Privacy Policy

1. Introduction

Welcome to Listora AI ("Company," "we," "our," or "us"). This Privacy Policy describes how we collect, use, and protect your personal information when you use our AI-powered e-commerce content generation platform and services (the "Service"), including our Amazon Hub, Walmart Hub, and marketplace integration features.

IMPORTANT PRIVACY COMMITMENT: Unlike many AI companies, we do NOT use your content to train our AI models. Your data remains exclusively yours. This policy explains our privacy-first approach in detail.

By using our Service, you consent to the practices described in this Privacy Policy. If you have questions about these practices, please contact us at privacy@listora.ai before using our Service.

2. Our Privacy Principles

Before detailing our practices, we want to be clear about our core privacy principles:

• YOUR DATA IS NEVER USED FOR AI TRAINING
• We do NOT sell your personal information
• Your content is visible only to you
• We use industry-standard security measures
• We are transparent about our data practices
• Marketplace credentials are stored securely and encrypted

3. Information We Collect

3.1 Information You Provide

• Account Information: Email, name, password, profile details
• Payment Information: Processed securely by third-party payment processors
• Content Data: Product names, descriptions, features you input
• Voice Data: Audio recordings when using voice features (processed and immediately discarded)
• Images: Product images you upload for processing
• Communications: Support requests, feedback, correspondence

3.2 Automatically Collected Information

• Log Data: Error reports and performance metrics for debugging
• Cookies: Session cookies for authentication (see Section 9 for details)
• Basic Technical Data: Information necessary for the service to function (such as temporary session data)

3.3 Information from Third Parties

We may receive limited information from:

• OAuth providers when you connect marketplace accounts (Amazon, Walmart)
• Payment processors for transaction verification

4. Your Content Privacy - NO AI Training

4.1 We DO NOT Use Your Content for AI Training

4.2 How We Actually Handle Your Content

• TRANSIENT PROCESSING: Your content is sent to AI providers (like OpenAI) solely for one-time processing
• NO AI TRAINING ON YOUR DATA: OpenAI does not train their models on data submitted through their API. They may temporarily retain data for up to 30 days solely for safety and abuse monitoring
• API DATA PROTECTION: Per OpenAI's standard API data usage policies, your content is not used to improve their models, not shared with others, and not used for any purpose beyond providing you results
• IMMEDIATE RESULTS: Content is processed in real-time and results are returned immediately
• YOUR STORAGE ONLY: Generated content is stored in your account for your exclusive access

4.3 Technical Implementation

• We use pre-trained models (GPT-3.5, GPT-4) that don't adapt to individual users
• Each request is stateless - no learning occurs between requests
• Voice data is transcribed and immediately discarded
• Images are processed for the specific request only

5. Marketplace Hub Data Collection (Amazon Hub & Walmart Hub)

5.1 Amazon Hub Data Collection

When you connect your Amazon Seller Central account via OAuth (SP-API), we collect and store:

• OAuth Tokens: Encrypted access and refresh tokens to maintain your connection (we NEVER see or store your Amazon password)
• Seller Information: Your Amazon Seller ID and marketplace identifiers
• Product Listings: ASIN, SKU, title, price, quantity, and listing status
• Buy Box Data: Current Buy Box price, Buy Box winner status, and competitive offer information
• Pricing Data: Your current prices, minimum/maximum price settings, and price history within our system
• Inventory Data: Stock quantities and fulfillment channel information (FBA/FBM)
• Repricer Settings: Your auto-repricer configuration, strategies, frequency, and preferences
• Notification Preferences: Your alert and notification settings for Buy Box changes

5.2 Walmart Hub Data Collection

When you connect your Walmart Seller account via OAuth, we collect and store:

• OAuth Tokens: Encrypted access tokens for API communication
• Seller Information: Your Walmart Partner ID and account identifiers
• Product Listings: SKU, item ID, title, price, inventory, and publish status
• Offer Data: Product offers, catalog matching information, and item specifications
• Pricing and Inventory: Current prices, stock levels, and update history within our system

