Privacy policy.

[LEGAL_ENTITY] (“Adept”) operates adeptseller.com and the Adept sourcing application (the “Service”). This Privacy Policy explains what data we collect, how we use it, and your choices.

[BOILERPLATE — paste Termly output: account info (email, name), authentication tokens, SP-API connection metadata, Keepa-derived product cache, tenant usage analytics, billing data via Stripe.]

[BOILERPLATE — running the sourcing pipeline, billing, support, service improvement.]

When you authorize Amazon Selling Partner API (SP-API) access, Adept receives read-only permission scoped to your seller account. We use this access exclusively to read product eligibility, restriction state, and catalog metadata so we can upgrade the verdicts shown in your queue to match your actual gating.

Adept never lists products, edits listings, changes prices, manages inventory, fulfills orders, or takes any write action on your seller account. The scopes we request are documented at /docs#restrictions.

You can revoke Adept's SP-API authorization at any time from Amazon Seller Central. Revocation immediately stops further reads; cached data is handled per the “Data retention and deletion” section below.

Adept uses Keepa as a third-party source of historical Amazon market data (price history, sales rank, offer history, fee estimates). For each ASIN you encounter in the Service, we may pull and cache Keepa data for up to 24 hours so we can score and re-score products without burning your token budget on every page load.

We do not resell Keepa data, expose Keepa API tokens to other tenants, or aggregate raw Keepa datasets for any purpose other than rendering the Service to you. Keepa's own terms of service apply to the underlying data.

Every database query, queue operation, and API call in the Service is scoped to your tenant identifier. Row-level security rules in our PostgreSQL database enforce this at the storage layer — application-level bugs cannot expose another tenant's data without simultaneously bypassing database-enforced policies.

Workspace seats inside your tenant share data scoped to that tenant; we do not commingle data across tenants for analytics, machine-learning training, or any other use.

[BOILERPLATE — paste Termly subprocessor list. Must include: Supabase (database + auth), Stripe (billing), Resend (transactional email), Keepa (market data), Fly.io (hosting), Vercel/Cloudflare (CDN if applicable).]

[BOILERPLATE — paste Termly cookies clause. Note: cookie consent banner is a v2 follow-up.]

When you cancel your Adept subscription, your tenant's personal data (account info, workspace data, decision history) is hard-deleted from production within 30 days. Backups containing your data roll off our retention window within 90 days.

We retain anonymized usage metrics (aggregate counts of ASINs scored, tenant tier distribution) for service-improvement purposes. Billing records required for tax and audit compliance are retained for the period required by applicable law, even after account deletion.

To request immediate deletion ahead of the 30-day window, email [email protected].

[BOILERPLATE — paste Termly GDPR/CCPA section: access, correction, deletion, portability.]

[BOILERPLATE — Adept is not intended for users under 18; we do not knowingly collect children's data.]

[BOILERPLATE — we may revise; material changes notified via email; effective date updated.]

Questions about this policy? Email [email protected].