Privacy Policy

Last updated: 2026-05-28

CASHSMITH L.L.C-FZ ("SellerPulse", "we", "us", or "our") respects your privacy and is committed to protecting your personal data and your Amazon seller data. This Privacy Policy explains how we collect, use, store, share, and protect information when you use our analytics, automation, and AI platform at getsellerpulse.com (the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, password (hashed), business name.
  • Billing information: processed by Stripe; we do not store full payment card numbers.
  • Support communications: messages you send us via email or contact form.

1.2 Amazon Selling Partner API Data

When you authorize SellerPulse to access your Amazon Seller Central account via the Amazon Selling Partner API (SP-API), we collect data necessary to provide the Service:

  • Order, settlement, and refund data
  • Product catalog, inventory, and listing data
  • Reimbursement, return, and inbound shipment data
  • Advertising campaign and performance data (where authorized)
  • Seller account identifiers (Seller ID, Marketplace IDs)
  • Encrypted SP-API refresh tokens (AES-256 at rest)

We do not collect, store, or process Amazon buyer personally identifiable information (PII) such as buyer names, shipping addresses, or contact details, except where strictly required for a service feature you have explicitly enabled and where Amazon has granted us the corresponding restricted SP-API role.

1.3 Automatically Collected Information

  • Usage data: pages visited, features used, timestamps, browser type, and IP address. Server access logs are kept for operational purposes and rotated regularly.
  • Cookies and similar technologies: session cookies for authentication; analytics cookies (only if you consent).

2. How We Use Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Generate analytics, reports, and AI-driven insights specifically for your account
  • Detect and prevent fraud, abuse, and security incidents
  • Communicate with you about account, billing, and product updates
  • Comply with legal obligations

We do not use Amazon SP-API data to train our own machine learning models, nor do we use it for any purpose other than providing the Service to you. AI features that process your data (e.g., listing optimization, business advisor) use third-party large language model APIs in a stateless manner — your data is not retained by the model provider for training.

3. How We Share Information

We do not sell your personal information or Amazon SP-API data. We share data only with:

  • Service providers who help us operate the Service: cloud hosting (encrypted), payment processing (Stripe), transactional email (Resend), AI model providers (Anthropic Claude API, OpenAI). All providers are bound by data processing agreements.
  • Legal authorities when required by law, subpoena, or to protect rights and safety.
  • Successors in the event of a merger, acquisition, or sale, with the same protections applied.

Amazon SP-API data is processed in accordance with Amazon's Acceptable Use Policy and Data Protection Policy. We do not provide Amazon data to any third party for marketing, profiling, or any purpose other than fulfilling our Service to you.

4. Data Storage and Security

  • Data is stored on managed cloud infrastructure (Hetzner Cloud, EU) with volume-level encryption at rest provided by the cloud provider.
  • All data in transit is encrypted using TLS 1.2 or higher.
  • Amazon SP-API refresh tokens are encrypted at rest with AES-256-GCM using a dedicated encryption key.
  • Other sensitive credentials (shipping, accounting, AI provider tokens) are encrypted at rest with AES-256-GCM using separate, per-data-class keys.
  • Customer passwords are hashed with bcrypt; we cannot recover or read them.
  • Production server access is restricted to SSH key authentication; password login is disabled.
  • Application access to customer data is scoped by tenant — queries are bound to the seller account that owns the data.
  • For a current list of the controls we operate, see our Security page.

5. Data Retention

  • Active accounts: we retain your data for the duration of your account.
  • Closed accounts: data is deleted within 30 days of account closure, except where retention is required by law (e.g., tax records).
  • SP-API tokens: revoked immediately upon disconnection; refresh tokens deleted from our systems.
  • Server logs: rotated regularly under standard operational policies.
  • Backups: daily database backups are retained for 14 days, then automatically purged.

6. Your Rights

6.1 All Users

  • Access and export your data via dashboard or by request
  • Correct inaccurate data
  • Delete your account and associated data
  • Disconnect Amazon SP-API access at any time
  • Opt out of non-essential communications

6.2 California Residents (CCPA / CPRA)

If you are a California resident, you have additional rights including the right to know what personal information is collected, the right to delete personal information, the right to opt out of sale or sharing of personal information (note: we do not sell your information), and the right to non-discrimination. To exercise these rights, email info@getsellerpulse.com.

6.3 European Economic Area, UK, and Switzerland (GDPR)

If you are in the EEA, UK, or Switzerland, you have rights under the GDPR including access, rectification, erasure, restriction of processing, data portability, and objection. Our legal basis for processing is performance of a contract with you and our legitimate interests in operating the Service. To exercise these rights, email info@getsellerpulse.com.

7. International Data Transfers

Your data may be processed and stored in the United States and other countries where our service providers operate. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for international transfers.

8. Children's Privacy

SellerPulse is a business product not directed at children under 16, and we do not knowingly collect data from children. If we learn we have collected data from a child, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by email or in-app notice at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

10. Data Controller & Contact

The data controller for purposes of GDPR and equivalent laws is CASHSMITH L.L.C-FZ, registered in the United Arab Emirates. SellerPulse is a product operated by CASHSMITH L.L.C-FZ.

Questions, requests, or concerns about this Privacy Policy or your data: