Legal

Privacy Policy

Last updated: May 4, 2026 · Effective date: May 4, 2026

The Short Version

  • We never sell your data to anyone, ever.
  • Your CSV files are encrypted at rest with AES-256.
  • We never access your Amazon account or credentials.
  • You can request deletion of all your data at any time.
  • We are GDPR compliant and respect all applicable data protection laws.

1. Who We Are

SellerOS ("we", "us", "our") operates the website at selleros.org and provides PPC analysis services for Amazon sellers. Contact us for any privacy-related queries.

2. Data We Collect

We collect the minimum data necessary to operate the service:

  • Account data: Email address, name (optional), hashed password.
  • PPC data: CSV files you upload (Amazon Search Term Reports). Stored encrypted, never shared.
  • Analysis results: Waste keywords and opportunities detected from your CSV files.
  • License data: Gumroad license key to verify your subscription status.
  • Usage data: Error logs and performance metrics for service improvement (via Sentry, anonymized).

3. How We Use Your Data

  • To provide the PPC analysis service you signed up for
  • To send weekly email reports and waste alerts (Pro plan, opt-in)
  • To verify your subscription status via Gumroad
  • To improve the detection engine (aggregated, never individual data)
  • To communicate important service updates

We will never use your PPC data to train AI models, sell insights to competitors, or any purpose beyond providing you with the analysis service.

4. Data Storage & Security

Your data is stored on Supabase (SOC 2 Type II compliant infrastructure) hosted in the EU/US. We implement:

  • AES-256 encryption at rest for all stored data
  • TLS 1.3 encryption in transit
  • Row-Level Security on all database tables
  • HTTP-only, SameSite session cookies
  • Signed JWT tokens with 30-day expiry

5. Third-Party Services

We use the following third-party services to operate:

  • Supabase — database and authentication (SOC 2 compliant)
  • Resend — transactional email delivery
  • Gumroad — payment processing and license management
  • Sentry — error monitoring (anonymized, no PII in errors)

We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

6. Your Rights (GDPR)

Under GDPR and applicable data protection laws, you have the right to:

  • Access: Request a copy of all data we hold about you
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of all your data ("right to be forgotten")
  • Portability: Receive your data in machine-readable format
  • Object: Object to processing of your data

To exercise any of these rights, contact us. We will respond within 48 hours.

7. Data Retention

We retain your account data and report history for as long as your account is active. If you delete your account, all data is permanently removed within 30 days. CSV data from individual reports can be deleted at any time from your account settings.

8. Cookies

We use only essential cookies: a single session cookie to keep you logged in. We do not use tracking cookies, advertising cookies, or analytics cookies. No cookie banner needed — we're clean.

9. Changes to This Policy

We may update this policy from time to time. We'll notify you by email of material changes at least 30 days before they take effect. The "last updated" date at the top will always show when changes were made.

10. Contact

For privacy questions or concerns, contact us. We take privacy seriously and will respond within 24 hours.