1. Who We Are
SellerCard (“we”, “us”, “our”) operates the website sellercards.com and provides an AI-powered SaaS platform for generating e-commerce product listings.
We act as the data controller for your personal data.
Company Information
CREATIVESERVICE EOOD
UIC (EIK): BG207177756
Registered Address: Harmony Suites 4, ap.207, Sunny Beach, Bulgaria 8240
For privacy-related inquiries, contact: privacy@sellercards.com
2. Data We Collect
Account Data
- Email address
- Hashed password (never stored in plain text)
Usage Data
- Product inputs (e.g. product names, categories, keywords)
- Generated content
- Usage metrics (e.g. number of listings generated)
Technical Data
- IP address
- Browser type and version
- Device information
- Authentication/session cookies
Payment Data
Payments are processed by third-party providers. We do not store full credit card details.
3. How We Use Your Data
| Purpose | Legal Basis (GDPR) |
|---|---|
| Providing the Service | Contract (Art. 6(1)(b)) |
| Payment processing | Contract (Art. 6(1)(b)) |
| AI content generation | Legitimate interest (Art. 6(1)(f)) |
| Security, fraud prevention | Legitimate interest (Art. 6(1)(f)) |
| Legal compliance | Legal obligation (Art. 6(1)(c)) |
| Marketing (if opted-in) | Consent (Art. 6(1)(a)) |
4. AI Processing Disclosure
When you use the Service, the product-related content you input may be transmitted to third-party AI providers (such as OpenAI) for processing.
We do not intentionally send personal account data (such as your email address) to these providers.
Processing is performed solely for the purpose of generating content requested by you.
5. Third-Party Processors
We use the following processors under Data Processing Agreements (DPA):
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database & authentication | US (AWS) |
| OpenAI | AI processing | US |
| Resend | Transactional email delivery | US |
| Revolut | Payments | EEA/UK |
| Vercel | Hosting | Global |
| Google LLC | AI image processing (Gemini API). Product photos may be transmitted for editing and generation. | US |
| PostHog Inc | Product analytics. Collects anonymized usage data (page views, feature usage). No personal data is shared. | US |
6. International Data Transfers
Your data may be transferred outside the European Economic Area (EEA), including to the United States.
We rely on:
- Standard Contractual Clauses (SCCs)
- Other lawful safeguards where applicable
7. Data Retention
- Account data: retained while active, deleted within 30 days after account deletion
- Usage data: deleted with account
- Payment records: retained for up to 7 years (legal requirement)
8. Your Rights
Under GDPR, you have the right to:
- Access your data
- Correct inaccurate data
- Request deletion
- Restrict processing
- Object to processing
- Data portability
- Withdraw consent
Requests can be submitted via: privacy@sellercards.com
We respond within 30 days.
9. Cookies
We use strictly necessary cookies for:
- Authentication
- Session management
These cookies are essential for the operation of the Service. We do not use tracking or marketing cookies.
10. Email Communications
We send transactional emails (account confirmation, password reset) and may send product-related emails (tips, updates) if you have opted in during registration.
Every non-transactional email includes an unsubscribe link. You can opt out at any time by clicking “unsubscribe” or contacting privacy@sellercards.com.
11. Data Security
We implement appropriate security measures, including:
- Encryption in transit (HTTPS/TLS)
- Secure password hashing
- Access controls
- Infrastructure-level protections
However, no system is completely secure.
12. Children's Privacy
The Service is not intended for individuals under 16. We do not knowingly collect data from children.
13. Changes to This Policy
We may update this Privacy Policy. Material changes will be communicated in advance.
14. Contact
For all privacy-related inquiries: privacy@sellercards.com
15. Supervisory Authority
If you are located in the EU, you have the right to lodge a complaint with your local data protection authority.