Privacy Policy

1. Introduction

Welcome to Listora AI ("Company," "we," "our," or "us"). This Privacy Policy describes how we collect, use, and protect your personal information when you use our AI-powered e-commerce content generation platform and services (the "Service"), including our Amazon Hub, Walmart Hub, and marketplace integration features.

IMPORTANT PRIVACY COMMITMENT: Unlike many AI companies, we do NOT use your content to train our AI models. Your data remains exclusively yours. This policy explains our privacy-first approach in detail.

By using our Service, you consent to the practices described in this Privacy Policy. If you have questions about these practices, please contact us at privacy@listora.ai before using our Service.

2. Our Privacy Principles

Before detailing our practices, we want to be clear about our core privacy principles:

• YOUR DATA IS NEVER USED FOR AI TRAINING
• We do NOT sell your personal information
• Your content is visible only to you
• We use industry-standard security measures
• We are transparent about our data practices
• Marketplace credentials are stored securely and encrypted

3. Information We Collect

3.1 Information You Provide

• Account Information: Email, name, password, profile details
• Payment Information: Processed securely by third-party payment processors
• Content Data: Product names, descriptions, features you input
• Voice Data: Audio recordings when using voice features (processed and immediately discarded)
• Images: Product images you upload for processing
• Communications: Support requests, feedback, correspondence

3.2 Automatically Collected Information

• Log Data: Error reports and performance metrics for debugging
• Cookies: Session cookies for authentication (see Section 9 for details)
• Basic Technical Data: Information necessary for the service to function (such as temporary session data)

3.3 Information from Third Parties

We may receive limited information from:

• OAuth providers when you connect marketplace accounts (Amazon, Walmart)
• Payment processors for transaction verification
• Analytics services for usage insights

4. Your Content Privacy - NO AI Training

4.1 We DO NOT Use Your Content for AI Training

4.2 How We Actually Handle Your Content

• TRANSIENT PROCESSING: Your content is sent to AI providers (like OpenAI) solely for one-time processing
• NO AI TRAINING ON YOUR DATA: OpenAI does not train their models on data submitted through their API. They may temporarily retain data for up to 30 days solely for safety and abuse monitoring
• API DATA PROTECTION: Per OpenAI's standard API data usage policies, your content is not used to improve their models, not shared with others, and not used for any purpose beyond providing you results
• IMMEDIATE RESULTS: Content is processed in real-time and results are returned immediately
• YOUR STORAGE ONLY: Generated content is stored in your account for your exclusive access

4.3 Technical Implementation

• We use pre-trained models (GPT-3.5, GPT-4) that don't adapt to individual users
• Each request is stateless - no learning occurs between requests
• Voice data is transcribed and immediately discarded
• Images are processed for the specific request only

5. Marketplace Hub Data Collection (Amazon Hub & Walmart Hub)

5.1 Amazon Hub Data Collection

When you connect your Amazon Seller Central account via OAuth (SP-API), we collect and store:

• OAuth Tokens: Encrypted access and refresh tokens to maintain your connection (we NEVER see or store your Amazon password)
• Seller Information: Your Amazon Seller ID and marketplace identifiers
• Product Listings: ASIN, SKU, title, price, quantity, and listing status
• Buy Box Data: Current Buy Box price, Buy Box winner status, and competitive offer information
• Pricing Data: Your current prices, minimum/maximum price settings, and price history within our system
• Inventory Data: Stock quantities and fulfillment channel information (FBA/FBM)
• Repricer Settings: Your auto-repricer configuration, strategies, frequency, and preferences
• Notification Preferences: Your alert and notification settings for Buy Box changes

5.2 Walmart Hub Data Collection

When you connect your Walmart Seller account via OAuth, we collect and store:

• OAuth Tokens: Encrypted access tokens for API communication
• Seller Information: Your Walmart Partner ID and account identifiers
• Product Listings: SKU, item ID, title, price, inventory, and publish status
• Offer Data: Product offers, catalog matching information, and item specifications
• Pricing and Inventory: Current prices, stock levels, and update history within our system

5.3 How We Use Marketplace Data

• To display your listings and their status within our dashboard
• To monitor Buy Box status and send you alerts
• To execute auto-repricer price adjustments based on your settings
• To process bulk price and inventory updates you initiate
• To sync minimum/maximum prices to Amazon's native price fields
• To generate reports and analytics for your account
• To provide customer support when you request assistance

