Privacy Policy

Last updated: [EFFECTIVE_DATE]

Fill before publishing: [LEGAL_NAME], [CONTACT_EMAIL], [DOMAIN], [COUNTRY], and confirm the sub-processor list (§5) and analytics (§3) match what you actually use. Not legal advice; review recommended.

[LEGAL_NAME] ("ListIQ", "we", "us") operates ListIQ (the "Service"). This Policy explains what personal information we collect, how we use and share it, and your rights. It is written to align with the EU/UK GDPR, the California Consumer Privacy Act as amended (CCPA/CPRA) and other U.S. state privacy laws, and Canada's PIPEDA. We are the data controller for the information described here.

1. Who we are / contact

For any privacy request, contact [CONTACT_EMAIL]. We are [LEGAL_NAME], based in [COUNTRY].

2. Information we collect

  • Account information: your name, email address, brand/business name, and authentication details (including via Google sign-in if you choose it).
  • Listing data you submit: Wayfair SKUs, URLs, target search queries, and related listing information you enter so we can analyze it.
  • Service data we generate: audit results, rank snapshots, suggested copy, alerts, and usage activity within your account.
  • Payment information: processed by Paddle as Merchant of Record. We do not collect or store your full card number — Paddle handles payment data. We receive limited transaction details (e.g. plan, status, country for tax) from Paddle.
  • Communications: messages you send us and your email/notification preferences.
  • Technical data: IP address, device/browser type, and basic analytics needed to run and secure the Service.

3. How we use information

We use personal information to: provide and operate the Service (run audits, track rank, deliver suggestions and alerts); create and manage your account; process subscriptions via Paddle; send transactional emails (e.g. "your teardown is ready," receipts, security and account notices); send product or marketing emails only where permitted and with the ability to opt out; provide support; improve and secure the Service; and comply with legal obligations.

Our legal bases (where GDPR applies) are: performance of our contract with you, your consent (e.g. marketing email), our legitimate interests (securing and improving the Service), and legal obligation.

Analytics: we use [ANALYTICS_PROVIDER — e.g. Vercel Analytics / Plausible / none]. Confirm and name it here, or remove this line if you use none.

4. We do not sell your personal information

We do not sell your personal information and do not share it for cross-context behavioral advertising, as those terms are defined under CCPA/CPRA. We do not use Your Content to train external AI models.

5. How we share information (sub-processors)

We share personal information only with service providers that help us run ListIQ, under appropriate agreements, including:

  • Paddle — payments / Merchant of Record (billing, tax, receipts).
  • Supabase — database, authentication, and storage of your account and service data.
  • [HOSTING — e.g. Vercel] — application hosting.
  • [EMAIL — e.g. Resend] — transactional and (opted-in) product emails.
  • [ANALYTICS — if any] — usage analytics.
  • AI provider(s) we use to generate suggestions, processing only what's needed to produce your audit (confirm/name if applicable). We may also disclose information to comply with law, enforce our Terms, or protect rights and safety, and in connection with a business transfer. Confirm this list matches your stack before publishing.

6. International transfers

We and our providers may process data in countries other than yours (including the United States, the EU, and [COUNTRY]). Where required, transfers are protected by appropriate safeguards such as Standard Contractual Clauses.

7. Data retention

We keep personal information for as long as your account is active and as needed to provide the Service, then for a reasonable period to meet legal, tax, accounting, and dispute-resolution needs, after which we delete or anonymize it. You can request deletion as described below.

8. Your rights

Depending on where you live, you may have the right to: access the personal information we hold about you; correct it; delete it; port it; object to or restrict certain processing; opt out of marketing; and (under CCPA/CPRA) know what we collect and that we do not sell/share it. Canadian users have access and correction rights under PIPEDA. To exercise any right, email [CONTACT_EMAIL]; we will verify and respond within the timeframe required by applicable law and will not discriminate against you for exercising your rights. You may also have the right to complain to your local data-protection authority.

9. Email & communications (CAN-SPAM / CASL)

Transactional emails are part of the Service. For marketing emails, we rely on consent where required (including under Canada's CASL), identify ourselves, and include an unsubscribe link in every marketing message; opting out of marketing does not stop essential account/transactional messages. You can manage alert emails in your notification preferences.

10. Cookies

We use cookies/local storage that are necessary to sign you in and operate the Service, and, if enabled, limited analytics. You can control non-essential cookies through your browser or any cookie controls we provide.

11. Security

We use technical and organizational measures (including access controls and row-level security so each customer can access only their own data) to protect personal information. No method of transmission or storage is 100% secure, but we work to protect your data and will notify you of breaches where required by law.

12. Children

The Service is for business users 18 and older and is not directed to children. We do not knowingly collect personal information from anyone under 18.

13. Changes

We may update this Policy; material changes will be posted here with a new "Last updated" date and, where required, notified to you.

14. Contact

Privacy questions or requests: [CONTACT_EMAIL] — [LEGAL_NAME], [COUNTRY].