5.3 How We Use Marketplace Data

• To display your listings and their status within our dashboard
• To monitor Buy Box status and send you alerts
• To execute auto-repricer price adjustments based on your settings
• To process bulk price and inventory updates you initiate
• To sync minimum/maximum prices to Amazon's native price fields
• To generate reports and analytics for your account
• To provide customer support when you request assistance

5.4 Marketplace Data Security

• All OAuth tokens are encrypted at rest using industry-standard encryption (AES-256)
• API communications use TLS/HTTPS encryption in transit
• Marketplace credentials are stored separately from other user data
• We implement rate limiting and access controls to prevent unauthorized access
• You can disconnect your marketplace accounts at any time, which revokes our access

5.5 Data Retention for Marketplace Features

Marketplace data is retained as follows:

• Active listing data: Retained while your marketplace connection is active
• Price change history: Retained for 90 days for your reference
• Repricer activity logs: Retained for 90 days
• Notification history: Retained for 30 days
• Upon disconnection: OAuth tokens are immediately invalidated and deleted
• Upon account deletion: All marketplace data is permanently deleted within 30 days

6. Auto-Repricer Feature Privacy

Our Auto-Repricer feature automatically adjusts your product prices on Amazon based on your configured settings. This section explains how we handle data related to this feature.

6.1 Auto-Repricer Data Processing

• Price Monitoring: We periodically check Buy Box prices for your enabled listings (frequency based on your settings: every 15, 30, or 60 minutes)
• Price Calculations: We calculate new prices based on your strategy (match, beat by amount, beat by percentage)
• Price Submissions: We submit price changes to Amazon on your behalf via the SP-API
• Activity Logging: We log repricer actions (price changes, skipped items, errors) for your review

6.2 Min/Max Price Synchronization

When you set minimum and maximum prices in Listora AI, we may synchronize these limits to Amazon's native pricing fields (minimum_seller_allowed_price, maximum_seller_allowed_price). This data includes:

• Your configured minimum price per listing
• Your configured maximum price per listing
• Product cost information (if provided, for margin-based calculations)

6.3 Automated Decision Making

Two features of the Service make automated decisions that may affect you:

(1) Auto-Repricer

The Auto-Repricer uses automated decision-making to adjust marketplace prices. You have full control over:

• Enabling or disabling the auto-repricer at any time
• Setting the repricing strategy and parameters
• Defining minimum and maximum price limits
• Excluding specific listings from auto-repricing
• Reviewing all price changes before they take effect (via bulk match feature)

(2) Content Moderation

Automated systems review text inputs, voice transcriptions, and uploaded images, and may reject content determined to violate our Acceptable Use Policy. Rejection prevents content generation, image storage, and usage-credit deduction. If you believe an automated rejection was incorrect, you have the right to request human review by contacting support@listora.ai.

7. How We Use Your Information

7.1 To Provide Our Service

• Process your requests for content generation
• Store your generated content for your access
• Enable voice and image processing features
• Manage your account and subscriptions
• Execute marketplace operations (price updates, inventory sync, repricing)
• Monitor Buy Box status and send alerts

7.2 For Business Operations

• Process payments and manage billing
• Send service announcements and updates
• Provide customer support
• Review server-side application logs for performance, security, and reliability monitoring (no third-party behavioral analytics)

7.3 For Security and Legal Compliance

• Prevent fraud and abuse
• Comply with legal obligations
• Protect our rights and safety
• Enforce our Terms of Service

IMPORTANT: None of these uses include training AI models with your content.

8. Information Sharing

We share your information only in these limited circumstances:

8.1 Service Providers

We work with trusted providers who help us operate our Service:

• Cloud hosting (AWS) - stores your data securely
• Payment processors (Stripe) - handles transactions
• Email services - sends notifications

All providers are contractually bound to protect your data and prohibited from using it for AI training.

