Privacy Policy
Last updated: 2026-05-12
This Privacy Policy explains what personal data SafeASIN collects from you when you use the SafeASIN web application, browser extension, and related services (the "Service"), why we collect it, how long we keep it, and the rights you have over it.
If you only want the short version: we collect the minimum needed to operate the Service for you, we don't sell your data, we keep the third parties who help us run the Service to a short list, and you can export or delete your account from inside the app at any time.
1. Who is the controller
SafeASIN ("we", "us") is the data controller for the personal data described in this policy. For data-protection questions email privacy@safeasin.com.
2. Categories of data we collect
2.1 Account data
When you sign up we collect:
- email address
- a one-way hash of the password you choose
- a server-issued account ID
- the locale you sign up under (en / zh)
- timestamps for account creation and last sign-in
- (optional) display name you set in Settings
2.2 Subscription data
If you upgrade to a paid plan we record, via our payment processor Stripe:
- the Stripe customer ID and subscription ID
- subscription status (active, past_due, canceled, etc.) and current period end date
- the plan you are on (Guard, Pro)
We do not see, store, or have access to your full credit card number, CVV, or bank account number — those live on Stripe's servers.
2.3 Product / listing data you submit
When you use the audit, monitor, or self-check features we store:
- the ASINs you submit and the ones you choose to monitor
- the listing titles, bullet points, descriptions, and other text you paste in for analysis
- generated audit reports, self-check results, and appeal drafts that reference the above
- your stated email-alert preferences
We do not have access to your Amazon Seller Central account, your private order data, or your Amazon Business Reports unless you explicitly paste that data into the Service.
2.4 Public data we pair with your account
We also process public data tied to your account inside the Service, including:
- public Amazon listing snapshots and public reviews pulled from third-party providers (DataForSEO)
- public CPSC SaferProducts.gov recall events
- public openFDA Food Enforcement reports
This public data is not yours, but we describe it here for completeness because it appears inside your reports.
2.5 Technical / operational data
- session cookie (a signed, http-only cookie used to keep you signed in)
- IP address, basic request metadata, and rate-limit counters used to detect abuse
- server logs (request paths, response codes, latency, error stacks) retained on a short rolling window
- email-delivery events from Resend (delivered / bounced / complained) when we send you alerts you have opted into
2.6 What we do not collect
- We do not run third-party advertising trackers.
- We do not embed Google Analytics, Facebook Pixel, or similar cross-site trackers.
- We do not collect biometric data, precise geolocation, or special category data (race, religion, political views, sexual orientation, health, union membership, genetic, biometric).
- We do not knowingly collect data from anyone under 13. The Service is for adult B2B sellers only — see the Terms of Service section 1.
3. Why we collect each category (legal bases)
| Data | Why | Legal basis (GDPR) |
|---|---|---|
| Account data | Operate your account; deliver the Service | Contract performance |
| Subscription data | Bill you for paid features | Contract performance |
| Product / listing data | Run audits, monitor recalls, draft appeals you requested | Contract performance |
| Email alerts | Send the recall / risk alerts you opted into | Consent (Settings → Notifications) |
| IP + rate limits | Detect abuse, prevent fraud | Legitimate interest |
| Server logs | Debug failures, security incident response | Legitimate interest |
You can withdraw consent for email alerts at any time in Settings → Notifications. Withdrawing consent does not affect the lawfulness of processing that happened before withdrawal.
4. How long we keep each category (retention)
| Data | Retention |
|---|---|
| Account data | Until you delete the account; then purged within 30 days |
| Subscription data | Up to 7 years for tax/audit reasons (statutory) |
| Product / listing data + audit reports | Until you delete the account or 24 months of inactivity, whichever comes first |
| Email-alert logs | 90 days |
| IP + rate-limit counters | 30 days |
| Server logs | 30 days (longer for incident investigation) |
When you request account deletion from Settings → Privacy → Delete my account, we immediately mark your account for deletion. From that moment we stop processing new requests for the account, the account becomes inaccessible to you and our staff (except for fulfilling the deletion itself), and we complete deletion of personal data within 30 days. Subscription billing records (invoices, Stripe customer ID) are kept beyond that window only to the extent required by law (e.g. for U.S. tax records, typically 7 years).
