Privacy Policy

AutoFBA (“AutoFBA,” “we,” “us,” or “our”) helps Amazon sellers source, list, and manage FBA inventory. This policy explains what personal information and Amazon Seller data we collect, how we use it, who we share it with, and what rights you have over it.

By creating an account or using AutoFBA, you agree to this policy. If you do not agree, please do not use the service.

2.1 Account information

When you register we collect your email address, your name (if you provide one via Google sign-in), and your authentication identifier. We store these in Supabase, our authentication and database provider.

2.2 Billing information

When you subscribe to a paid plan, Stripe processes your payment. We receive a Stripe customer identifier and your subscription status, but we do not store full card numbers, CVV codes, or bank account details on our servers.

2.3 Amazon Seller data (SP-API)

When you connect a Seller Central account we receive, via the official Amazon Selling Partner API, data including:

• Listing and inventory information (ASINs, SKUs, prices, stock levels)
• Order metadata (order IDs, fulfilment status, totals)
• Buyer-facing data permitted by your SP-API role (e.g. shipping address for FBM order labels)
• Settlement, refund, and fee reports
• Advertising (PPC) campaign and keyword data, if you grant the Ads scope

We never scrape Amazon HTML; all Amazon data flows through official, authorised SP-API endpoints under your seller credentials.

2.4 Usage and diagnostic data

We log standard server diagnostics — request paths, response codes, timing, error stack traces — to operate and debug the service. We do not log customer names, customer addresses, or payment instrument details to our application logs.

2.5 Cookies

We use first-party cookies set by Supabase to keep you signed in, and a small number of functional cookies to remember UI preferences. We do not use third-party advertising cookies.

• To operate the AutoFBA service and the features you ask it to perform on your behalf
• To recommend products, suppliers, pricing changes, and listing improvements
• To send transactional emails (account, billing, security alerts)
• To respond to support requests and feedback you submit
• To detect and prevent fraud, abuse of the referral program, and security incidents
• To comply with applicable law and Amazon’s Data Protection Policy for SP-API developers

We do not sell your personal data and we do not use your Amazon Seller data to train third-party AI models.

We share information only with the following categories of third-party processors, each acting under contractual data-protection obligations:

• Supabase — authentication, database, and file storage
• Stripe — payment processing and subscription billing
• Amazon — Selling Partner API and Advertising API
• Vercel — application hosting and edge delivery
• OpenAI / Anthropic — AI inference for listing copy, product matching, and chat responses; we send only the data needed for the task and do not include customer PII
• Resend — transactional email delivery
• Upstash — rate limiting and short-lived caching

We may also disclose information when required by law, to enforce our terms, or to protect the rights, property, or safety of AutoFBA, our users, or the public.

We encrypt data in transit (TLS 1.2+) and at rest. Per-user data in our database is isolated by Postgres Row-Level Security policies, so one customer cannot read another customer’s rows. PII fields including customer names and shipping addresses are encrypted at rest, and they are excluded from application logs. Access to production systems is restricted to authorised engineering staff and audited.

No method of transmission or storage is 100% secure. If we become aware of a security incident that affects your data we will notify you and the appropriate authorities as required by law.

We retain your account information and Amazon Seller data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 90 days, except where we are required to retain certain records (for example, billing records for tax purposes, or order data Amazon’s Data Protection Policy requires us to keep for a defined period).

Depending on where you live, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate personal data
• Delete your account and associated personal data
• Export your data in a portable format
• Object to or restrict certain processing
• Withdraw consent where processing is based on consent
• Lodge a complaint with your local data-protection authority

To exercise any of these rights, email privacy@autofba.ai. We will respond within the time period required by applicable law (typically 30 days).

AutoFBA is operated from the United States. If you access the service from outside the United States, your information will be transferred to, stored, and processed in the United States and other countries where our processors operate. Where required, we rely on standard contractual clauses or equivalent safeguards for cross-border transfers.

AutoFBA is intended for use by adults running Amazon Seller accounts. We do not knowingly collect personal data from anyone under 16. If you believe a child has provided us personal data, email privacy@autofba.ai and we will delete it.

We may update this policy from time to time. We will revise the “Last updated” date at the top, and for material changes we will notify you by email or in-app banner before the change takes effect.

Questions about this policy or about how we handle your data? Email privacy@autofba.ai.