SellerAide
Sign In

Privacy Policy

Effective Date: May 15, 2026 · Last Updated: July 9, 2026

SellerAide ("we," "us," or "our") operates the website at selleraide.com and the SellerAide browser extension distributed through the Chrome Web Store (together, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Service.

SellerAide is operated by Pikewood LLC and is not affiliated with, endorsed by, or sponsored by Amazon.com, Inc., eBay Inc., Etsy, Inc., Walmart Inc., Shopify Inc., Intuit Inc., or Keepa GmbH. References to those companies in this policy describe the integrations and data flows that may exist when you choose to connect your account with them or use features they power. Amazon, Amazon Selling Partner API, and related marks are trademarks of Amazon.com, Inc. or its affiliates. Intuit and QuickBooks are registered trademarks of Intuit Inc. Used with permission. Keepa is a trademark of Keepa GmbH.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your email address and a password (which we never store in plaintext — only a salted, hashed representation is stored by Supabase Auth). You may optionally provide a display name or business name. We also generate and store a unique user identifier for each account.

1.2 Subscription & Billing Information

Subscription billing is processed by Stripe. We never see or store your full payment card number or CVC. Stripe provides us with a payment-method token, the card type, the last four digits, the expiration date, and the billing address you provided to Stripe, which we use for receipts, fraud prevention, and tax compliance. Stripe additionally stores billing history, invoices, and tax documents on our behalf for record-keeping and accounting.

1.3 Listing & Conversation Data

When you use our AI listing generator, we store your conversation history, product descriptions, generated listings, A+ Content modules, Brand Story carousels, keyword sets, item specifics, validation results, and the quality scores we compute. If you submit a public listing audit without signing in, we may process the listing content you submit to generate audit results without associating that audit with an account, unless you later sign in and choose to save or continue from that audit.

1.4 Brand Assets & Images

If you use the Brand Dashboard, we store the brand metadata you provide (brand name, tagline, mission, voice profile, signature phrases, banned words, brand story) and the visual assets you upload or generate (logos and logo variants, lifestyle photos, packaging photos, infographic source files, mood-board images, and AI-generated mockups). Brand assets are stored in a dedicated Supabase Storage bucket with public, hard-to-guess URLs. Listing images you upload or paste are stored in a separate Supabase Storage bucket. We do not publicly display, redistribute, or use your brand assets for marketing without your explicit written permission.

1.5 Marketplace Integration Data

If you connect an external marketplace account (eBay, Etsy, or — once we have launched the integration — Amazon), we store the data described in the dedicated marketplace sections below (Sections 6, 7, and 8). This typically includes a stable seller/user identifier, a shop or store name, the OAuth scopes you granted, and encrypted OAuth access and refresh tokens. Tokens are encrypted at rest using AES-256-GCM with a key managed in our hosting environment, not in the database itself.

1.6 Browser Extension Data

The SellerAide Chrome extension can read content from Amazon, Walmart, eBay, and Etsy pages while you are on them, only in response to explicit action you take. For Amazon and eBay product pages, this content is sent to the audit flow and processed transiently. For the sourcing panel on Amazon and Walmart product pages, the extension reads the product identifier (ASIN or UPC), title, and displayed price of the page you are viewing — only when you open the panel — and sends them, together with the web address (URL) of that product page, to your SellerAide account for profit and eligibility analysis. If you save a lead to your watchlist, the product's image URL is also sent so the lead can be displayed in your dashboard. The extension never adds items to a cart and never automates purchases. For Etsy seller dashboards (Shop Manager, Orders, and Listings pages), the extension can collect order summaries, listing data, shop statistics, and the underlying HTML snippets for the views you have open. See Section 9 for full extension details, including the third-party data considerations that apply when a seller dashboard contains information about that seller's own customers.

1.7 Pallet Manifest & Inventory Data

If you use the Pallet Manifest tools, we store the manifests you upload (CSV / spreadsheet files containing retailer SKUs, prices, manifest IDs, condition codes, and line items from liquidation lots such as B-Stock, Costco lot manifests, and similar sources) and the derived line items. This data is treated as commercially sensitive and is scoped to your account by row-level security.

1.8 Usage & Analytics Data

We automatically collect usage data including pages visited, features used, listing counts, browser type, device information, IP address, and referring URLs through Google Analytics 4 (GA4) and the Meta Pixel. We also record usage events in our own database for the purposes of enforcing plan limits and rate limits and generating product analytics (e.g., counting listings generated, audits run, AI invocations consumed).