5. Who processes data on our behalf (sub-processors)
We use the following sub-processors to operate the Service. Each is contractually bound to handle your data only on our instructions:
| Sub-processor | Purpose | Where data is processed |
|---|---|---|
| Supabase | Authenticated user database, file storage | United States (us-west) |
| Vercel | Web hosting and edge compute for the Service | United States (global edge cache) |
| Stripe | Payment processing, subscription billing | United States, EU |
| Resend | Transactional email delivery (recall / risk alerts) | United States |
| OpenAI or DeepSeek | AI generation of risk classifications and appeal drafts | United States / Singapore depending on provider |
| DataForSEO | Public Amazon listing + review snapshot retrieval | Cyprus / global |
| Keepa (when configured) | Alternate / supplementary Amazon listing snapshot retrieval used as a fallback for DataForSEO | Germany / EU |
| Anthropic (when configured) | Alternate AI provider for the same purpose as OpenAI | United States |
This list may change as we evolve the stack. The current list is kept at /privacy and material additions trigger a 30-day notice via email to subscribed users.
We do not sell your personal data to third parties, ever.
5.1 When a sub-processor is unavailable
When a sub-processor temporarily fails (e.g. an outage at DataForSEO, CPSC, OpenAI, or Resend) we do not reroute your data to a different processor on the fly. The affected feature is degraded or queued until the sub-processor recovers. We do not copy your personal data to unlisted third parties as a fallback. Server-side error logs that record the failure are governed by Section 9.1.
6. International data transfers
SafeASIN is a U.S.-based service and most processing happens in the United States. If you sign up from outside the U.S., your data will be transferred to the United States for storage and processing. We rely on the following safeguards for cross-border transfers:
- EU / UK / Swiss users: Standard Contractual Clauses (SCCs) with each U.S. sub-processor; we additionally rely on each sub-processor's certifications under the EU–U.S. Data Privacy Framework where they participate.
- All users: Encryption in transit (TLS 1.2+) and at rest with all listed sub-processors.
7. Your rights
Depending on where you live, you have some or all of the following rights:
- Access — request a copy of the personal data we hold about you. Use Settings → Privacy → Export my data.
- Rectification — correct inaccurate data. Edit your display name and email in Settings; for other fields contact us.
- Erasure ("right to be forgotten") — delete your account. Use Settings → Privacy → Delete my account.
- Restriction / objection — ask us to pause certain processing.
- Portability — receive your data in a machine-readable format (JSON). The Export feature already returns JSON.
- Withdraw consent — for email alerts, toggle off in Settings → Notifications.
- California (CCPA / CPRA) — California residents may request the categories of personal information we collect, sources, business purposes, and recipients. SafeASIN does not sell or share personal information for cross-context behavioral advertising — so the "Do Not Sell or Share My Personal Information" right is satisfied by default.
- Complaint — you may complain to your local data-protection authority. EU users can also contact us directly first; we aim to resolve issues within 30 days.
To exercise any of these rights, email privacy@safeasin.com. We will respond within 30 days. For account export and account deletion the in-app flows in Settings are usually the fastest path.
8. Cookies
We use a single, strictly-necessary cookie named safeasin_session
to keep you signed in:
- it is
httpOnly(not readable by JavaScript) - it is
sameSite=lax - it is
securein production (only sent over HTTPS) - it expires after 7 days
Because this is a strictly-necessary cookie required to provide the service you logged into, the EU ePrivacy Directive does not require a consent prompt for it. If we ever add analytics or marketing cookies, we will add a real consent banner and update this section.
9. Security
- Passwords are hashed with bcrypt-equivalent algorithms before storage.
- Data in transit uses TLS 1.2 or higher.
- Data at rest in Supabase is encrypted by the platform.
- Database access is gated by row-level security and a least-privilege service role; sub-processor credentials are never embedded in client-shipped JavaScript.
- Server-side logs are kept on a short rolling window and contain no raw passwords or full card numbers.
No system is 100% secure. If we ever experience a security incident that materially affects your personal data, we will notify you without undue delay as required by applicable law. For incidents that trigger statutory notification timelines (e.g. GDPR Article 33), we target user notification within 72 hours of confirmation.
9.1 Error logs and incident records
When something goes wrong (a sub-processor error, an audit job failure, an unhandled exception), our server-side logs capture information needed to diagnose the issue. These logs may incidentally include identifiers from the affected request — typically a user ID, an audit ID, or a redacted ASIN — but not passwords, full credit card numbers, or the body of any personal email.
Error logs are retained for the windows listed in Section 4 (typically 30 days, longer only for active incident investigation). After an incident is closed, the post-mortem may be retained internally without personal data for future reference and learning. Where an incident report is published externally, personal data is removed first.
10. Changes to this policy
We may update this Privacy Policy. Material changes (new sub-processors, changes to retention, changes to the rights section) will be announced via email to subscribed users at least 30 days before they take effect.
The "Last updated" line at the top of this page always reflects the current version.
11. Contact
For privacy questions: privacy@safeasin.com
For general support: see Terms of Service section 15.5.