Privacy Policy

1 Who We Are

ResellerAI ("we", "us", "our") is an AI-powered automation platform for online resellers, operated by Bayu Hidayat ("Operator"). ResellerAI is accessible at resellerai.ai and provides tools to help resellers automate listing creation, offer management, and store analytics primarily on eBay.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and service ("Service"). Please read this policy carefully. If you do not agree with the terms of this policy, please do not access or use our Service.

👤

Data Controller

Bayu Hidayat — ResellerAI
Email: hello@resellerai.ai · Website: resellerai.ai

2 Information We Collect

We collect information that you provide directly to us, information collected automatically when you use the Service, and information obtained from third-party platforms (such as eBay) when you authorize us to access them.

2.1 Account Information
When you create a ResellerAI account, we collect your email address, name (optional), and password (stored as a hashed value — we never store plain-text passwords). Authentication is handled via Supabase Auth.

2.2 eBay Account Information (when connected)
When you connect your eBay store via OAuth, we collect and store:

Your eBay username / eBay User ID
OAuth access tokens and refresh tokens (encrypted at rest — see Section 3)
Token expiry timestamps
The OAuth scopes you granted
Connection timestamps and status

2.3 Photos You Upload
When you use the Auto-Lister feature, you upload photos of items you intend to list on eBay. These photos are stored in Supabase Storage and used only for AI analysis and eBay listing creation on your behalf. See Section 4 for details.

2.4 Listing Job Data
We store data related to your listing jobs including: photo URLs, AI analysis results (title, item specifics, price suggestions), listing data submitted to eBay, and the resulting eBay item IDs.

2.5 Usage & Technical Data
We may automatically collect anonymized usage data including page views, feature interactions, browser type, operating system, IP address (for security), and referrer URLs. This data is used solely to improve the product and diagnose issues.

2.6 Payment Information
If you subscribe to a paid plan, payment processing is handled by Stripe. We never receive or store your full credit card number — only a Stripe customer ID and subscription status are stored in our database.

3 eBay OAuth & Account Data

ResellerAI connects to your eBay account through eBay's official OAuth 2.0 authorization framework. We are a registered eBay Developer application ("eBay Optimizer" / "ResellerAI") operating under eBay's Developer Program terms.

⚡ We never see your eBay password. eBay's OAuth flow means you authorize ResellerAI on eBay's own website. Your eBay credentials are never shared with us or transmitted through our servers.

What permissions we request:

Permission Scope	Why We Need It
`sell.inventory`	Create and manage listings on your eBay store
`sell.inventory.readonly`	Read your existing inventory for context
`sell.account`	Access seller account settings required for listing creation
`sell.fulfillment`	Access order fulfillment data for analytics
`sell.marketing`	Enable promoted listing features (future)
`commerce.identity.readonly`	Verify your eBay username and account status

How we store eBay tokens:

Access tokens and refresh tokens are encrypted before being stored in our Supabase database
Encryption uses AES-256 — tokens are never stored in plaintext
Access tokens expire after 2 hours; refresh tokens after approximately 18 months
We automatically refresh access tokens using the refresh token before they expire
All token exchange requests use HTTPS/TLS 1.3

Revoking access:
You can disconnect your eBay store at any time from your ResellerAI dashboard. You can also revoke our access directly in your eBay account under Account Settings → Third-party applications. Revoking access immediately stops all automation.

How we use your eBay data:

To create listings on your eBay store on your behalf (when you click "Create on eBay")
To upload photos to eBay's CDN for your listings
To verify your eBay username and display it in your dashboard
We do not read your existing listings unless you explicitly request analytics features
We do not take any actions on your eBay account without your explicit instruction

4 Photo Storage & AI Analysis

When you use the Auto-Lister feature, you upload photos of items you want to list. Here's exactly what we do with them:

Storage:
Photos are uploaded to Supabase Storage, a secure cloud storage service. Each photo is stored in a private bucket accessible only to your account. Photo URLs are signed and time-limited for display purposes.

AI Analysis:
Your photos are sent to an AI vision model (Claude by Anthropic) to analyze and generate listing data — including item title, item specifics, condition assessment, and suggested price. This analysis is performed over a secure HTTPS connection. Anthropic's API processes images transiently and does not retain your photos for model training without explicit consent.

eBay CDN Upload:
When you create a listing on eBay, your photos are uploaded to eBay's photo hosting service (UploadSiteHostedPictures). After this upload, eBay hosts the photos on their CDN for your listing. These photos are then governed by eBay's Terms of Service and Privacy Policy.

⚠️ Photo retention: Photos stored in Supabase Storage are retained for 90 days after upload, then automatically deleted. If you delete your account, all photos are deleted within 30 days.

What we do NOT do with your photos:

We do not use your photos to train our own AI models
We do not share your photos with third parties (other than eBay when creating your listing)
We do not use your photos for any purpose other than the listing creation you initiated

5 How We Use Your Information

We use the information we collect for the following purposes:

To provide the Service — creating listings, analyzing photos, connecting to eBay on your behalf
To maintain your account — authentication, session management, subscription tracking
To communicate with you — service updates, beta announcements, support responses
To improve the Service — analyzing anonymized usage patterns to identify bugs and feature opportunities
To process payments — passing billing data to Stripe for subscription management
For security — detecting and preventing fraud, unauthorized access, and abuse
Legal compliance — meeting applicable legal obligations

🔒 We will never sell your personal data or eBay store data to third parties. Period.

6 Data Sharing & Third Parties

We share data with the following third-party service providers solely as needed to operate the Service:

Service	Purpose	Data Shared
Supabase	Database, authentication, file storage	All account data, tokens (encrypted), photos
eBay APIs	Listing creation and store integration	Your photos, listing data, your OAuth tokens
Anthropic (Claude)	AI photo analysis for listing generation	Product photos you upload (transient, not retained)
Stripe	Subscription payment processing	Email, payment details (we never see card numbers)
Vercel	Website hosting and deployment	Standard web traffic logs (IP, browser, pages visited)

All service providers are contractually obligated to handle your data in accordance with applicable privacy laws and to use your data only for the purposes we specify.

We do not share your data with any other third parties except: (a) with your explicit consent, (b) when required by law or legal process, or (c) to protect the rights, property, or safety of ResellerAI, our users, or others.

7 Cookies & Tracking

Landing Page:
Our landing page (resellerai.ai) does not use third-party tracking cookies or advertising pixels. We use browser localStorage only for functional purposes (e.g., saving your waitlist form progress).

Dashboard:
The ResellerAI dashboard uses:

Session storage: To keep you logged in during your browser session (JWT token)
Local storage: For "remember me" authentication and user preferences
No advertising cookies — we do not use Google Analytics, Facebook Pixel, or any other behavioral tracking tools

OAuth State Cookie:
During the eBay OAuth flow, we temporarily store a CSRF state token to prevent cross-site request forgery attacks. This token is cleared immediately after the OAuth flow completes.

You can control cookies through your browser settings. Disabling storage may affect your ability to stay logged in.

8 Data Storage & Security

Your data is stored in Supabase's PostgreSQL database hosted on AWS infrastructure in the United States. We implement multiple layers of security:

Transport security: All data is transmitted over HTTPS/TLS 1.2+
Database encryption: All data is encrypted at rest using AES-256
Token encryption: eBay OAuth tokens receive additional application-level AES-256 encryption before storage
Row-Level Security: Supabase RLS policies ensure users can only access their own data
Authentication: Supabase Auth with bcrypt-hashed passwords and optional MFA
Access controls: Production database access is restricted to service accounts only

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

9 Data Retention Policy

Data Type	Retention Period
Account data (email, name)	Until account deletion, then 30 days
eBay OAuth tokens (active connection)	Until you disconnect or tokens expire (18 months)
eBay OAuth tokens (revoked/expired)	Deleted within 7 days of revocation
Uploaded photos (Supabase Storage)	90 days from upload date
AI analysis results & listing data	1 year (or until account deletion)
Listing job history	1 year (or until account deletion)
Usage logs (anonymized)	90 days
Payment records (Stripe)	7 years (legal requirement)

When you delete your account, all personally identifiable data is removed within 30 days. Anonymized aggregate data (with no way to identify you) may be retained longer for product analytics.

10 Your Rights

You have the following rights regarding your personal data:

Access: Request a copy of all personal data we hold about you
Correction: Request correction of inaccurate or incomplete data
Deletion: Request deletion of your account and all associated personal data (right to erasure)
Portability: Request your data in a machine-readable format (JSON/CSV)
Objection: Object to processing of your data for specific purposes
eBay Disconnection: Revoke our eBay access at any time from your dashboard or directly through eBay
Unsubscribe: Opt out of marketing emails via the unsubscribe link in any email

To exercise any of these rights, email us at hello@resellerai.ai. We will respond within 30 days. For account deletion, you can also use the "Delete Account" option in your dashboard settings.

If you are a resident of the European Economic Area (EEA) or California, you may have additional rights under GDPR or CCPA respectively. Contact us to learn more.

11 Children's Privacy

ResellerAI is not directed at children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

12 Changes to This Policy

We may update this Privacy Policy from time to time as our Service evolves. When we make material changes, we will:

Update the "Last Updated" date at the top of this page
Notify registered users by email at least 14 days before the changes take effect
For significant changes (like new data uses), obtain fresh consent where required by law

Continued use of the Service after changes become effective constitutes acceptance of the updated policy.

13 Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy or your data, please contact us:

✉️

Privacy & Data Inquiries

Email: hello@resellerai.ai
Response time: Within 30 days
For eBay token revocation: Email above or use your dashboard settings

Table of Contents