1.9 Feedback Submissions

If you submit feedback via the in-product feedback form, we store the message you wrote, the page URL you were on, and (if you are signed in) your user identifier. Submissions are emailed to our support address through our transactional email provider (Resend).

1.10 Accounting, Inventory & Financial Documents

If you use the Finances and Inventory tools, we store the accounting and inventory records you enter or import: expenses (vendor, amount, date, category, notes, and optional mileage), supplier records (name and any contact details you add), purchase invoices and inventory cost layers, product and valuation data, and order-level financial summaries. You can attach receipts, invoices, and bills by uploading image or PDF files; these are stored in a private storage bucket reachable only by your account through short-lived signed links, and are never publicly addressable. When you upload such a document, its image or PDF is sent to our AI provider to extract fields (vendor, date, totals, line items) — see Section 4.

You may also import shipping-cost files (for example, a Pirate Ship or carrier CSV) to match postage to your orders. These files may contain your buyers' names and shipping addresses, which we store solely to match and display the charge against the corresponding order. This is the only buyer-identifying data we hold; it comes only from files you upload (never from a marketplace API), is scoped to your account by row-level security, is never sent to an AI provider, and is never aggregated. All accounting and inventory data is treated as commercially sensitive.

1.11 Product Research & Market Data

If you use the product-research features (Sourcing Scout and Price Ceiling Analysis), we record the product identifiers you look up (ASIN, product URL, or barcode) and your entered buy cost as usage events against your account, to enforce plan limits and operate the feature. To answer a lookup we retrieve product-level market data — price history, sales-rank history, offer counts, and offer/stock-level history — from our market-data provider, Keepa GmbH (see Section 3). Only the product identifier and lookup parameters are sent to Keepa, proxied through our servers; no personal data, account data, or seller data is shared with Keepa. Retrieved market data is stored in a shared, product-keyed cache that is not linked to any user account. Where you have connected your Amazon account, Scout also uses your own connection to read catalog data, fee estimates, and your listing-eligibility status for the product, under the Amazon terms in Section 7.

2. How We Use Your Information

  • Service Delivery: To operate your account, run listing audits, generate listings, store listings and brand information, manage subscriptions, and provide customer support.
  • AI Processing: To send content you provide for AI features (chat-based listing generation, single-shot generation, audit rewrites, AI optimization, brand discovery interviews, AI logo variants, AI mockups, and extracting fields from receipts, invoices, and bills you upload to the document inbox) to the AI providers listed in Section 4. See Section 4 for the full picture of how we use AI providers.
  • Analytics: To understand usage patterns, measure feature performance, and improve the Service.
  • Marketing: To deliver relevant advertising via Meta Pixel, measure ad performance via Google Analytics, and (with your consent) send product updates by email.
  • Affiliate Attribution: If you arrive through an affiliate link, we use Rewardful to attribute your signup or subscription to the referring affiliate for commission payouts.
  • Security & Abuse Prevention: To detect and prevent fraud, abuse, scraping, unauthorized access, and Service degradation. We use Upstash Redis to enforce IP-based and account-based rate limits.
  • Compliance: To comply with applicable laws and respond to lawful requests from authorities.

3. Sub-processors & Third-Party Services

We use the following sub-processors to operate the Service. Each is contractually bound to protect data they process on our behalf. A consolidated list with regions and security attestations is maintained at selleraide.com/subprocessors.

  • Vercel, Inc. (United States) — Application hosting, edge network, and content delivery for the website.
  • Supabase, Inc. (United States, AWS US West 2 — Oregon) — Authentication, Postgres database, file storage for brand assets, listing images, and uploaded financial documents (a private receipts/invoices bucket), and database backups.
  • Stripe, Inc. (United States) — Payment processing, subscription management, invoicing, and tax compliance.
  • Google LLC — Gemini API (United States) — AI-powered listing generation, rewriting, optimization, AI image generation (logo variants, mockups), and field extraction from receipts/invoices you upload to the document inbox. Processed under the Google Cloud / Vertex AI commercial API terms with no training on customer data.
  • Anthropic PBC — Claude API (United States) — Alternative AI provider for listing generation, rewriting, and field extraction from receipts/invoices you upload to the document inbox. Processed under Anthropic's Commercial Terms of Service with no training on customer data.
  • Upstash, Inc. (United States) — Redis-based rate limiting; stores IP addresses and user identifiers in short-lived windows.
  • Resend, Inc. (United States) — Transactional email delivery (account emails, feedback handoffs).
  • Functional Software, Inc. (Sentry) (United States) — Application error and performance monitoring; receives error reports, stack traces, and limited request context (no listing content, payment data, OAuth tokens, or marketplace data).
  • Google LLC — Google Analytics 4 (United States) — Website analytics and usage tracking.
  • Meta Platforms, Inc. — Meta Pixel (United States) — Advertising conversion tracking and audience building for Facebook and Instagram ads.
  • Rewardful, Inc. (Canada / United States) — Affiliate-program click tracking and attribution.
  • Keepa GmbH (Germany, EU) — Product-level Amazon market data (price, sales-rank, offer, and stock-level history) for the product-research features. Receives product identifiers and lookup parameters only — never personal, account, or seller data. See Section 1.11.
  • eBay Inc. — Developer API (United States, optional) — When you connect your eBay seller account. See Section 6.
  • Etsy, Inc. — Open API v3 (United States, optional) — When you connect your Etsy seller account. See Section 7.
  • Amazon Services LLC — Selling Partner API (SP-API) (United States, optional) — When you connect your Amazon seller account. See Section 7.
  • Intuit Inc. — QuickBooks Online Accounting API (United States, optional) — When you connect your QuickBooks Online company. See Section 18.

