Privacy Policy

Welcome to ResellAIO ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our inventory management platform and related services (the "Service"). This policy applies to all users of ResellAIO, including website visitors and registered users.

By accessing or using our Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our Service. Please also review our Terms of Service and Cookie Policy for additional information.

Contact Information: If you have questions about this Privacy Policy, please visit our homepage or contact us at privacy@resellaio.com or by mail at ResellAIO Privacy Office, PO Box 1914, Taylors Lakes VIC 3038, Australia.

We use collected information for the following purposes:

Service Provision

• Providing and maintaining our inventory management platform
• Processing and managing your inventory, sales, and expense data
• Generating analytics and business insights
• Processing payments and managing subscriptions
• Providing customer support and technical assistance

Communication

• Sending important service updates and security notifications
• Responding to your inquiries and support requests
• Sending promotional emails (with your consent, where required)

Service Improvement

• Analyzing usage patterns to improve our Service
• Developing new features and functionality
• Conducting research and analytics
• Ensuring security and preventing fraud

Legal Compliance

• Complying with legal obligations and regulatory requirements
• Protecting our rights and the rights of our users
• Investigating and preventing fraudulent or illegal activities

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal bases:

• Contract Performance: Processing necessary to provide our Service and fulfill our contract with you
• Legitimate Interest: Service improvement, security, and business operations (where not overridden by your interests)
• Consent: Marketing communications and optional features (where consent is required)
• Legal Obligation: Compliance with applicable laws and regulations

We do not sell, trade, or rent your personal information. We may share your information in the following limited circumstances:

Service Providers

• Supabase: Database, authentication, storage, and real-time backend infrastructure (data processing agreement in place)
• Stripe: Payment processing and subscription management (PCI DSS compliant)
• Discord: OAuth authentication and automated role management for Pro subscribers
• StockX: Product data and market price information via OAuth API integration
• Google: OAuth authentication services and Google Analytics for usage analytics (requires cookie consent)
• Google Analytics: Web analytics service to understand user behavior and improve our Service (anonymized IP addresses, cookie consent required)
• Hosting Providers: Cloud infrastructure and content delivery (Vercel/similar)

Legal Requirements

• When required by law, regulation, or court order
• To protect our rights, property, or safety, or that of our users
• To investigate fraud, security issues, or other misconduct

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

When you connect third-party services, we share limited data with their APIs to provide integrated functionality:

Discord API

• Data Sent: Discord User ID, subscription status (Pro/Free)
• Purpose: Automatic role assignment for Pro subscribers in our Discord server
• Frequency: When you connect Discord, when subscription status changes, and during manual sync
• Your Control: Disconnect Discord integration anytime from Settings
• Discord Privacy Policy: https://discord.com/privacy

StockX API

• Data Sent: Product search queries, product IDs for price lookups
• Data Received: Product details, market prices (lowest ask, highest bid), product images
• Purpose: Real-time market valuation for your inventory items
• Frequency: When you search products, link items, or request price updates (manual or automatic)
• Your Control: Disconnect StockX integration anytime from Settings; disable auto-refresh
• StockX Privacy Policy: https://stockx.com/privacy

Stripe API

• Data Sent: Email, subscription plan selection, payment method
• Purpose: Payment processing and subscription management
• Security: We do not store credit card numbers - handled directly by Stripe (PCI DSS Level 1 certified)
• Stripe Privacy Policy: https://stripe.com/privacy

Important: We do not sell your data to third parties. API integrations only share data necessary for the specific functionality you've enabled. For more details about our data practices, see our Terms of Service.

We use automated systems to process your data and provide enhanced functionality:

Background Price Updates

• Automatic market price refresh for StockX-linked inventory items
• Runs when you're actively using the app (not when offline or logged out)
• Updates highest bid and lowest ask prices for accurate valuations
• Stores price history for trend analysis
• Your Control: Disconnect StockX to stop automated updates

Webhook Processing

• Stripe Webhooks: Process payment events, subscription changes, failed payments
• Real-time Sync: Keeps subscription status accurate across your account
• Audit Logging: All webhook events logged for security and debugging (includes event type, timestamp, processing status)
• Retention: Webhook logs retained for 90 days

Real-Time Data Synchronization

• Supabase Realtime: Live updates when your data changes (e.g., Discord connection status)
• Session management: Automatic session refresh for security
• Cross-device sync: Changes on one device reflect on others in real-time

Recurring Expense Automation

• Automatic expense entry creation for recurring expenses (monthly, quarterly, etc.)
• You maintain full control: edit, delete, or stop recurring expenses anytime

No Automated Decision-Making: We do not use automated systems to make decisions that significantly affect you (e.g., credit decisions, profiling). All automated processing is for service functionality only.

You can upload files to our Service for expense tracking and inventory management:

Receipt Storage

• What You Can Upload: Receipt images (JPG, PNG, PDF) for expense tracking
• Storage: Files stored in Supabase Storage (encrypted at rest)
• Access Control: Only you can access your uploaded receipts (enforced by Row Level Security)
• Retention: Files retained until you delete them or close your account
• File Size Limit: Maximum 10MB per file

Inventory Images

• What You Can Upload: Product images for inventory items
• Alternative: Images can also be sourced from StockX (we store the URL, not the image)
• Access: Private to your account only

CSV Imports

• CSV files processed in-browser for bulk inventory imports
• Files are not permanently stored - only parsed to create inventory records
• Imported data becomes part of your inventory records

Your Responsibility: Do not upload files containing sensitive personal information (SSN, credit card numbers, etc.). We are not responsible for sensitive data you choose to upload.

