@@ -45,13 +45,17 @@ Odoo.
 Answer the Additional Form
 ==========================
 
+.. tip::
+   If you did not receive any additional form after your :ref:`initial application for Amazon MWS
+   keys <amazon/developer-form>`, you may disregard this section.
+
 This section lists all questions asked by Amazon in additional forms. The answers are tailored for
-*Odoo Online* and *Odoo.sh*. If you did not receive any additional form after your :ref:`initial
+*Odoo Online* and *Odoo.sh*. Wherever the answer does not depend on Odoo, you are requested to
-application for Amazon MWS keys <amazon/developer-form>`, you may disregard this section.
+provide it yourself at the place indicated by square brackets.
 
 .. warning::
-   If you are not hosted on Odoo.com (*online*) or on Odoo.sh, you should adapt the answers related
+   If you are *not* hosted on Odoo.com (*online*) or on Odoo.sh, you should adapt the answers
-   to hosting according to your own infrastructure and data protection policy.
+   related to hosting according to your own infrastructure and data protection policy.
 
 - **Describe all functionalities in your application where Personally Identifiable Information (e.g.
   customer name, street address, billing address) is required.**
@@ -67,27 +71,23 @@ application for Amazon MWS keys <amazon/developer-form>`, you may disregard this
   exposed by Amazon through Amazon MWS, Seller Central, or Amazon's public-facing websites) and
   describe how your organization shares this information.**
 
-  ► If you do not share Amazon Information with outside parties:
+  We share Amazon Information with Odoo SA, our cloud service provider, for the exclusive purpose of
-    Odoo does not share any information with outside parties.
+  hosting our enterprise management system (including the Amazon MWS integration). See also
+  Odoo SA's Privacy Policy for details at `odoo.com/privacy <https://www.odoo.com/privacy>`_.
 
   ► If you share Amazon Information with outside parties:
-    [Description of your organization's policy regarding Amazon Information]
+    [Answer with the above text and add a description of your organization's policy regarding the
+    sharing of Amazon Information with outside parties]
 
 - **List all non-Amazon MWS sources where you retrieve Amazon Information.**
 
-  Odoo only relies on MWS to retrieve Amazon Information.
+  Our enterprise software only relies on MWS to retrieve Amazon Information.
 
 - **Describe how your organization restricts public access to databases, file servers, and
   desktop/developer endpoints.**
 
-  | - Access to the postgreSQL database through the network is disabled and standard ports are
+  We rely on Odoo S.A., our cloud service provider for our database security management. Their
-  |   closed. The database is only accessible through a socket on the server itself.
+  Security Policy can be found at `odoo.com/security <https://www.odoo.com/security>`_.
-  | - The reverse proxy only serves whitelisted directories that are only from sources controlled by
-  |   Odoo S.A.
-  | - API endpoints are password protected (PBKDF2 & SHA512 encryption, salted, and stretched for
-  |   thousands of rounds).
-  | - Login credentials are always transmitted securely over HTTPS.
-  |
 
 - **Describe how your organization uniquely identifies employees and restricts access to Amazon
   Information on a need-to-know basis.**
@@ -103,44 +103,42 @@ application for Amazon MWS keys <amazon/developer-form>`, you may disregard this
     to be able to print the delivery label and pack the products.
 
   ► If your employees share users or if they are given more rights than needed:
-    [Description of your organization's policy for the assignation of users and access rights to
+    [Answer with a description of your organization's policy for the assignation of users and access
-    your employees]
+    rights to your employees]
 
 - **Describe how your organization prevents Amazon Information from being accessed from employee
   personal devices.**
 
-  Odoo does not prevent employees from accessing the organization's data from personal devices.
+  Our enterprise software does not prevent employees from accessing the organization's data from
-  Role-based restrictions and access rights still apply.
+  personal devices. Role-based restrictions and access rights still apply.
 
 - **Provide details on your organization's privacy and data handling policies (a link to your policy
   is also acceptable).**
 
-  [Description of your organization's privacy and data handling policies]
+  [Answer with a description of your organization's privacy and data handling policies]
 
 - **Describe where your organization stores Amazon Information and provide details on how you
   encrypt this information (e.g., algorithm).**
 
-  Amazon Information is stored in an unencrypted database. Direct access to the database is not
+  We rely on Odoo S.A., our cloud service provider for our database security management. Their
-  possible for the customer outside of UI interactions or API calls. Granular access rights control
+  Security Policy can be found at `odoo.com/security <https://www.odoo.com/security>`_.
-  ensures that access is not shared to all users of the database.
 
 - **Describe how your organization backups or archives Amazon Information and provide details on how
   you encrypt this information (e.g., algorithm).**
 
-  The entire database is backed up once a day and backups are kept for a minimum of three months
+  We rely on Odoo S.A., our cloud service provider for our database backups management. Their
-  according to the `Odoo Online SLA <https://www.odoo.com/cloud-sla>`_. Backups are hosted on
+  Service Level Agreement can be found at `odoo.com/cloud-sla <https://www.odoo.com/cloud-sla>`_.
-  several remote servers as unencrypted database dumps; these backups can only be retrieved by
-  Odoo S.A. employees through support requests.
 
 - **Describe where your organization monitors and detects malicious activity in your
   application(s).**
 
-  Odoo Online uses automated probes on our server that report their status in Munin, an opensource
+  We rely on Odoo S.A., our cloud service provider for our database security management. Their
-  monitoring tool. This tool automatically triggers alarms when probes detect values outside of
+  Security Policy can be found at `odoo.com/security <https://www.odoo.com/security>`_.
-  their pre-defined range. We monitor (among many other things) access rates, response times, ssh
-  connections, network activity.
 
 - **Describe how your organization's incident response plan addresses database hacks, unauthorized
   access, and data leaks (a link to your policy is also acceptable).**
 
-  [Description of your organization's incident response plan]
+  Our cloud service provider, Odoo S.A., will notify the customer in case of a data breach.
+
+  [Add a description of your organization's incident response plan or a link to your incident
+  response policy.]