We will notify you and update the list at selleraide.com/subprocessors before adding a new sub-processor that materially changes how your data is processed.

4. Generative AI & How We Use AI Providers

Many of the most useful parts of the Service are powered by large language models and image-generation models operated by third parties. We are explicit about this so you can make informed decisions about what you submit.

  • Which providers we use:By default, we use the Google Gemini API. Anthropic's Claude API is used as an alternative AI provider for certain features. We use Gemini 2.5 Flash Image for AI logo variants and AI mockups. We do not use consumer-grade chat products; we only use the providers' paid commercial API tiers.
  • What is sent: When you use an AI feature, the content required for that feature is sent to the relevant provider — typically your product descriptions, the conversation history of your current chat, the listing fields you are auditing or rewriting, brand voice samples and brand assets (including logo images for AI image generation), (where applicable) website text the AI is asked to analyze, and — when you upload a receipt, invoice, or bill to the document inbox — the image or PDF of that document, which the provider reads to extract fields (vendor, date, totals, line items) for your accounting records.
  • What is not sent:Your password (we never have it), payment card information, OAuth tokens, the contents of other users' accounts, or buyer data collected via marketplace integrations.
  • No training on your data: Both Google (under the paid Gemini/Vertex AI commercial terms) and Anthropic (under their Commercial Terms of Service) commit that inputs and outputs from their paid APIs are not used to train their models. We do not ourselves use your content to train AI models.
  • No cross-customer aggregation:Each AI request is processed for the authenticated user that initiated it. We do not combine one customer's data with another customer's data to produce a result, and we do not build derivative datasets (training corpora, prompt libraries indexed on customer data, etc.) from your content.
  • Output is "as is": AI output can be wrong, incomplete, or unsuitable for your specific use. You are solely responsible for reviewing it before you publish anything to a marketplace. See the Terms of Service for the full disclaimer.

5. eBay Marketplace Account Connection

SellerAide offers an optional integration that allows you to connect your eBay seller account and send AI-generated listings directly to your eBay drafts. This integration uses eBay's official OAuth 2.0 authorization flow and developer APIs.

  • What we access: When you authorize the connection, we receive permission to (1) create and manage inventory items and offers (draft listings) on your eBay account, and (2) read your orders, fulfillment, and finances data — item and shipping totals, marketplace fees, refunds, payouts, order status, and listing-performance metrics — to power your analytics, profit/P&L, and restock features. We do not access your buyers' payment details, and we do not retain buyer identity: buyer names/usernames and shipping addresses are stripped from order data before it is stored.
  • What we store: Your eBay User ID and encrypted OAuth tokens (access and refresh tokens), encrypted at rest using AES-256-GCM; and normalized order financials — item/shipping totals, fees, refunds, payouts, order status, and SKUs — used to compute your analytics and profit/P&L. We keep the original eBay payload only transiently for reconciliation and purge it within 30 days; the normalized financial figures are retained as your accounting records.
  • How we use it: OAuth tokens are used solely to create draft listings and to read your own orders/finances on your behalf via the eBay API, to power the features above. We do not use your eBay credentials or data for any other purpose, and we do not sell, rent, or share eBay data with any third party other than the sub-processors listed in Section 3.
  • Token expiry: Access tokens expire after approximately 2 hours and are refreshed automatically. Refresh tokens expire after approximately 18 months and will require you to reconnect.
  • How to disconnect: You can revoke eBay access at any time from your SellerAide account settings. Upon disconnection, we permanently delete your stored eBay tokens within 30 days. You may also revoke access directly from your eBay account under Account Settings → Third-Party Authorizations.
  • eBay account deletion: We implement eBay's Marketplace Account Deletion/Closure notification. If you close your eBay account, eBay notifies our dedicated endpoint and we automatically delete your eBay tokens, connection, and eBay-derived order/financial data from our systems.

