Privacy Policy

Last updated: February 20, 2026

Sellmetrics LLC ("Company," "we," "us," or "our") operates the Sellmetrics platform ("Service"). This Privacy Policy describes how we collect, use, store, and protect your information when you use our Service.

1. Information We Collect

1.1 Account Information

When you register for an account, we collect:

• Email address — used for login and account identification.
• Display name — shown in the dashboard interface.
• Password — securely hashed using PBKDF2 with SHA-256 and a random salt. We never store your password in plain text and cannot retrieve it.

We also automatically record your last login timestamp for security and account management purposes.

1.2 Marketplace API Credentials

To connect your marketplace accounts, you provide:

• Amazon SP-API: LWA Client ID, LWA Client Secret, Refresh Token, Seller ID, and Marketplace ID.
• Walmart Marketplace: Client ID and Client Secret.

These credentials are encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256 authentication) before storage. Credentials are only decrypted in server memory when actively used for API calls and are never logged, displayed, or transmitted to any third party.

1.3 Business Data from Marketplace APIs

Using the credentials you provide, we retrieve the following data from your marketplace accounts:

• Orders: Order IDs, product SKUs/ASINs, quantities, sale prices, order dates, fulfillment status.
• Fees and Settlements: Marketplace fees (referral fees, FBA fees, storage fees, account-level fees), settlement amounts, and transaction details.
• Returns: Return dates, dispositions, and associated order data.
• Inventory: Current FBA and WFS inventory levels, quantities, and locations.
• Reimbursements: Amazon reimbursement amounts and transaction types.
• Product Catalog: Product titles, ASINs, and listing status.

1.4 Data You Enter Manually

You may also enter:

• Cost of Goods Sold (COGS): Purchase costs per product for profit calculations.
• Recurring Costs: Overhead expenses (software subscriptions, shipping supplies, etc.) with frequency and category.

1.5 Information We Do NOT Collect

We do not collect or have access to:

• Your marketplace account passwords (only API keys).
• Your customers' personal information (buyer names, addresses, payment details).
• Bank account or payment card information.
• Browsing history, cookies for tracking, or device fingerprints.

2. How We Use Your Information

We use the information we collect exclusively to:

• Provide the Service: Calculate profitability metrics, generate dashboards and reports, and display your business analytics.
• Authenticate your account: Verify your identity and manage session security.
• Connect to marketplace APIs: Use your encrypted credentials to pull your sales, fee, and inventory data on your behalf.
• Improve the Service: We may use aggregated, anonymized statistics (e.g., total number of API pulls, average response times) to improve performance and reliability. This data never identifies you or your business.

We do not:

• Sell your personal information or business data to any third party.
• Share your data with advertisers, data brokers, or marketing platforms.
• Use your marketplace credentials to take actions in your seller accounts (we only read data).
• Use your business data to compete with you or share insights with competitors.

3. Data Storage and Security

3.1 Tenant Isolation

Each user's business data is stored in a separate, isolated database identified by a unique tenant ID. Your data is never mixed with or accessible by other users of the Service.

3.2 Encryption

• Marketplace credentials: Encrypted with Fernet (AES-128-CBC + HMAC-SHA256) before storage. The encryption key is stored securely as an environment variable on the production server and is never committed to source code or logs.
• Passwords: Hashed with PBKDF2-SHA256 with a unique random salt per user. Passwords cannot be reversed or retrieved.
• Data in transit: All connections to the Service are encrypted via HTTPS/TLS.

3.3 Infrastructure

The Service is hosted on Railway (railway.app), a cloud platform provider. Data is stored on persistent encrypted volumes within their infrastructure. Railway's security practices are described at railway.app/legal/privacy.

3.4 Access Controls

Access to production systems and databases is restricted to authorized Company personnel. We use environment-based secrets management and do not store credentials in source code.

4. Data Retention

• Business data: Retained for as long as your account is active so you can view historical trends and reports.
• Account information: Retained for as long as your account exists.
• Marketplace credentials: Retained until you disconnect the platform (via Settings) or close your account, at which point they are permanently deleted.

Upon account termination (whether by you or by us), your business data and credentials will be permanently deleted within 30 days.

5. Data Sharing and Third Parties

We share your information only in the following limited circumstances:

• Marketplace APIs: Your encrypted credentials are decrypted and used to authenticate API requests to Amazon and Walmart on your behalf. No other data is sent to these platforms.
• Infrastructure providers: Your data resides on Railway's cloud infrastructure. Railway acts as a data processor and does not access or use your data independently.
• Legal requirements: We may disclose information if required by law, subpoena, court order, or government request.

We do not use any third-party analytics services, advertising networks, or tracking pixels.

6. Your Rights and Choices

You have the right to:

• Access your data: Your dashboard displays all business data we store. You may request a full export of your data by contacting us.
• Correct your data: You can update your account information (name, email, password) in Settings at any time.
• Disconnect platforms: You can remove stored marketplace credentials at any time through the Settings page. This immediately and permanently deletes the encrypted credentials.
• Delete your account: You may request complete account deletion by contacting us. We will delete all your data (account information, credentials, and business data) within 30 days.
• Data portability: You may request an export of your data in a standard format.

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose.
• The right to request deletion of your personal information.
• The right to opt out of the sale of personal information. We do not sell your personal information.
• The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us at the email address below.

8. International Users (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal bases:

• Contract performance: Processing necessary to provide the Service you requested (e.g., pulling your marketplace data, calculating profits).
• Legitimate interest: Processing necessary for service improvement using anonymized aggregate data.
• Consent: Where required, you provide consent by creating an account and connecting your marketplace credentials.

You have the right to access, rectify, erase, restrict processing, and port your data. You also have the right to withdraw consent and lodge a complaint with your local data protection authority. Contact us to exercise these rights.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

10. Data Breach Notification

In the event of a data breach that affects your personal information or marketplace credentials, we will:

• Notify affected users by email within 72 hours of becoming aware of the breach.
• Describe the nature of the breach and the data potentially affected.
• Describe the measures taken to address and mitigate the breach.
• Provide recommendations for protecting your marketplace accounts (e.g., rotating API keys).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes take effect constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

Sellmetrics LLC
Email: [email protected]