If you are a California resident, you have the following rights under the California Consumer Privacy Act:

Categories of Personal Information We Collect

• Identifiers: Name, email address, account username
• Commercial Information: Subscription details, payment history, usage records
• Internet Activity: Browsing behavior, feature usage, interaction data
• Professional Information: Business data you input into our Service

Your CCPA Rights

• Right to Know: Request information about the personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out: Opt-out of the sale of personal information (Note: We do not sell personal information)
• Non-Discrimination: We will not discriminate against you for exercising your rights

Data Retention

We retain different types of data for varying periods based on legal requirements and business needs:

• Account Data: Retained for the duration of your account plus 3 years after account closure for legal compliance
• Inventory, Sales & Expenses: Retained until you delete them or close your account; then 3 years for tax/legal compliance
• Payment & Subscription Data: 7 years from last transaction (financial record keeping requirements)
• OAuth Tokens (Discord, StockX, Google): Retained until you disconnect the integration; automatically deleted on disconnect
• Webhook & Event Logs: 90 days for debugging and security monitoring
• Discord Role Sync Logs: 1 year for audit purposes
• Uploaded Files (Receipts, Images): Retained until you delete them or close your account
• Session & Authentication Logs: 30 days for security purposes

You may request earlier deletion by contacting us. Note that some data may be retained longer if required by law or for legitimate business purposes (e.g., ongoing disputes, tax obligations).

How to Exercise Your Rights

To exercise your CCPA rights, contact us at:

• Email: privacy@resellaio.com
• Online form: [Include web form link when available]
• Phone: [Include phone number]

If you are in the European Economic Area (EEA) or UK, you have the following rights under GDPR:

• Right of Access: Request a copy of the personal data we hold about you
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data
• Right to Restrict Processing: Limit how we use your personal data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for consent-based processing
• Right to Lodge a Complaint: Contact your local data protection authority

Data Protection Officer: For GDPR-related inquiries, contact our Data Protection Officer at dpo@resellaio.com.

We implement industry-standard security measures to protect your information:

• Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Infrastructure Security: Secure cloud hosting with regular security audits
• Monitoring: Continuous security monitoring and incident response procedures
• Compliance: SOC 2 Type II compliance for our infrastructure providers

While we implement strong security measures, no system is 100% secure. We cannot guarantee absolute security of your information.

Our Service is hosted in the United States. If you access our Service from outside the US, your information may be transferred to, stored, and processed in the US and other countries where our service providers operate.

We ensure adequate protection for international transfers through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions where applicable
• Data processing agreements with all service providers

We use cookies and similar tracking technologies to enhance your experience. When you first visit our Service, we display a cookie consent banner that allows you to accept or decline optional cookies.

Essential Cookies (Always Active)

• Authentication: Session management and login state (Supabase auth cookies)
• Security: CSRF protection and fraud prevention
• Functionality: Service preferences, theme selection, language settings
• Cookie Consent: Your cookie preferences (stored locally)

Essential cookies are necessary for the Service to function and cannot be disabled.

Analytics Cookies (Requires Consent)

• Google Analytics Cookies: Track usage patterns, page views, session duration
• Cookie Names: _ga, _ga_*, _gid, _gat
• Expiration: Up to 2 years (varies by cookie)
• Purpose: Understand how users interact with our Service, identify popular features, improve user experience
• Data Collected: Pages visited, time spent, device type, browser, location (country/city), referring site
• IP Anonymization: Enabled - we do not collect your full IP address

Analytics cookies are only set if you accept them via our cookie consent banner. You can change your preference anytime by clicking the "Cookie Settings" link in the footer or clearing your browser cookies.

Managing Your Cookie Preferences

• Cookie Consent Banner: Displayed on your first visit - accept or decline analytics cookies
• Cookie Settings Link: Available in the footer to change preferences anytime
• Browser Settings: Clear cookies or block all cookies (may affect functionality)
• Google Analytics Opt-out: Install the Google Analytics Opt-out Browser Add-on
• Do Not Track: We honor browser "Do Not Track" signals for analytics cookies

Note: Disabling essential cookies will prevent you from using core Service features. Analytics cookies are optional and do not affect functionality.

For more detailed information about cookies, see our Cookie Policy.

Our Service is not intended for children under 13 years of age (or 16 in the EEA). We do not knowingly collect personal information from children under these ages. If we become aware that we have collected personal information from a child under the applicable age, we will take steps to delete such information.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

Our Service integrates with third-party services to provide enhanced functionality. Each integration has its own privacy policy:

• Supabase: Backend infrastructure and database - Privacy Policy
• Stripe: Payment processing - Privacy Policy
• Google OAuth: Authentication services - Privacy Policy
• Discord: Authentication and role management - Privacy Policy
• StockX: Product data and market pricing - Privacy Policy

How Integrations Work

• Optional: All OAuth integrations (Discord, StockX, Google) are completely optional
• Revocable: You can disconnect any integration at any time from Settings
• Limited Scope: We only request minimum necessary permissions for each integration
• Secure: All OAuth tokens stored encrypted; never shared with other third parties

Data Protection Agreements

We have data processing agreements in place with Supabase and Stripe. Discord and StockX process data as independent controllers under their own privacy policies when you use their OAuth integrations.

Important: We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies before connecting integrations.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the updated policy on our website
• Sending an email notification to registered users
• Displaying a prominent notice in our Service

Your continued use of our Service after the effective date of changes constitutes acceptance of the updated Privacy Policy. Any changes will also be reflected in our Terms of Service where applicable.

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

We will respond to your inquiry within 30 days (or as required by applicable law). For urgent privacy concerns, please mark your communication as "Urgent Privacy Matter." You can also create an account to access our support system.