6. Etsy Marketplace Account Connection

SellerAide offers an optional integration that allows you to connect your Etsy seller account and send AI-generated listings directly to your Etsy shop as drafts. This integration uses Etsy's official OAuth 2.0 authorization flow with PKCE and Etsy's Open API v3.

  • What we access via the API: When you authorize the connection, we receive permission to read your shop information, look up your shipping and return policies, search Etsy's public listing taxonomy, and create draft listings (with images) on your shop. We do not access your Etsy order history, buyer information, payment details, or messages via the API.
  • What we store: Your Etsy User ID, Shop ID, Shop Name, granted OAuth scopes, and encrypted OAuth tokens (access token and refresh token). Tokens are encrypted at rest using AES-256-GCM.
  • How we use it: OAuth tokens are used solely to create draft listings on your behalf via the Etsy API. Drafts are created in the "draft" state — you must manually activate them on Etsy to make them live.
  • Token expiry: Access tokens expire after approximately 1 hour and are refreshed automatically. Refresh tokens expire after approximately 90 days and will require you to reconnect.
  • How to disconnect: You can revoke Etsy access at any time from your SellerAide account settings. Upon disconnection, we permanently delete your stored Etsy tokens within 30 days. You may also revoke access directly from your Etsy account under Account Settings → Allowed Apps.
  • Etsy account deletion: If you close your Etsy account or Etsy notifies us that you have revoked access, we will delete all associated tokens and connection data within 30 days.
  • No data resale: We do not sell, rent, or share data retrieved via the Etsy API with any third party other than the sub-processors listed in Section 3.
  • Etsy seller-dashboard scraping via the extension: The browser extension can additionally read information from your own Etsy seller dashboard pages. See Section 9 for full disclosure, including how we handle third-party buyer information that may appear on those pages.

7. Amazon Marketplace Account Connection

You can connect your Amazon seller account to import your existing catalog and listings for audit, optimization, and republishing. The integration uses Amazon's official Selling Partner API (SP-API) and Amazon's Login With Amazon (LWA) OAuth flow. Connecting is optional — without it, the Service still generates listing content you publish to Amazon yourself, and the browser extension can read public Amazon product pages while you are on them.

  • What we access: After you authorize the connection, we access your own account's data through the SP-API — the Catalog Items, Listings Items, Listings Restrictions, A+ Content, Product Fees, Finances, and Reports APIs — to read your existing listings, listing issues, A+ Content, fee estimates, listing-eligibility (gating) status, and your order-financial and settlement summaries (for profit and tax reporting; read-only, containing no buyer personal data). With your action, we write updates back via the Listings Items API only. When you research a product with Sourcing Scout, we also use your connection to look up that product's public catalog data, estimate the Amazon fees you would pay, and check whether your account is approved to sell it. We do not request access to buyer information, payment data, or fulfillment/shipping addresses. If we add features requiring additional non-buyer-PII data categories in the future (for example, current competitive pricing), they will be requested as separate Amazon-approved roles and disclosed here.
  • What we store: The Amazon Selling Partner ID for the account you connect, the marketplaces you authorized, the LWA refresh token (encrypted at rest with AES-256-GCM), your normalized order-financial and settlement summaries (retained as your accounting records), and cached copies of the data we retrieve for your account — listing content, catalog enrichment, listing issues, A+ Content, and fee estimates — as rolling caches refreshed on demand and deleted within 30 days of disconnect. Data retrieved through your SP-API connection is never placed in any shared or cross-seller cache. We do not store buyer, payment, or fulfillment data.
  • Use limitation: Information accessed via SP-API is used solely to provide listing optimization, analytics, and accounting to the authorized seller from whom the data was obtained. We do not use it to provide advertising, to benefit any other seller, to train AI models, or in any aggregated or de-identified dataset.
  • Data segregation: Each seller's Amazon data is logically segregated by user identifier; row-level security policies in our database prevent cross-seller access. Access by SellerAide personnel is limited to backend operations and is logged.
  • Encryption: All data is encrypted in transit (TLS 1.2 or higher) and at rest. LWA refresh tokens are encrypted in our database with AES-256-GCM, and the encryption keys are held in our hosting environment rather than in the database itself.
  • How to disconnect: You will be able to revoke Amazon access at any time from your SellerAide account settings. You may also revoke access directly from Seller Central under Apps and Services → Manage Your Apps.
  • Deletion on disconnect: Upon revocation by you, by Amazon, or upon Amazon's request, we will delete all Amazon Information (including refresh tokens and cached SP-API data) from our systems within 30 days, except where retention is required by applicable law.
  • Geographic location: SP-API data will be processed and stored in the United States (Vercel and Supabase US regions).
  • Security incident notification: If we confirm a security incident affecting Amazon Information, we will notify Amazon at security@amazon.com and the affected sellers within 24 hours of confirmation.
  • Audit logging: We maintain audit logs of access to Amazon Information for at least 12 months.

