When developing an SP-API application that’s passthrough only, do we need to be vetter for PII?

Several years ago, we did business with Amazon Seller Central using the AMTU application to transfer files required to fulfill Direct-to-Consumer Shipping orders. It was automated end-to-end and worked great.

AMTU is no longer used, so we must develop a new application using an SP-API for the file transfer.

The application we are trying to develop will only pull files from Amazon, pass them through to our ERP system, and then take files from our ERP system and pass them back to Amazon.

The application will not parse, store, or retain any data as it is only a passthrough function similar to SFTP, AMTU, etc. so do still we need to go through the vetting process concerning Personally Identifiable Information (PII)?