Privacy Policy

We collect the following types of information when you use Asinbase: Account Information — When you create an account, we collect your email address, name, and password (hashed and salted, never stored in plaintext). Amazon Integration Data — If you connect your Amazon Seller Central account, we receive OAuth access tokens to query your inventory and catalog data on your behalf. We never access or store your Amazon password. Product & Usage Data — ASINs you analyze, watchlist items, search queries, and feature usage patterns to improve our service. Technical Data — Browser type, device information, IP address, and log data collected automatically when you access our platform. Payment Information — Processed securely through DodoPayments. We never store your full credit card number on our servers.

We use the information we collect to: • Provide our services *(Art. 6(1)(b) — contract performance)* — Analyze products, generate risk scores, and deliver personalized recommendations. • Improve the platform *(Art. 6(1)(f) — legitimate interest)* — Understand usage patterns to build better features and fix issues. • Send important communications *(Art. 6(1)(b) — contract performance)* — Account notifications, security alerts, risk alert emails (configurable), and billing updates. • Ensure security *(Art. 6(1)(f) — legitimate interest)* — Detect and prevent fraud, abuse, and unauthorized access. • Comply with legal obligations *(Art. 6(1)(c) — legal obligation)* — Respond to lawful requests and enforce our Terms of Service. • Analytics *(Art. 6(1)(a) — consent)* — Only if you opt in, we use Google Analytics 4 to understand product usage. See Section 4. Automated decision-making. Asinbase automatically calculates a risk score for each product using market data (price history, competition, brand signals, listing quality). This scoring is entirely automated — no human reviews individual scores. The score is informational: it does not prevent you from analyzing or selling any product, and it does not affect your account status. You can request information about how your data is used in scoring by contacting privacy@asinbase.com. We do not sell, rent, or trade your personal information to third parties for marketing purposes.

We share your information only in the following circumstances: • Keepa API — We send ASINs to Keepa (Germany, EU) to retrieve product data (price history, sales rank, etc.). No personal data is shared with Keepa. • Amazon SP-API — When you connect your account, we query Amazon's API using your authorized tokens. Data flows are governed by Amazon's Developer Agreement. • Perplexity (Sonar Pro) — For trademark intelligence we send the brand name, product category, price, and marketplace country of the product you analyze. We do not send your email address, name, or account identifiers. • DodoPayments — Payments are processed through DodoPayments, subject to DodoPayments' privacy policy. • Google Analytics — If you consent to analytics (see Section 4), Google receives pseudonymous usage events and sets analytics cookies, subject to Google's privacy policy. • Email delivery (Namecheap Private Email) — Transactional and alert emails (account, security, risk alerts, billing) are sent through our email provider, which processes your email address and the message content to deliver them. • Infrastructure Providers — We host our application on Amazon Web Services (AWS, Frankfurt — eu-central-1) and store data in Supabase (database, Ireland — eu-west-1). These providers process data on our behalf under data processing agreements. • Legal Requirements — We may disclose information if required by law, court order, or governmental regulation. Where your data is processed. Your core account data and database are hosted in the European Union (AWS Frankfurt and Supabase Ireland). Some sub-processors are located in the United States — including Google Analytics, DodoPayments, Perplexity, and our email provider. Where data is transferred outside the EU/EEA, the transfer is covered by appropriate safeguards such as the EU Standard Contractual Clauses (SCCs) or an applicable adequacy decision.

Analytics (requires your consent). We use Google Analytics 4 to understand how the product is used so we can improve it — for example, which onboarding steps people complete. Google Analytics sets cookies and collects pseudonymous usage data. It does not run until you opt in via our consent banner, and you can withdraw or change your choice at any time from Settings → Preferences or the "Cookie preferences" link in the footer. When you decline, no analytics scripts load and no analytics events are sent. See Google's Privacy Policy for how Google processes this data. Strictly necessary storage (no consent required). We use your browser's localStorage for functions the site cannot work without: • Sign you in — your authenticated session, set by Supabase. • Remember preferences — language and interface settings. • Power the free demo — an anonymous identifier and quota counter for the landing-page analyzer; reset on browser data clear. These are exempt from consent under GDPR/ePrivacy because the site cannot function without them. You can clear them at any time from your browser's site settings. No advertising trackers. We do not run advertising trackers, marketing pixels, heatmaps, or session-replay tools. Nothing tracks you across the web from this site.

• Account data — Retained while your account is active. When you delete your account, your personal data is purged within 30 days. • Anonymized records — Some operational records are kept after account deletion with your identity removed (your user ID is detached): email-delivery logs we retain as proof of what was sent, and product-discovery history that feeds the shared product data other users rely on. These records no longer identify you. • Product analysis cache — Cached product data is automatically refreshed periodically and old entries are purged after 30 days. • Usage logs — Retained for up to 12 months for security and debugging purposes, then anonymized or deleted. • Payment records — Retained as required by applicable tax and financial regulations.

Depending on your jurisdiction, you may have the following rights: • Access — Request a copy of all personal data we hold about you. • Correction — Request correction of inaccurate data. • Deletion — Request deletion of your account and associated data. • Data Portability — Receive your data in a structured, machine-readable format. • Withdraw Consent — Revoke consent for optional data processing at any time. • Object — Object to processing of your data for certain purposes. To exercise any of these rights, email us at privacy@asinbase.com or use the account deletion feature in Settings. We will respond within 30 days as required by GDPR Article 12. In complex cases we may extend this by a further two months; if so, we will notify you of the extension within the first 30 days.

We implement industry-standard security measures to protect your data: • All data in transit is encrypted using TLS 1.3. • Passwords are hashed using bcrypt with salt. • Amazon OAuth tokens are stored encrypted at rest. • Database access is restricted by row-level security policies. • We conduct regular security reviews and dependency audits. While no system is 100% secure, we are committed to protecting your information and will notify affected users promptly in the event of a data breach.

Asinbase is a business tool intended for use by adults (18+). We do not knowingly collect personal information from children under 18. If we learn that we have collected data from a child, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a prominent notice on our platform. Continued use of Asinbase after changes become effective constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or our data practices, contact us at: Email: privacy@asinbase.com Support: support@asinbase.com