8. Browser Extension

The SellerAide Chrome extension (the "Extension") is an optional companion tool available on the Chrome Web Store. The Extension supports two distinct kinds of activity:read mode (Section 8.1) where the Extension passively pulls visible page content from supported seller surfaces, and write mode (Section 8.2) where the Extension actively fills a listing form on Facebook Marketplace from a listing you have generated in SellerAide. Both modes require explicit user action; neither runs in the background or monitors your browsing.

8.1 Read Mode — Amazon, Walmart, eBay, Etsy

  • When it reads: Page content is only read in response to explicit user action — clicking the Extension icon on a product page, or opening a page that is in scope for an enabled feature. The Extension does not monitor your browsing or read pages passively.
  • Amazon and eBay product pages: When you click the SellerAide icon on an Amazon or eBay product page, the Extension reads the visible listing content from that page (title, bullet points, description, item specifics, image URLs, and any visible A+ Content). This content is passed to selleraide.com/audit, processed transiently to generate audit results, and not stored by the Extension itself.
  • Sourcing panel on Amazon and Walmart product pages: When you open the SellerAide sourcing panel on an Amazon or Walmart product page, the Extension reads the product identifier (ASIN or UPC), title, and displayed price from the page you are viewing and sends them — together with that product page's web address (URL) — to your SellerAide account to compute profit, fee, demand, and selling-eligibility analysis. If you save a lead to your watchlist, the product's image URL is also sent so the lead can be displayed in your dashboard. Analysis runs only when you open the panel — never on page load and never in the background. The Extension does not add items to any cart, does not automate purchases, and does not read your Walmart account, order history, or payment information. SellerAide is not affiliated with, endorsed by, or sponsored by Walmart Inc.
  • Etsy seller dashboard: If you choose to use the Etsy seller-analytics features, the Extension can read information from your own Etsy seller dashboard pages while you are signed into Etsy. This may include shop statistics, listings, orders (including buyer display names and order totals visible on those pages), and the underlying HTML for those views. This data is sent to SellerAide and stored against your account so that you can analyze your own shop. We do not sell, share, or use this data outside of your SellerAide account.
  • Third-party buyer information: Information about your buyers visible on the Etsy dashboard is the personal data of those buyers — not yours and not ours. You are responsible for ensuring that your collection and use of that data, including via SellerAide, complies with your own privacy policy, your contractual obligations to Etsy, and applicable law in your buyers' jurisdictions. We will not use buyer information for advertising, profiling, or any purpose other than displaying it back to you within the Service.

8.2 Write Mode — Facebook Marketplace

Facebook Marketplace has no public seller API for posting personal listings. To let you publish a listing you have generated in SellerAide without copy-pasting field-by-field, the Extension can fill the Facebook Marketplace create-listing form on your behalf. This is the only Facebook feature the Extension provides. It runs only when you explicitly initiate it from within SellerAide and only on the Marketplace create-listing URL.