5.4 Marketplace Data Security

• All OAuth tokens are encrypted at rest using industry-standard encryption (AES-256)
• API communications use TLS/HTTPS encryption in transit
• Marketplace credentials are stored separately from other user data
• We implement rate limiting and access controls to prevent unauthorized access
• You can disconnect your marketplace accounts at any time, which revokes our access

5.5 Data Retention for Marketplace Features

Marketplace data is retained as follows:

• Active listing data: Retained while your marketplace connection is active
• Price change history: Retained for 90 days for your reference
• Repricer activity logs: Retained for 90 days
• Notification history: Retained for 30 days
• Upon disconnection: OAuth tokens are immediately invalidated and deleted
• Upon account deletion: All marketplace data is permanently deleted within 30 days

6. Auto-Repricer Feature Privacy

Our Auto-Repricer feature automatically adjusts your product prices on Amazon based on your configured settings. This section explains how we handle data related to this feature.

6.1 Auto-Repricer Data Processing

• Price Monitoring: We periodically check Buy Box prices for your enabled listings (frequency based on your settings: every 15, 30, or 60 minutes)
• Price Calculations: We calculate new prices based on your strategy (match, beat by amount, beat by percentage)
• Price Submissions: We submit price changes to Amazon on your behalf via the SP-API
• Activity Logging: We log repricer actions (price changes, skipped items, errors) for your review

6.2 Min/Max Price Synchronization

When you set minimum and maximum prices in Listora AI, we may synchronize these limits to Amazon's native pricing fields (minimum_seller_allowed_price, maximum_seller_allowed_price). This data includes:

• Your configured minimum price per listing
• Your configured maximum price per listing
• Product cost information (if provided, for margin-based calculations)

6.3 Automated Decision Making

The Auto-Repricer uses automated decision-making to adjust prices. You have full control over:

• Enabling or disabling the auto-repricer at any time
• Setting the repricing strategy and parameters
• Defining minimum and maximum price limits
• Excluding specific listings from auto-repricing
• Reviewing all price changes before they take effect (via bulk match feature)

7. How We Use Your Information

7.1 To Provide Our Service

• Process your requests for content generation
• Store your generated content for your access
• Enable voice and image processing features
• Manage your account and subscriptions
• Execute marketplace operations (price updates, inventory sync, repricing)
• Monitor Buy Box status and send alerts

7.2 For Business Operations

• Process payments and manage billing
• Send service announcements and updates
• Provide customer support
• Analyze aggregate usage patterns (anonymized)

7.3 For Security and Legal Compliance

• Prevent fraud and abuse
• Comply with legal obligations
• Protect our rights and safety
• Enforce our Terms of Service

IMPORTANT: None of these uses include training AI models with your content.

8. Information Sharing

We share your information only in these limited circumstances:

8.1 Service Providers

We work with trusted providers who help us operate our Service:

• Cloud hosting (AWS) - stores your data securely
• Payment processors (Stripe) - handles transactions
• Email services - sends notifications
• Analytics (anonymized only) - helps us improve

All providers are contractually bound to protect your data and prohibited from using it for AI training.

8.2 AI Processing Partners

• We send your inputs to OpenAI for content generation
• OpenAI processes your request and returns results
• OpenAI does NOT retain or train on your data per our API agreement
• Results are sent only to you

8.3 Marketplace APIs

• We transmit data to Amazon SP-API to execute your requested operations
• We transmit data to Walmart Marketplace API for listing and pricing operations
• This includes price updates, inventory changes, and listing synchronization
• These transmissions are necessary to provide the marketplace hub features you have enabled

8.4 Legal Requirements

We may disclose information if required by law, court order, or to protect rights and safety.

8.5 Business Transfers

In case of merger or acquisition, your information may transfer to the successor entity under the same privacy protections.

8.6 With Your Consent

We may share information for other purposes with your explicit consent.

WE NEVER SELL YOUR PERSONAL INFORMATION.

9. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

• Secure Infrastructure: We use trusted cloud providers (AWS/Supabase) that provide encrypted storage and secure data centers
• Encryption: Data is encrypted in transit using HTTPS/TLS and at rest using AES-256 for sensitive data
• Access Control: Password-protected accounts and authentication required for all users
• Secure Development: Following security best practices in our code and infrastructure
• Marketplace Token Security: OAuth tokens for Amazon and Walmart are encrypted at rest and stored separately from other user data

9.1 Data Breach Notification

In the unlikely event of a data breach affecting your personal information, we will notify affected users as soon as possible and provide information about what occurred and steps to take.

While we implement strong security practices, no online service is 100% secure. We encourage you to use strong, unique passwords and protect your account credentials.

10. Cookies and Tracking

We use minimal cookies for:

• Essential Functions: Login sessions and authentication
• User Preferences: Remembering your settings

You can control cookies through browser settings. Disabling cookies may prevent you from logging in.

10.1 Do Not Track

We don't track you across websites or use any third-party tracking.

We do NOT use cookies for:

• Analytics or tracking
• Building user profiles
• Advertising purposes
• Sharing data with third parties

11. Your Privacy Rights

Depending on your location, you may have these rights:

11.1 Access and Portability

• Request a copy of your personal information
• Export your content in standard formats

11.2 Correction

• Update inaccurate information
• Edit your generated content through the platform

11.3 Deletion

• To request account or data deletion, please email us at privacy@listora.ai
• We will process deletion requests within 30 days
• Note: We cannot delete information already required for legal compliance

11.4 Marketplace Data Rights

• Disconnect your Amazon or Walmart accounts at any time
• Disable auto-repricer features
• Request deletion of marketplace data

11.5 Important Clarification

11.6 Automated Decision-Making

We do not use automated decision-making or profiling that produces legal effects or significantly affects you. AI is used only to generate content based on your specific inputs. The Auto-Repricer uses automated pricing decisions based entirely on settings YOU configure, and you maintain full control to enable, disable, or modify these settings at any time.

To exercise rights, email privacy@listora.ai. We'll respond within 30 days.

12. Data Retention

• Account Data: Retained while your account is active and up to 90 days after deletion
• Generated Content: Retained until you delete it
• Payment Records: Retained as required by law (typically 7 years)
• Voice Recordings: Processed and immediately discarded
• Logs: Retained for 24 months for security
• Backups: May persist up to 90 days after deletion
• Marketplace Listing Data: Retained while marketplace connection is active
• Price Change History: Retained for 90 days
• Repricer Activity Logs: Retained for 90 days
• Notifications: Retained for 30 days

Key Point: Even in backups, your data is NEVER used for AI training.

To request deletion of your account or content before these retention periods, please email privacy@listora.ai. We process all deletion requests within 30 days.

13. International Transfers

Your data may be processed in the United States and other countries. We ensure appropriate safeguards for international transfers.

14. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect children's data. If we discover we have collected such data, we will promptly delete it.

15. Third-Party Services

When you connect to marketplaces (Amazon, Walmart, Shopify, etc.), their privacy policies apply to data they process. We only receive limited information necessary for integration. We encourage you to review the privacy policies of Amazon and Walmart for information about how they handle your seller data.

16. California Privacy Rights

California residents have additional privacy rights. We do not sell personal information. To exercise your rights under California law, including access and deletion rights, please email privacy@listora.ai.

17. European Privacy Rights (GDPR)

If you are located in the European Union, United Kingdom, or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

17.1 Legal Basis for Processing

• Contract: To provide the services you've requested
• Legitimate Interests: For security, fraud prevention, and service improvement (not AI training)
• Legal Obligation: To comply with laws
• Consent: For marketing communications (if applicable)

17.2 Your GDPR Rights

• Right to access your personal data
• Right to correct inaccurate data
• Right to request deletion ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with your supervisory authority

To exercise any of these rights, please contact us at privacy@listora.ai. We will respond to your request within one month.

18. Marketing Communications

We may send you:

• Service updates and important notices (you cannot opt-out)
• Marketing emails about new features (you can opt-out)
• Survey requests to improve our service (optional)

You can manage email preferences in your account settings or click "unsubscribe" in any marketing email.

19. Accessibility

We are committed to ensuring our Privacy Policy is accessible to everyone. If you need this policy in an alternative format, please contact us at privacy@listora.ai.

20. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or in-app notifications.

21. Contact Us

For privacy questions or concerns: