Skip to main content
AMZ Selling Tools logo

Privacy Policy

Last updated: May 2026

NOTE: This is placeholder content for legal review. It should not be treated as final legal advice.

1. Who we are

AMZ Selling Tools (“we”, “us”, “our”) operates an Amazon product tracking service that monitors product listings, prices, BSR rankings, reviews, and availability across multiple Amazon marketplaces. This policy describes what personal data we process when you use the service.

2. Data we collect

  • Account data — email address, hashed password, and account creation timestamp. Collected when you register.
  • Billing data — Stripe customer ID, last 4 digits of the payment card, and billing history. The full card number is held by Stripe; we never see or store it.
  • Tracking data — the Amazon ASINs and marketplaces you choose to track, plus the price / BSR / review snapshots fetched against those ASINs over time. This is service-functional data; the service cannot work without it.
  • Technical logs — IP address, user-agent, request paths, and error traces. Retained for debugging and abuse detection.
  • Analytics — Cloudflare Web Analytics records aggregate pageview counts, referrer, country, and Core Web Vitals via a cookieless beacon. No personal identifiers are tied to analytics events.

3. How we use it

  • Provide and operate the tracking service.
  • Process payments and reconcile credit balances (via Stripe).
  • Send service emails (account verification, billing receipts, support replies).
  • Detect and prevent abuse, fraud, and security incidents.
  • Comply with legal obligations and respond to lawful requests.

Under the UK GDPR / EU GDPR, our lawful basis is performance of contract for account / billing / tracking data, and legitimate interest for technical logs and abuse prevention.

4. Cookies

We use a single first-party authentication cookie (a session JWT) so you stay logged in across visits. The cookie is `HttpOnly`, `Secure`, and `SameSite=Lax`. We do not use advertising or cross-site tracking cookies. Our analytics provider (Cloudflare Web Analytics) is cookieless — no consent banner is required for analytics under current UK ICO and EU EDPB guidance.

5. Sub-processors

We share the minimum data necessary with the following sub-processors:

  • Stripe (Stripe, Inc.) — payment processing. Receives your email, billing address (if you provide one), and payment method. Stripe is the data controller for payment-card data.
  • Cloudflare (Cloudflare, Inc.) — CDN, DDoS protection, and cookieless web analytics. Sees request metadata (IP, headers, URL).
  • Email delivery provider — sends transactional email (verification, receipts, password reset). Receives your email address and the message body.

6. Data retention

We retain account and tracking data for as long as your account is active. If you delete your account, we erase personal data within 30 days, except where retention is required by law (e.g. billing records for tax compliance — typically 7 years). Technical logs are retained for up to 90 days.

7. Your rights

If you are in the EU, UK, or another jurisdiction that grants similar rights, you can:

  • Request a copy of the personal data we hold about you (right of access).
  • Request correction of inaccurate data (right to rectification).
  • Request deletion of your data, subject to legal retention obligations (right to erasure).
  • Export your data in a machine-readable format (right to portability).
  • Object to processing based on legitimate interest.
  • Withdraw consent for any processing based on consent.
  • Lodge a complaint with your local data protection authority (e.g. the ICO in the UK).

To exercise any of these rights, contact us through the feedback form in the application or via the contact email below.

8. International transfers

Our servers and the servers of our sub-processors (Stripe, Cloudflare) may be located outside the UK / EU. Where data leaves the UK / EU, transfers rely on the sub-processor’s Standard Contractual Clauses or an equivalent UK / EU adequacy mechanism.

9. Children

The service is intended for use by Amazon sellers. It is not directed at children under 16, and we do not knowingly collect personal data from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated by email or in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.

11. Contact

For any privacy-related questions or to exercise the rights above, contact us through the feedback form in the application.