Privacy Policy
Last updated: December 2025
This Privacy Policy describes how SellyGenie ("we," "us," or "our") collects, uses, and protects your personal information when you use our AI-powered product description generation service, including our website and Chrome browser extension.
By using SellyGenie, you agree to the collection and use of information in accordance with this policy.
1. Data Controller
SellyGenie is operated as a software service. For questions about your personal data, please contact us at: support@sellygenie.com
2. Information We Collect
We collect different types of information depending on how you use our service:
2.1 Account Information
When you create an account, we collect:
- Email address (required for account creation and notifications)
- Name (optional, from your profile or OAuth provider)
- Profile picture (optional, from OAuth provider if you sign in with Google or Apple)
2.2 Authentication Data
When you sign in, we process:
- OAuth tokens from Google or Apple (managed by these providers, not stored by us)
- One-time passwords (OTP) for email authentication (temporary, deleted after verification)
- Two-factor authentication secrets (encrypted, if you enable 2FA)
- Trusted device information (device hash for remembering your devices)
2.3 Product Generation Data
When you generate product descriptions, we collect:
- Product images you upload (stored securely for your generation history)
- Image thumbnails (created automatically for faster loading)
- Voice recordings (if you use voice input, processed for transcription)
- Text input (your product descriptions and notes)
- Generated descriptions (the AI-generated content)
- Marketplace information (which marketplace you're creating content for)
2.4 Payment Information
When you make a purchase, we collect:
- Stripe customer ID (reference to your payment profile)
- Subscription status (active, canceled, etc.)
- Credit transaction history (purchases, usage, bonuses)
- Applied promotional codes
Important: We do not directly collect or store your credit card number, bank account, or other sensitive payment details. All payment processing is handled securely by Stripe, which is PCI DSS certified.
2.5 Usage and Technical Data
We automatically collect:
- IP address (for security and fraud prevention)
- Country code (derived from IP for regional features)
- Browser and device information (user agent string)
- Request logs (which pages you visit, API calls made)
- Error logs (if something goes wrong, for debugging)
- Performance metrics (load times, generation duration)
2.6 Chrome Extension Data
When you use our Chrome Extension, we additionally collect:
- Extension installation ID (anonymous UUID generated on installation)
- Current marketplace page URL (to detect which marketplace you're on)
- Form field detection data (to enable auto-fill functionality)
The extension does not collect your browsing history, content from other websites, or any data outside of marketplace pages where you actively use SellyGenie.
3. How We Use Your Information
We use your information for the following purposes:
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide the service | Account data, generation data | Contract performance |
| Process payments | Payment information | Contract + Legal obligation |
| Improve AI quality | Anonymized generation patterns | Legitimate interest |
| Security & fraud prevention | IP, device data, usage patterns | Legitimate interest |
| Customer support | Account data, generation history | Contract performance |
| Service notifications | Email address | Contract performance |
| Legal compliance | All data as required | Legal obligation |
We Do NOT:
- Sell your personal data to third parties
- Use your generated content to train AI models without your explicit consent
- Share your product images or descriptions with other users
- Send marketing emails without your consent
4. Third-Party Services
We use the following third-party services to operate SellyGenie:
4.1 OpenAI (AI Processing)
We use OpenAI's API for:
- Generating product descriptions (GPT models)
- Transcribing voice recordings (Whisper API)
- Analyzing product images (Vision API)
Data shared: Product images, voice recordings, text prompts Location: United States Safeguards: OpenAI's Enterprise Privacy Terms, Standard Contractual Clauses (SCCs) Privacy Policy: openai.com/privacy
4.2 Stripe (Payment Processing)
We use Stripe for all payment processing.
Data shared: Email, name, payment method (handled directly by Stripe) Location: United States Safeguards: PCI DSS Level 1 certified, Standard Contractual Clauses Privacy Policy: stripe.com/privacy
4.3 Google OAuth (Authentication)
If you sign in with Google, Google processes your authentication.
Data shared: Basic profile (email, name, picture) based on your consent Privacy Policy: policies.google.com/privacy
4.4 Apple OAuth (Authentication)
If you sign in with Apple, Apple processes your authentication.
Data shared: Email (may be hidden by Apple), name Privacy Policy: apple.com/legal/privacy
5. International Data Transfers
Your data may be transferred to and processed in countries outside of your residence, including the United States, where our third-party service providers (OpenAI, Stripe) are located.
For EU/EEA users: We ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Additional technical and organizational measures
6. Data Retention
We retain your data for the following periods:
| Data Category | Retention Period | Reason |
|---|---|---|
| Account information | Until you delete your account | Service delivery |
| Generation history | Until you delete the item or account | Your access to past generations |
| Product images | Until generation is deleted | Part of generation record |
| Voice recordings | 30 days after transcription | Data minimization |
| Request/error logs | 90 days | Security and debugging |
| Payment records | 7 years | Legal requirement (tax/accounting) |
| Security alerts | 1 year | Fraud prevention |
When you delete your account, we will remove your personal data within 30 days, except where retention is required by law (e.g., payment records for tax purposes).
7. Your Rights (GDPR)
If you are in the European Union, European Economic Area, or United Kingdom, you have the following rights:
7.1 Right of Access
You can request a copy of all personal data we hold about you.
7.2 Right to Rectification
You can update or correct your personal data through your account settings, or request corrections from us.
7.3 Right to Erasure ("Right to be Forgotten")
You can delete your account and all associated data through settings, or request deletion from us.
7.4 Right to Restrict Processing
You can request that we limit how we use your data in certain circumstances.
7.5 Right to Data Portability
You can request your data in a machine-readable format (JSON).
7.6 Right to Object
You can object to processing based on legitimate interests. We will stop unless we have compelling legitimate grounds.
7.7 Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time.
7.8 Right to Lodge a Complaint
You have the right to lodge a complaint with your local data protection authority.
To exercise your rights: Contact us at support@sellygenie.com or use the data management features in your account settings.
8. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- Right to Know: Request what personal information we collect, use, and disclose
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information, so this right does not apply
- Non-Discrimination: We will not discriminate against you for exercising your rights
To exercise these rights, contact us at support@sellygenie.com.
9. Children's Privacy
SellyGenie is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16.
If you are a parent or guardian and believe your child has provided us with personal information, please contact us at support@sellygenie.com. If we learn that we have collected personal information from a child under 16, we will delete that information promptly.
10. Security Measures
We implement appropriate technical and organizational measures to protect your personal data:
- Encryption in transit: All data transmitted using TLS 1.3
- Encryption at rest: Sensitive data encrypted using AES-256
- Access controls: Role-based access, principle of least privilege
- Authentication security: Secure password hashing, optional 2FA
- Infrastructure security: Regular security audits, automated monitoring
- Payment security: PCI DSS compliance delegated to Stripe
No method of transmission over the Internet is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.
11. Cookies
We use cookies and similar technologies for:
- Essential cookies: Authentication, session management (required for the service to work)
- Preference cookies: Theme and language settings (set only when you change preferences)
We do not use analytics, advertising, or tracking cookies. For detailed information about cookies, please see our Cookie Policy.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make significant changes:
- We will update the "Last updated" date at the top
- We will notify you via email or through the service
- We may ask for your consent where required by law
We encourage you to review this Privacy Policy periodically.
13. Contact Us
If you have any questions about this Privacy Policy or our data practices, please contact us:
Email: support@sellygenie.com
For EU data protection inquiries, you may also contact your local Data Protection Authority.
This Privacy Policy was last reviewed and updated on December 25, 2025.