Privacy Policy

Google user data — what we access and how we use it

When you choose “Sign in with Google”, SellerCard receives a limited set of profile information from Google. This section describes exactly what we access, how we use it, where it's stored, and what we never do with it.

Data we access

• Email address (https://www.googleapis.com/auth/userinfo.email) — used as your unique account identifier and to send you transactional messages (account confirmation, payment receipts, password reset, support replies).
• Basic profile information (https://www.googleapis.com/auth/userinfo.profile) — your display name and profile picture, shown to you in the app header so you know which account you're signed into. Not shown to other users.
• OpenID identifier (openid) — the stable Google account ID (the sub claim) we use to recognise you across sessions and sign-in methods.

We do not request or use any restricted or sensitive Google scopes (no Drive, no Gmail, no Calendar, no Contacts). The list above is the complete set.

How we use this data

• Account creation and sign-in. The first time you sign in with Google we create your SellerCard account using your email address and OpenID. Subsequent sign-ins look up the same identifier so you reach the same account.
• In-product display. Your name and avatar are shown to you only — in the navigation bar and account page — so you can confirm the active session.
• Transactional email. We send essential service emails (sign-in links, payment confirmations, account changes) to your email address via Resend. You can control marketing email separately at sign-up.
• Customer support. If you contact support we may use your email to identify your account and reply.

How we store and protect this data

• Stored in our Supabase-hosted Postgres database (EU region, encrypted at rest, TLS in transit). Email addresses are additionally encrypted at the application layer.
• Retained while your account is active. You can delete your account at any time from the Account settings; we erase Google-derived data within 30 days of the request.
• Subprocessors who may handle this data on our behalf (Supabase, Resend, Sentry, PostHog, payment providers including Polar Software Inc., and — for SellerCard iOS app subscribers — Apple Inc. for App Store payment processing and RevenueCat Inc. for subscription state management) are listed at /legal/subprocessors. They are bound by data-processing agreements.

What we never do

• We do not sell your Google user data. Ever.
• We do not use your Google user data to train, improve, or develop AI / machine-learning models. The AI features in SellerCard (image generation, listing generation) operate on the product photos and copy you upload, not on your account profile.
• We do not share your Google user data with advertisers or for advertising-targeting purposes.
• We do not read your Gmail, Drive, Calendar, Contacts, or any other Google data — we never request those scopes.

Limited Use compliance

SellerCard's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Revoking access

You can revoke SellerCard's access to your Google account at any time from your Google Account permissions page. Revoking does not delete your SellerCard account; for that use Account → Delete account.

Contact

Questions about this disclosure or how we handle your data: support@sellercards.com. Data controller: Creative Service EOOD, Sofia, Bulgaria.

SellerCard browser extension — what data we process

The SellerCard browser extension analyses product cards on Wildberries (wildberries.ru) and Ozon (ozon.ru). When you press the “Analyse card” button on a product page, this is what happens.

What we collect

• Publicly visible card data only: title, description, price, brand, characteristics, photo URLs, rating, review count. We read what your browser already renders — nothing private.
• Up to 5 product photo URLs (passed by reference, not downloaded to our servers) for AI vision analysis.
• A randomly generated install ID (UUID, stored inchrome.storage.local) for free-tier rate-limiting and anonymous usage counting. Not linked to your identity.
• Extension version, the marketplace (wb / ozon), and your ownership choice (“own card” / “competitor”) — to improve analysis quality. Not personal data.

We do not read your WB / Ozon login cookies. We do not access your seller dashboard. We do not store the actual photo files — only URLs that point to the marketplace CDN.

Third parties involved in analysis

• OpenAI (USA) — runs the vision + language model that produces the critique. Card title, description, characteristics, and up to 5 photo URLs are sent to OpenAI for each analysis. Per OpenAI's API terms, API inputs are retained for up to 30 days for abuse monitoring and are not used to train OpenAI models.
• Supabase (EU region) — stores the analysis result for support correlation. Description text is truncated to 500 characters before storage. Photo URLs are not stored alongside the result.

Retention

• Analysis history: 90 days, then automatically deleted.
• Anonymous usage counters (install ID + analysis count): reset every 24 hours.
• Feedback votes (👍 / 👎 on analysis sections): retained indefinitely for prompt improvement. No personal data attached.

Opt-out and deletion

Uninstall the extension to stop all data collection (Chrome Settings → Extensions → Remove). To request deletion of any stored analysis history tied to your install ID, email support@sellercards.com with the request ID shown at the bottom of any analysis (8-character code such as “a1b2c3d4”). We respond within 30 days as required by GDPR and 152-ФЗ.

Legal basis

GDPR: legitimate interest (providing the analysis service you requested by clicking the button). 152-ФЗ: we are not a processor of personal data of Russian citizens — install IDs are anonymous UUIDs, not linkable to individuals. Card content analysed is published by sellers on public marketplace pages and is not personal data.