SellerWolf
← Back to home

Privacy Policy

Last updated: 25 May 2026

1. Who we are

Seller Wolf (the "Service") is operated from Bengaluru, India. If you have any questions about this policy, email us at hello@sellerwolf.com.

2. What we collect on this landing page

When you join the waitlist, we collect:

  • Your email address (the only field we ask for)
  • Metadata: timestamp, hashed IP address, user agent, referrer URL, UTM parameters
  • A confirmation token (used to validate you actually own the email)

We do not use advertising cookies, third-party analytics that profile you, or any tracking pixel on this landing page beyond first-party privacy-respecting analytics (if enabled).

3. Why we collect it

Only to notify you when Seller Wolf opens for public signup and to send one welcome onboarding email. That's it.

4. Your rights (DPDP Act 2023)

  • Access: Ask us for a copy of everything we have on you.
  • Correction: Tell us to fix any incorrect detail.
  • Erasure: Tell us to delete your data. We'll do it within 7 days and confirm.
  • Withdraw consent: Every email we send has a one-click unsubscribe. Hitting it removes you from everything.

To exercise any right, email hello@sellerwolf.com.

5. Where your data lives

Inside an encrypted PostgreSQL database we operate on infrastructure hosted in India. It is not shared with any third-party marketing service until you explicitly opt in to product updates after launch.

When you become a Seller Wolf customer — Amazon Seller Central data

The remaining sections describe what Seller Wolf reads from your Amazon Seller Central account via the official Amazon Selling Partner API (SP-API), how it is stored and protected, and your rights at every step. By connecting your Amazon account during onboarding, you explicitly authorise the data practices below. This addendum complies with the Amazon SP-API Data Protection Policy (DPP) and Acceptable Use Policy (AUP).

6. What we read from your Amazon account

Seller Wolf only requests non-restricted SP-API roles — the data types Amazon classifies as not containing personally identifiable information (PII):

  • Inventory and Order Tracking — order line items: SKU, ASIN, quantity, price, fulfilment status. No buyer name or address.
  • Finance and Accounting — financial events: fees, refunds, reimbursements, settlements, payouts.
  • Amazon Fulfillment — FBA inventory levels, storage fees, reimbursement reports.
  • Product Listing & Pricing — your catalogue, listing health, Buy Box status.
  • Buyer Solicitation — tokenised access to the Request-a-Review button. No buyer identity is exposed.
  • Brand Analytics (only if you are Brand-Registered) — search query performance and Top Search Terms reports.

We may also read your Amazon Advertising data via the separate Amazon Ads API (PPC spend, campaign performance, keyword metrics). This is on the same read-only, per-seller basis.

7. What we do NOT read

Seller Wolf does not request any restricted SP-API role. We therefore never receive:

  • Buyer names, email addresses, or shipping addresses
  • Buyer phone numbers or contact details
  • Customer messages or order-conversation contents
  • Restricted Order Reports containing PII
  • Tax invoice PII (buyer GSTIN, registered names)
  • Direct-to-Consumer shipping label data

Our SP-API developer registration is for the non-restricted roles listed in Section 6 only. If a future feature ever requires restricted data, we will ask for fresh, explicit consent before requesting access — and you can decline without losing access to the rest of the product.

8. Where your data lives and how it is protected

  • Storage: encrypted PostgreSQL database operated on cloud infrastructure hosted in India (ap-south-1).
  • Encryption at rest: AES-256 for storage volumes; SP-API and Ads refresh tokens are additionally encrypted per-record using Fernet (AES-128-CBC + HMAC-SHA256), with a master key managed through a documented rotation runbook.
  • Encryption in transit:TLS 1.2+ (HTTPS) for every external connection; SP-API calls go directly to Amazon's endpoints over their own TLS.
  • Tenant isolation: every database table containing seller data is governed by PostgreSQL Row-Level Security with FORCE ROW LEVEL SECURITY — one seller's data is invisible to any other seller's queries by database policy, not just by application logic.
  • Access controls: a non-superuser application role (profitly_app) is used by the live service; nobody on the Seller Wolf team can query a specific seller's data without an audit-logged escalation.
  • Token security: SP-API refresh tokens are never logged in plain text. Token plaintext columns are transitional and scheduled for removal once all sellers have re-encrypted.

