Privacy Policy

How we collect, use, and protect your information

Last updated: April 2026

1. Information We Collect

We collect information that you provide directly and information generated through your use of the Platform:

  • Account Information: Name, email address, company name, and password hash when you register
  • Amazon Seller Data: Product listings, inventory levels, orders, financial reports, and advertising metrics retrieved via SP-API
  • Usage Data: Pages visited, features used, timestamps, IP address, browser type, and device information
  • Support Data: Information you provide when submitting support tickets or contacting us

2. How We Use Your Information

  • To provide, maintain, and improve the Platform's functionality
  • To execute automated operations you configure (repricing, inventory sync, advertising management)
  • To generate analytics dashboards and business reports
  • To send transactional emails (order alerts, account notifications, scheduled report delivery)
  • To respond to support requests and provide customer service
  • To detect, prevent, and address technical issues or security threats

3. Amazon API Data

When you connect your Amazon Seller Central account, we access data through the Amazon Selling Partner API (SP-API) in strict compliance with Amazon's Data Protection Policy:

  • Your SP-API credentials (client ID, client secret, refresh tokens) are encrypted at rest using Fernet symmetric encryption and are never stored in plaintext
  • Access tokens are cached in Redis with configurable TTL values and are automatically rotated before expiration
  • We maintain strict multi-tenant isolation at the database level; your Amazon data is partitioned and never accessible by other tenants
  • All SP-API data is transmitted over TLS-encrypted connections
  • We only request the minimum SP-API scopes necessary for the features you enable

4. Data Storage & Security

We implement industry-standard security measures to protect your data:

  • Encryption at Rest: Sensitive credentials are encrypted using Fernet (AES-128-CBC with HMAC-SHA256) before storage in PostgreSQL
  • Encryption in Transit: All data transmissions use TLS 1.2 or higher
  • Token Management: Session tokens are stored in sessionStorage (not localStorage) and expire automatically; API tokens are cached in Redis with TTL enforcement
  • Access Control: Role-based access control (RBAC) limits data access based on user roles and tenant boundaries
  • Infrastructure: The Platform runs on secured VPS infrastructure with regular security patches and monitoring

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in the following circumstances:

  • With Amazon: As required to maintain your SP-API integration and comply with Amazon's policies
  • Service Providers: With trusted infrastructure providers who assist in operating the Platform, bound by strict confidentiality agreements
  • Legal Requirements: When required by law, subpoena, or legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets, with prior notice to users

6. Cookies & Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for authentication and session management (sessionStorage-based tokens)
  • Preference Cookies: To remember your settings such as dark mode, dashboard layout, and notification preferences
  • Analytics Cookies: To understand how users interact with the Platform and improve our services

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect Platform functionality.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data, subject to legal retention requirements
  • Right to Portability: Request your data in a structured, machine-readable format
  • Right to Restrict Processing: Request that we limit how we use your data
  • Right to Opt Out of Sale: Under CCPA, California residents may opt out of the sale of personal information (we do not sell personal data)

To exercise any of these rights, please contact us through our Contact page.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Specifically:

  • Account information is retained until you request deletion
  • Amazon seller data is retained for the duration of your active integration, plus 30 days after disconnection for data export
  • Usage logs are retained for 12 months for security and analytics purposes
  • Support tickets are retained for 24 months after resolution

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes via email and update the "Last updated" date at the top of this page. Your continued use of the Platform after changes are posted constitutes acceptance of the revised policy.

10. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please reach out through our Contact page or submit a ticket through the Support Center.