8.2 AI Processing Partners

We share specific data with OpenAI to provide the Service:

• Text inputs — product names, features, and voice transcriptions are sent to OpenAI's content-generation and content-moderation APIs.
• Uploaded images are sent to OpenAI's vision and moderation APIs to generate image analysis and to screen for prohibited content before storage.
• Audio recordings from voice features are sent to OpenAI's transcription API and discarded after the transcription is returned.
• OpenAI processes these requests under its API agreement and does not retain or train on your data.
• Generation, transcription, and analysis results are returned only to you. Moderation results are used solely to allow or reject your request.

8.3 Marketplace APIs

• We transmit data to Amazon SP-API to execute your requested operations
• We transmit data to Walmart Marketplace API for listing and pricing operations
• This includes price updates, inventory changes, and listing synchronization
• These transmissions are necessary to provide the marketplace hub features you have enabled

8.4 Legal Requirements

We may disclose information if required by law, court order, or to protect rights and safety.

8.5 Business Transfers

In case of merger or acquisition, your information may transfer to the successor entity under the same privacy protections.

8.6 With Your Consent

We may share information for other purposes with your explicit consent.

WE NEVER SELL YOUR PERSONAL INFORMATION.

9. Data Security

We take data security seriously and implement industry-standard measures to protect your information:

• Secure Infrastructure: We use trusted cloud providers (AWS/Supabase) that provide encrypted storage and secure data centers
• Encryption: Data is encrypted in transit using HTTPS/TLS and at rest using AES-256 for sensitive data
• Access Control: Password-protected accounts and authentication required for all users
• Secure Development: Following security best practices in our code and infrastructure
• Marketplace Token Security: OAuth tokens for Amazon and Walmart are encrypted at rest and stored separately from other user data

9.1 Security Incident and Breach Notification

We maintain a written incident-response plan that defines how we detect, contain, investigate, and disclose security incidents affecting personal data. If we determine that a security incident has compromised the confidentiality, integrity, or availability of your personal information, we will:

• Notify affected users without undue delay by email to the address associated with the affected account, and where required by law, no later than 72 hours after we become aware of the breach (per GDPR Article 33);
• Notify supervisory authorities and regulators as required by applicable law, including U.S. state breach- notification statutes, the EU/UK GDPR, and the California CPRA;
• Describe the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the remedial measures taken or proposed;
• Provide guidance on protective steps you can take, such as resetting your password, revoking marketplace OAuth tokens, or monitoring financial accounts;
• Document and preserve evidence related to the incident for regulatory inquiry and forensic review.

Reporting suspected vulnerabilities: If you believe you have discovered a security vulnerability in our Service, please report it to security@listora.ai. We commit to acknowledging receipt within 5 business days and to not pursuing legal action against good-faith security researchers who comply with our responsible-disclosure guidelines.

While we implement strong security practices, no online service is 100% secure. We encourage you to use strong, unique passwords, enable two-factor authentication where available, and protect your account credentials.

10. Cookies and Tracking Technologies

10.1 Strictly Necessary Cookies

We use only strictly-necessary cookies that are required for the Service to function. These cannot be disabled without breaking the Service:

• Authentication: Supabase session cookies that keep you signed in
• Security: CSRF protection tokens and rate-limiting identifiers
• User Preferences: Language selection, theme, and dashboard settings

10.2 No Third-Party Analytics, Advertising, or Tracking

We do NOT use:

• Google Analytics, Google Tag Manager, or Google Ads tags
• Meta (Facebook) Pixel, LinkedIn Insight Tag, or other advertising pixels
• Session-replay tools (Hotjar, FullStory, LogRocket, etc.)
• Cross-site tracking, retargeting, or ad networks
• Any third-party tools that build advertising profiles of you

Limited third-party cookies may be set by the following operational service providers when you interact with their features:

• Stripe: Sets cookies during checkout and billing portal sessions for fraud prevention and payment processing. See Stripe's Privacy Policy.
• Supabase: Sets authentication and session cookies on our behalf for sign-in functionality.

