Privacy Policy

What we collect

SellScope.ai collects only the data necessary to provide the service. Here's the full list:

• Account info — email address and optional full name when you create an account. Authentication is handled by Supabase.
• Product data you provide — product name, category, key features, target keywords, and competitor ASINs. This is what you type into the listing generator or chat.
• Generated listings — the AI-generated titles, bullet points, descriptions, search terms, and A+ content we create for you.
• Chat messages — conversations with the AI agent, including your messages and the agent's responses.
• Usage counters — how many listings you've generated (to manage plan limits).
• IP address — used temporarily for rate limiting on the free trial. Stored in server memory and automatically cleared within 24 hours. If you use the email feature on our free tools, your IP address is stored alongside your email address in our database for abuse prevention.
• Usage analytics (free tools) — when you use our free listing generator or audit tool, we collect a cryptographic hash of your IP address (not the raw IP), your browser's user agent string, a random session identifier, the timestamp, and the product category you selected. This data is used to detect abuse of free tier limits and understand aggregate usage patterns. Automatically deleted after 90 days.
• Email address (optional, free tools) — if you choose to receive your listing or audit via email on the free tool, we store your email address and the source of the request. This is used only to deliver the email you requested.

What we don't collect

• No tracking cookies or analytics scripts
• No advertising identifiers
• No device fingerprinting
• No selling or sharing your data with ad networks, data brokers, or marketing platforms

How we use your data

• To generate listings — your product info is sent to our AI provider to create your listing. This is the core service.
• To save your work — listings and conversations are stored so you can come back to them.
• To enforce plan limits — we track generation counts to manage free vs. paid tier access.
• To prevent abuse — IP-based rate limiting on the free trial endpoint.

Third-party services

Your data is shared with these services only as necessary to provide the product:

• AI generation providers — your product data is sent to AI models (currently Google Gemini; we may use additional providers such as Anthropic Claude or OpenAI) to generate listings. Data is processed per their paid API terms and is not used for model training. AI providers may temporarily retain your product data for abuse monitoring as described in their respective API terms. We do not send your email, account info, or payment details to AI providers.
• Supabase — hosts our database and handles authentication. Your account data and saved listings are stored on Supabase's infrastructure.
• Rainforest API (optional) — when competitor research is used, product names and ASINs may be sent to Rainforest to fetch publicly available Amazon listing data.
• Stripe — when payment processing is available, Stripe will handle all payment data. We will never store credit card numbers on our servers.
• Railway — hosts the web application and API. Standard web server logs (IP, user agent, request path) may be collected by the hosting provider.
• Resend — handles transactional email delivery (e.g., emailing listings from our free tools). Receives email addresses and email content to deliver messages on our behalf. Resend acts as a data processor and does not use your data for its own purposes.

Data storage and security

• All data is stored in Supabase (PostgreSQL) with encryption at rest.
• Authentication uses industry-standard JWT tokens with automatic rotation.
• API requests require authenticated Bearer tokens. Your data is isolated by user ID — you can only access your own listings and conversations.
• Sensitive fields (auth headers, tokens, API keys) are redacted from server logs.

Data retention and deletion

• Account data — retained while your account exists. Deleted within 30 days of an account deletion request.
• Generated listings and conversations — retained while your account exists. If you delete a conversation, all associated messages are permanently deleted.
• Server logs — retained for 90 days, then automatically purged.
• Payment records — retained as required by tax and legal obligations (typically 7 years).
• IP addresses (free tier) — stored temporarily in server memory for rate limiting. Not linked to accounts and automatically cleared within 24 hours.
• Anonymous usage analytics (free tools) — pseudonymized usage events from the free listing generator and audit tool are retained for 90 days, then automatically deleted.

To request deletion of your entire account and all associated data, email [email protected] and we'll process the request within 30 days.

Cookies and local storage

• Authentication session — the Supabase SDK stores your authentication session token in browser localStorage. This is required for you to stay logged in.
• Free trial counter — we use browser localStorage to store a generation counter (sellscope_try_count). This is a simple number — not personal data — and stays on your device.
• Pending listing — if you generate a listing with our free tool before creating an account, the listing content (product name, category, key features, and the generated listing text) is temporarily stored in your browser's localStorage so it can be saved to your account after you sign up. This data stays on your device and is automatically cleared after 7 days or when you create an account.
• No third-party tracking cookies — we do not use any third-party tracking cookies, analytics scripts, or advertising pixels.

Categories of personal information (CCPA disclosure)

Under the California Consumer Privacy Act, personal information is organized into statutory categories. Here is how SellScope maps to those categories:

Categories not collected: We do not collect biometric data, geolocation data, sensory data, education information, or any sensitive personal information as defined under CCPA/CPRA.

Third parties receiving data: See the “Third-party services” section above. Data is shared only with service providers (AI providers, Supabase, Stripe, Railway, Resend) for the business purposes described. We do not share data with third parties for cross-context behavioral advertising.

Retention periods: Account data is retained while your account exists (deleted within 30 days of a deletion request). Server logs are retained for 90 days. Payment records are retained for 7 years per tax obligations. IP addresses for rate limiting are cleared within 24 hours.

California privacy rights (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to know — you can request details about the personal information we collect, use, and disclose.
• Right to delete — you can request deletion of your personal information, subject to certain legal exceptions.
• Right to correct — you can request correction of inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell your personal information and do not share it for cross-context behavioral advertising as defined under the CCPA/CPRA. Because we do not sell or share your data, there is no need to submit an opt-out request.
• Right to limit use of sensitive personal information — we do not collect sensitive personal information as defined under the CPRA.
• Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

To exercise any of these rights, email [email protected]. We will respond to verifiable requests within 45 days. We will verify your identity by confirming your request from the email address associated with your account. If we cannot verify your identity, we may request additional information.

Do Not Track signals

Some browsers send a “Do Not Track” (DNT) signal with each request. SellScope does not use any third-party tracking cookies, analytics scripts, or advertising pixels, so your browsing behavior is not tracked regardless of your DNT setting. We do not respond differently to DNT signals because we do not track users in the first place.

No third parties collect personally identifiable information about your online activities over time or across different websites when you use SellScope.

International users

SellScope is operated from the United States. If you access the service from the European Economic Area (EEA), United Kingdom, or other regions with data protection laws, please be aware that your data will be transferred to and processed in the United States.

Legal basis for processing (EEA/UK): We process your personal data on the basis of contractual necessity (to provide the service you signed up for) and legitimate interest (security, abuse prevention). We do not process data based on consent except where explicitly obtained.

Your rights under GDPR: If you are in the EEA or UK, you have the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data. To exercise these rights, email [email protected]. You also have the right to lodge a complaint with your local data protection authority.

Children's privacy

SellScope is not directed to anyone under the age of 18. We do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it promptly.

Changes to this policy

We'll update this page if anything changes. For material changes, we'll notify registered users by email.

Contact

Questions about your data? Email [email protected].

The Third Consulting LLC
8 The Green, STE 4000
Dover, DE 19901