  • How write mode is invoked: You generate a Facebook listing in SellerAide and click "Send to Marketplace." SellerAide's web app sends the listing payload (title, condition, description, your ZIP code, pickup-only flag, and any image URLs you uploaded to SellerAide) to the Extension via a one-way chrome.runtime.sendMessage call. The Extension stores that payload briefly in chrome.storage.session (a sandboxed per-tab in-memory store that Chrome clears when you close the browser).
  • What Facebook sees: When you open facebook.com/marketplace/create/item and grant the Extension permission to act on Facebook (one-time prompt), the Extension fills the form's text inputs from the stored payload — exactly the same fields you would have typed yourself. The data is written directly into Facebook's form via standard browser DOM events. It does not pass through SellerAide's servers on its way to Facebook.
  • What it does NOT collect from Facebook: The Extension does not read your Facebook profile, friends, messages, feed, marketplace inbox, browsing history on Facebook, payment information, or any other Facebook user data. It only writes into the create-listing form on the one URL listed above.
  • Photos and Publish are always you: The Extension never auto-uploads photos and never auto-clicks Publish. You drop photos onto the form yourself and click Publish yourself. This is by design — both to respect Facebook's anti-automation policies and to keep you in control of what goes live.
  • Manual publish confirmation: After you click Publish on Facebook, you return to SellerAide and click "I published it" so SellerAide can record that the listing went live. This confirmation is purely self-reported — SellerAide cannot verify the listing's status on Facebook's side because Facebook does not expose a seller API for that purpose.
  • Facebook host permission is opt-in: The Extension requests permission to act on Facebook only at the moment you first use the feature. If you do not grant the permission, the Extension cannot interact with Facebook at all. You can revoke the permission at any time from Chrome's extension settings.
  • SellerAide is not affiliated with Meta: SellerAide and the Extension are not affiliated with, endorsed by, or sponsored by Meta Platforms, Inc. or Facebook. "Facebook" and "Facebook Marketplace" are trademarks of Meta Platforms, Inc.

8.3 What the Extension Does Not Do (Across All Modes)

  • What it does not collect: Your general browsing history, search queries, personal information, purchase history, pricing data, or any information about pages other than those for which you have explicitly enabled an Extension feature.
  • Presence detection on selleraide.com: A content script also runs on selleraide.com solely to signal to the web app that the Extension is installed, and to receive listing payloads from the web app when you initiate a write-mode action. No data is read from selleraide.com pages or transmitted in this context.
  • Permissions: The Extension requests only the minimum permissions necessary to perform the features above. The full current list is visible in the Chrome Web Store listing. As of v1.5.1: activeTab, scripting, and storage permissions; required host access for selleraide.com; and optional host access for etsy.com (Etsy read mode), facebook.com (Facebook write mode), and ebaydesc.com (fetching an eBay listing's full description for audit, with no cookies attached), each granted at the moment of first use.

9. Cookies & Tracking Technologies

We use the following cookies and tracking technologies. For details about each cookie, see our Cookie Policy.

  • Essential cookies — Supabase authentication session tokens; CSRF/origin tokens. Required for the Service to function.
  • Payments — Stripe sets __stripe_mid and __stripe_sid on its hosted checkout pages for fraud prevention.
  • Analytics — Google Analytics 4 (_ga, _ga_*) measures site usage.
  • Marketing — Meta Pixel (_fbp, _fbc) measures ad conversions and builds retargeting audiences.
  • Affiliates — Rewardful sets an affiliate-attribution cookie (60-day window) when you arrive through an affiliate link.

For visitors located in the European Economic Area, the United Kingdom, or Switzerland, we are committed to obtaining your prior consent for non-essential cookies (analytics, marketing, affiliate) through a region-aware consent banner. See our Cookie Policy for the current rollout status and the controls available to you in the meantime.

10. Data Retention & Deletion

We retain personal data only as long as needed to provide the Service or as required by applicable law. The table below describes our standard retention periods.

  • Account information — Retained for the life of the account; deleted within 30 days of account deletion (see below).
  • Generated listings, brand information, listing images, brand assets — Retained for the life of the account; deleted within 30 days of account deletion.
  • Conversation history — Retained for up to 12 months after the last interaction in a given conversation, then archived or deleted.
  • Pallet manifests and line items — Retained while the account is active; deleted within 30 days of account deletion.
  • Accounting & inventory records (order financials, expenses, COGS, ledger, suppliers, purchase batches, inventory cost layers, valuation, write-offs, imported shipping costs) — Retained as your business records for the life of the account; financial/tax records may be kept up to 7 years where legally required; otherwise deleted within 30 days of account deletion.
  • Uploaded financial documents (receipts, invoices, bills) and their extracted fields — Retained while the account is active; deleted within 30 days of account deletion.
  • Application error reports (Sentry) — Retained per Sentry's default window (typically ~90 days), then expire.
  • Marketplace OAuth tokens (eBay, Etsy, Amazon) — Retained until you disconnect, the token is revoked, or the marketplace notifies us of revocation; deleted within 30 days of any of those events.
  • QuickBooks Online OAuth tokens — Retained until you disconnect or revoke access; on disconnect we revoke the tokens at Intuit and delete your stored credentials and company link within 30 days.
  • Marketplace API data cache (e.g., SP-API catalog/listings) — Retained for no longer than 18 months unless still actively used by you; refreshed periodically; deleted upon disconnection within 30 days.
  • Product market data (Keepa-sourced price/rank/offer history) — Shared, product-keyed reference data containing no personal data and not linked to any account; refreshed or superseded over time rather than deleted per user. Your own lookup history is a usage event (below).
  • Buyer information visible on the Etsy seller dashboard (via Extension) — Retained while the account is active and the corresponding orders remain in your Etsy account; deleted within 30 days of account deletion. We do not retain such data beyond what is necessary to display it back to you.
  • Anonymous audit submissions — Retained only for short-term operational, security, abuse-prevention, and rate-limiting purposes unless you sign in and choose to save them.
  • Usage events and security logs — Retained for up to 24 months for security and product analytics.
  • Audit logs covering access to marketplace data — Retained for at least 12 months.
  • Payment records and invoices — Retained for 7 years for tax and accounting purposes (jurisdiction-dependent).
  • Backups — Database point-in-time backups are retained by Supabase for the period specified in our hosting plan (typically 7–28 days). Deleted data may persist in backups until backup rotation completes.

Subscription end vs. account deletion: Ending your paid subscription is not the same as deleting your account. If your subscription ends, your account reverts to a read-only state and remains accessible for 90 days; see our Refund & Cancellation Policy for the read-only period. Deleting your account (via account settings or by contacting support) removes personal data within 30 days, except where retention is required by law or for legitimate security and dispute-handling purposes.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access — Receive a copy of the personal data we hold about you.
  • Correct — Update inaccurate or incomplete personal data.
  • Delete — Request deletion of your account and personal data.
  • Port — Export your data in a portable format (listings are exportable as PDF or CSV from within the Service).
  • Object / Restrict — Object to certain processing activities, including marketing.
  • Withdraw consent — Withdraw consent at any time for processing that is based on consent.
  • Lodge a complaint — Lodge a complaint with your local data protection authority.

To exercise any of these rights, email support@selleraide.com from the email address on your account. We respond to verified requests within 30 days (or the period required by applicable law).

12. California Privacy Rights (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), gives you the following rights:

  • Right to Know — Request the categories and specific pieces of personal information we have collected about you over the prior 12 months.
  • Right to Delete — Request deletion of personal information we have collected from you, subject to certain exceptions.
  • Right to Correct — Request correction of inaccurate personal information.
  • Right to Opt Out of Sale or Sharing — We do not sell personal information. We may "share" personal information for cross-context behavioral advertising via the Meta Pixel and Google Analytics; you can opt out via our cookie banner (when offered to your region) or by adjusting the third-party settings linked in our Cookie Policy.
  • Right to Limit Use of Sensitive Personal Information — We do not use or disclose sensitive personal information for purposes other than those expressly permitted under the CCPA without notice.
  • Right to Non-Discrimination — We will not discriminate against you for exercising any of these rights.

To submit a request, email support@selleraide.com with "California Privacy Request" in the subject line. We will verify your request using the email address on your account.

13. International Users (GDPR / UK GDPR / Swiss DPA)

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data based on:

  • Contractual necessity — To provide the Service you signed up for.
  • Legitimate interests — To operate, secure, and improve the Service.
  • Consent — For non-essential cookies, marketing communications, and certain optional features.
  • Legal obligation — Where required by applicable law.

International data transfers.The Service is operated from the United States. When we transfer personal data from the EEA, the UK, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (SCCs), the UK's International Data Transfer Addendum, and equivalent Swiss provisions, executed with our sub-processors. Specific sub-processors and the safeguards we rely on are listed on our Sub-processors page.

You have the right to lodge a complaint with your local supervisory authority.

14. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected data from a child under 13, please contact us immediately and we will delete it.

15. Security & Encryption

We take security seriously and implement controls designed to protect your data, including:

  • Encryption in transit: TLS 1.2 or higher across all public endpoints (Vercel terminates TLS 1.3 by default).
  • Encryption at rest: Our Postgres database and file storage are encrypted at rest by Supabase using AES-256. OAuth refresh tokens for marketplace integrations are additionally encrypted at the application layer using AES-256-GCM, with the encryption key held in our hosting environment rather than in the database.
  • Access control: Row-level security policies on every multi-tenant table; least-privilege access for service operations; multi-factor authentication required on administrator accounts.
  • Audit logging: Application logs are forwarded to a centralized log sink and retained for at least 12 months.
  • Sub-processor diligence: All sub-processors are reviewed annually; we prefer providers that hold SOC 2 Type II or equivalent independent attestation.
  • Vulnerability management: Automated dependency scanning, periodic vulnerability review, and a documented patching cadence.

No system is perfectly secure. We continually improve our controls, but we cannot guarantee absolute security.

16. Security Incident Notification

If we confirm a security incident affecting your personal data, we will notify you without undue delay, and in any event within 72 hours of confirmation where required by GDPR.

For incidents involving data accessed via marketplace partner APIs (Amazon SP-API, eBay Developer API, or Etsy Open API), we will additionally notify the relevant partner's security contact (for Amazon: security@amazon.com) within 24 hours of confirmation, in line with each partner's developer agreement.

17. Data Location

The Service is hosted in the United States. Specifically:

  • Application and edge compute: Vercel (US regions).
  • Database and file storage: Supabase (AWS US West 2 — Oregon).
  • Rate limiting: Upstash Redis (US).
  • Payment processing: Stripe (US, with global processing infrastructure).
  • AI processing: Google Cloud and Anthropic (US).
  • Email: Resend (US).
  • Error monitoring: Sentry (US).
  • Product market data: Keepa GmbH (Germany, EU) — receives product identifiers only, never personal data.

Where you access the Service from outside the United States, your data is transferred to and processed in the United States, subject to the safeguards described in Section 13.

18. QuickBooks Online Connection

SellerAide offers an optional integration that lets you connect your QuickBooks Online company and automatically post your marketplace accounting — summarized settlement journal entries — to your books. The integration uses Intuit's official OAuth 2.0 authorization flow and the QuickBooks Online Accounting API. Connecting is optional; without it you can still export your accounting data manually.

  • What we access: After you authorize the connection, we request the accounting scope only. We read your Chart of Accounts (account names and IDs) so you can map your categories during setup, and we write summarized journal entries (per-settlement totals — sales, marketplace fees, refunds, tax, and the net deposit) to your company. Only if you explicitly choose to during setup, we also create the standard accounts in your Chart of Accounts on your behalf. We do not access your existing QuickBooks transactions, invoices, customers, vendors, payroll, or bank-account data, and we do not request the payments or payroll scopes.
  • What we store: Your QuickBooks company (Realm) ID and company name, the granted scope, and encrypted OAuth tokens (access and refresh tokens), encrypted at rest using AES-256-GCM; plus the account mapping you choose and a record of which settlements we have posted (the journal-entry IDs). We do not copy your QuickBooks financial records into SellerAide.
  • How we use it: The tokens are used solely to read your Chart of Accounts at setup and to post your own settlement journal entries on your behalf via the QuickBooks API. We do not use your QuickBooks connection or data for any other purpose.
  • No AI processing: Data exchanged with QuickBooks is never sent to any third-party AI provider.
  • Our role: With respect to your QuickBooks connection data, we act as an independent data controller — we do not process this data on Intuit's behalf. We handle it consistent with Intuit's Data Stewardship Principles and Responsible AI Principles.
  • Token expiry: Access tokens expire after approximately one hour and are refreshed automatically. Refresh tokens rotate on each use and are subject to Intuit's rolling expiry (and a multi-year hard cap), after which you will be prompted to reconnect.
  • How to disconnect: You can disconnect QuickBooks at any time from your SellerAide account settings; on disconnect we revoke the tokens at Intuit and delete your stored credentials and company link within 30 days. Your account-mapping preferences and the record of which settlements we posted (neither of which contains any QuickBooks financial data) are removed when you delete your SellerAide account. You may also revoke access directly from QuickBooks under Settings → Apps (Connected Apps).
  • No data resale: We do not sell, rent, or share data exchanged with the QuickBooks API with any third party other than the sub-processors listed in Section 3.
  • Data location: QuickBooks connection data is processed and stored in the United States (Vercel and Supabase US regions).

19. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the effective date; for significant changes we may also notify you by email or in-product notice. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

20. Contact Us

SellerAide is operated by Pikewood LLC, the data controller for the purposes of this Privacy Policy. You can reach us at:

Pikewood LLC
3510 Madison St #146
Carrollton, MI 48724
United States
Email: support@selleraide.com

If you have questions about this Privacy Policy or want to exercise any of the rights described above, contact us at the postal address or email above.

Our designated Incident Management Point of Contact for security matters can be reached at security@selleraide.com.

© 2026 SellerAide, a product of Pikewood LLC. All rights reserved. · support@selleraide.com

PrivacyTermsCookiesSub-processorsSecurityData RetentionAcceptable UseRefundsAffiliatesContact