9. How long we keep it (retention)

  • Active sellers: we retain the rolling history of orders and financial events needed to compute multi-month profit, GST, and ITR-reclaim reports. SP-API data is kept for as long as your account is active, capped at the Amazon DPP maximum of 540 days of rolling history.
  • Cancelled sellers: a 180-day grace period during which you can reactivate without re-onboarding. SP-API syncs stop immediately on cancellation; only retention of the data already collected continues.
  • Deletion on request: within 7 days of you requesting deletion (via the Settings page or by email), all SP-API-derived data linked to your account is hard-deleted from primary storage. Encrypted off-site backups age out within an additional 30 days.
  • Audit log: per the November 2025 DPP update, we keep a 12-month centralised audit trail of every SP-API fetch and every internal read of seller data, with seller-level pruning beyond that window.

10. Sharing & cross-seller aggregation

We never sell your data. We never share an individual seller's data with another seller. Two specific, narrow exceptions follow Amazon DPP rules and industry standards used by Helium 10, Jungle Scout, and Sellerise:

A) SP-API Brand Analytics & Search Query aggregation (opt-in default-on). If you are Brand-Registered, your SP-API Search Query Performance data may contribute to a cross-seller aggregate pool that powers the Hunter and Re-Ranker keyword research tools for all users. Strict k-anonymity is enforced at the database level: an aggregate row is only created when at least 5 contributing sellers share the same keyword–marketplace–period combination. Per-seller raw rows always remain isolated under the RLS policies in Section 8.

B) Amazon Brand Analytics (ABA) Top Search Terms aggregation (opt-in default-on). ABA Search Frequency Rank is a single global Amazon value identical for every brand-registered seller. Aggregate rows for ABA include the global rank and Top-3 Clicked ASINs only; per-seller private signals are never exposed.

Both opt-ins default to ON to match what every major Amazon analytics SaaS does — this is what makes their keyword research tools work for new sellers from day one. To opt out, request account deletion via Section 11; we do not provide a granular toggle because doing so creates an inconsistent experience between cohorts.

Per-ASIN per-keyword sales attribution stays per-seller, always. The "Avg Daily Sales by Keyword" column in Re-Ranker is only ever shown to a user who owns or has Brand Registry access to the ASIN in question — never aggregated across sellers.

11. Your rights as a customer

  • Access: request a copy of everything we hold about your account. Delivered within 30 days as a JSON bundle.
  • Export: your full per-order profit history is exportable as CSV at any time from the dashboard — no request needed.
  • Correction: tell us if any derived field looks wrong (e.g. COGS, GST rate) and we will correct it. The SP-API source data is your authoritative copy in Seller Central.
  • Cancellation: cancel from Settings → Account at any time. SP-API syncs stop within minutes; billing stops on your next renewal date.
  • Deletion: request deletion of your data from Settings → Account → Delete my data, or by emailing hello@sellerwolf.com. We confirm within 7 days; backups age out within 30 days.
  • Revoke Amazon authorisation: at any time from Amazon Seller Central → Manage Your Apps. Revocation is honoured immediately; we cannot read further data once you revoke.
  • DPDP Act 2023 (India): the rights in Section 4 (access, correction, erasure, withdraw consent) apply to all of the above on top of any contract-specific terms.

12. Audit log & breach response

Every SP-API fetch on your behalf, and every authenticated read of your data by a Seller Wolf team member, is logged with a timestamp, event type, marketplace, and (where applicable) record identifier. The log is retained for 12 months per Amazon DPP requirements.

If we detect or are notified of a security incident that affects your data, we will inform affected sellers within 72 hours of confirmation, in compliance with the DPDP Act 2023 and Amazon's DPP. The notice will cover what happened, what data was involved, what we are doing, and what steps you should take.

13. Consent — how you grant and revoke it

  • Grant:by completing the "Connect Amazon" OAuth flow during onboarding. Amazon will show you the exact roles being granted before you confirm.
  • Revoke (Amazon side): Seller Central → Apps and Services → Manage Your Apps → revoke Seller Wolf. Effect is immediate.
  • Revoke (Seller Wolf side): Settings → Account → Cancel + Delete My Data. Triggers Section 11 deletion within 7 days.
  • Contact for any data question: hello@sellerwolf.com — a founder reads every email.

14. Changes to this policy

We may update this policy as the Service evolves. Material changes (anything that expands what we collect, how we use it, or who we share it with) get an email notification at least 14 days before they take effect.