Legal
Privacy Policy
Effective date: June 1, 2025 · Last updated: April 3, 2026
ResellerIO ("we", "us", or "our") operates the ResellerIO platform, including the web application at resellerio.com and any associated mobile applications or APIs (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.
1. Information We Collect
1.1 Account Information
When you create an account we collect your email address and a hashed password. We do not store plaintext passwords. You may optionally provide additional profile details.
1.2 Product and Inventory Data
We store the product records you create, including titles, descriptions, prices, images, and any metadata you enter. This data is associated with your account and used to provide the Service.
1.3 Images and Media
Product images and archives you upload are stored using ResellerIO's configured Tigris-compatible object storage infrastructure. Public storefront media may be served from a configured public media URL or CDN. Original images are not overwritten. Processed variants are stored as separate records alongside originals.
1.4 Usage and Technical Data
We collect standard server logs and operational metadata such as IP addresses, browser type, operating system, referring URLs, pages visited, API token usage timestamps, and public inquiry metadata. This data is used for security, abuse prevention, debugging, and service operations.
1.5 API Tokens
If you use our API, we issue bearer tokens that are hashed before storage. We also store limited token metadata such as expiry, device name if supplied, and last-used timestamps.
2. How We Use Your Information
- To create and manage your account and deliver the Service.
- To process your product images through AI pipelines (background removal, lifestyle generation, description drafting, pricing research).
- To generate marketplace-specific listing copy.
- To send transactional emails such as export-ready notifications.
- To maintain security, prevent abuse, and debug issues.
- To comply with legal obligations.
3. Third-Party Service Providers
We share data with third-party providers only as necessary to operate the Service. The categories below reflect the current service architecture and may change as our infrastructure evolves:
| Provider | Purpose | Data Shared |
|---|---|---|
| Google Gemini API | AI description drafting, recognition, and pricing research | Product images, titles, category metadata |
| SerpAPI | Sold-listing price research via search index | Product title, brand, category, condition |
| Photoroom API | Background removal and image cleanup | Product images |
| Tigris-compatible object storage provider | Object storage for product media and import/export archives | Product images, storefront assets, ZIP archives |
| Public media delivery / CDN provider | Delivery of public storefront media when configured | Public storefront images and branding assets |
| LemonSqueezy | Subscription billing, checkout, and webhook events | Account email, billing, and subscription identifiers |
4. Data Retention
We retain your data for as long as your account is active, subject to any legally required retention periods. Export files expire after a configurable retention period (currently seven days by default). You may request deletion of your account and associated data at any time by contacting us at privacy@resellerio.com.
5. Data Security
We use TLS for data in transit. Passwords are hashed with PBKDF2-SHA256 before storage and API bearer tokens are hashed before persistence. Browser sessions use HttpOnly cookies with SameSite protections and Secure cookies in production. The application also applies origin allowlists for browser API access, HMAC verification for billing webhooks, signed object-storage operations, inquiry rate limits, and archive validation checks for imports. Despite these measures, no system is completely secure.
6. Your Rights
Depending on your jurisdiction, you may have the right to access, correct, export, or delete your personal data. To exercise any of these rights, contact us at privacy@resellerio.com. We will respond within 30 days.
7. Cookies
We use first-party session cookies to keep you signed in and CSRF protections to defend against cross-site request forgery. Session cookies are intended to be HttpOnly, SameSite-protected, and Secure in production. We do not use third-party advertising cookies.
8. Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered users by email for material changes. Continued use of the Service after the effective date constitutes acceptance of the updated policy.
10. Contact
For privacy questions or requests: privacy@resellerio.com