10.3 Do Not Track and Global Privacy Control

Because we do not engage in cross-site tracking or behavioral advertising, "Do Not Track" (DNT) and Global Privacy Control (GPC) browser signals are effectively honored by default for all users.

11. Your Privacy Rights

Depending on your location, you may have these rights:

11.1 Access and Portability

• Request a copy of your personal information
• Export your content in standard formats

11.2 Correction

• Update inaccurate information
• Edit your generated content through the platform

11.3 Deletion

• To request account or data deletion, please email us at privacy@listora.ai
• We will process deletion requests within 30 days
• Note: We cannot delete information already required for legal compliance

11.4 Marketplace Data Rights

• Disconnect your Amazon or Walmart accounts at any time
• Disable auto-repricer features
• Request deletion of marketplace data

11.5 Important Clarification

11.6 Automated Decision-Making

The Service uses limited automated decision-making, and we do not use profiling for advertising or other purposes outside the Service. The two automated decisions that may affect you are:

• Auto-Repricer — automated pricing decisions based entirely on settings YOU configure. You maintain full control to enable, disable, or modify these settings at any time.
• Content Moderation — automated screening of text inputs, voice transcriptions, and uploaded images, which may reject content determined to violate our Acceptable Use Policy.

You have the right to request human review of any automated rejection or pricing decision. Email support@listora.ai for moderation reviews or privacy@listora.ai for data-protection matters, and we will manually review the decision.

To exercise rights, email privacy@listora.ai. We'll respond within 30 days.

12. Data Retention

• Account Data: Retained while your account is active and up to 90 days after deletion
• Generated Content: Retained until you delete it
• Payment Records: Retained as required by law (typically 7 years)
• Voice Recordings: Processed and immediately discarded
• Logs: Retained for 24 months for security
• Backups: May persist up to 90 days after deletion
• Marketplace Listing Data: Retained while marketplace connection is active
• Price Change History: Retained for 90 days
• Repricer Activity Logs: Retained for 90 days
• Notifications: Retained for 30 days

Key Point: Even in backups, your data is NEVER used for AI training.

To request deletion of your account or content before these retention periods, please email privacy@listora.ai. We process all deletion requests within 30 days.

13. International Transfers

Your data may be processed in the United States and other countries. We ensure appropriate safeguards for international transfers.

14. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect children's data. If we discover we have collected such data, we will promptly delete it.

15. Third-Party Services

When you connect to marketplaces (Amazon, Walmart, Shopify, etc.), their privacy policies apply to data they process. We only receive limited information necessary for integration. We encourage you to review the privacy policies of Amazon and Walmart for information about how they handle your seller data.

16. California Privacy Rights

California residents have additional privacy rights. We do not sell personal information. To exercise your rights under California law, including access and deletion rights, please email privacy@listora.ai.

17. European Privacy Rights (GDPR)

If you are located in the European Union, United Kingdom, or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

17.1 Legal Basis for Processing

• Contract: To provide the services you've requested
• Legitimate Interests: For security, fraud prevention, and service improvement (not AI training)
• Legal Obligation: To comply with laws
• Consent: For marketing communications (if applicable)

17.2 Your GDPR Rights

• Right to access your personal data
• Right to correct inaccurate data
• Right to request deletion ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with your supervisory authority

To exercise any of these rights, please contact us at privacy@listora.ai. We will respond to your request within one month.

18. Marketing Communications

We may send you:

• Service updates and important notices (you cannot opt-out)
• Marketing emails about new features (you can opt-out)
• Survey requests to improve our service (optional)

You can manage email preferences in your account settings or click "unsubscribe" in any marketing email.

19. Accessibility

We are committed to ensuring our Privacy Policy is accessible to everyone. If you need this policy in an alternative format, please contact us at privacy@listora.ai.

20. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes via email or in-app notifications.

21. Contact Us

For privacy questions or concerns: