Pricelyzerv0 · 2026
Sign up
Legal
LEGAL

Privacy Policy

Last updated: May 18, 2026

1. Who we are

Pricelyzer, Inc. ("Pricelyzer," "we," "us," "our") operates the Pricelyzer cockpit — a sourcing-intelligence platform for Amazon resellers — at pricelyzer.app and app.pricelyzer.app, including the Pricelyzer Browser Extension and Deal Delivery newsletter. This Privacy Policy explains what data we collect, why we collect it, how we protect it, and what rights you have over it.

Questions or requests: privacy@pricelyzer.app

2. Data we collect and why

We collect the following categories of data when you use Pricelyzer:

  • Account data. Email address, password (hashed and salted by our authentication provider — Supabase Auth — using industry-standard algorithms; Pricelyzer never sees your plaintext password), display name, subscription tier, and — if you subscribe to a paid plan — your Stripe customer ID. Used to authenticate your session, deliver the service, and process payments. Legal basis: contract performance.
  • Amazon SP-API data. Read-only data accessed on your behalf via the Amazon Selling Partner API after you grant OAuth authorization. Scope is limited to: inventory, fee estimates, Buy Shipping rates, listing-restrictions checks, and catalog data required to compute sourcing economics. We do not request order history, customer PII, or financial statements beyond what is needed to operate the tools you use. Legal basis: contract performance.
  • Third-party product data. Price and availability data fetched from Keepa GmbH (historical Amazon pricing) and retailer catalog feeds. This data belongs to the respective sources and is used solely to power Pricelyzer features. Legal basis: legitimate interest.
  • Usage and telemetry data. Pages viewed, tools run, query counts, latency measurements, error traces, and session timestamps. Used for service reliability, feature development, and abuse detection. Aggregate only; not sold. Legal basis: legitimate interest.
  • Affiliate click data. If you click a sponsored retailer link in Pricelyzer, the click is handled by an internal server-side redirect that records the Placement ID (PID), opaque deal handle, click timestamp, and referring domain for commission reconciliation. Your name, email, and Amazon account details are never included. We do not currently share affiliate click data with any third-party affiliate network; if that changes, we will update this policy and the Sub-processors page at least 14 days in advance. Legal basis: legitimate interest.
  • Extension page-read data. The Pricelyzer Browser Extension reads the URL and visible page content (product title, price, ASIN if present in the page) of supported retailer domains only when you activate it on that page. This data is transmitted to Pricelyzer servers to perform an Amazon catalog lookup and is not retained beyond the duration of the lookup. The extension does not read pages outside supported retailer domains and does not track general browsing history. Legal basis: contract performance.
  • Deal Delivery subscriber data. If you subscribe to the Deal Delivery newsletter, we store your email address and subscription preferences. Legal basis: consent.

3. Amazon SP-API — dedicated disclosure

Pricelyzer accesses your Amazon Seller Central account via the Amazon Selling Partner API (SP-API) solely to provide the features you authorize. Pricelyzer is a registered Amazon Solution Provider. Pricelyzer is not affiliated with, endorsed by, or sponsored by Amazon.com, Inc.

  • Authorization. You grant Pricelyzer read-only OAuth access to the SP-API scopes required by the tools you enable. Pricelyzer will not expand scopes or write to your listings, inventory, or orders without your explicit in-session action.
  • Data use restriction. SP-API data is used exclusively to provide the Pricelyzer service to your account. It is not aggregated across accounts, sold, transferred to third parties, or used for advertising targeting.
  • Storage and encryption. SP-API access tokens are stored in our managed Postgres database (Supabase), which encrypts data at rest using AES-256. All transmission to and from SP-API is encrypted with TLS 1.2 or higher. Tokens are never written to application logs.
  • Revoking access.You can revoke Pricelyzer's SP-API access at any time from Seller Central → Apps & Services → Manage Your Apps → Pricelyzer → Disconnect. Revocation takes effect within 24 hours on Pricelyzer's end.
  • Deletion on cancellation. Upon account cancellation, SP-API tokens are invalidated immediately. Cached SP-API data derived from your account is deleted within 30 days following the end of your grace period.
  • Sub-processor restriction. We do not transfer SP-API data to any third party other than the infrastructure sub-processors that operate the service (currently Hetzner Cloud and Supabase), each bound by data-processing terms. See Sub-processors for the current list.

4. Browser extension — dedicated disclosure

The Pricelyzer Browser Extension is published on the Chrome Web Store and complies with Google's Limited Use Policy and User Data Policy.

  • What it reads. Only when you activate the extension on a supported retailer page does it read the current page URL, product title, price, and ASIN (if parseable from the page). It does not read page content on any other domain type.
  • What it sends. The extracted identifiers (ASIN or product title plus price) are sent to Pricelyzer API servers over TLS to perform a catalog lookup. No raw page HTML is transmitted.
  • Retention. Lookup data is not persisted server-side beyond the single API response. Results are displayed in the extension popup and discarded.
  • No general browsing collection. The extension does not collect, store, or transmit URLs or content from non-retailer domains. It does not record browsing history.
  • No third-party sharing. Extension-derived browsing data is never sold, transferred to ad networks, or used for behavioral advertising.

5. Cookies

We use cookies for authentication and small UI preferences. We do not load third-party client-side analytics scripts on Pricelyzer pages, and we do not currently set any affiliate-attribution cookies. See our Cookie Policy for the full list.

6. Sub-processors

We engage the following categories of sub-processors to operate our service: application compute (Hetzner Cloud, USA), managed database (Supabase, Canada), edge / DNS / WAF (Cloudflare), payments (Stripe), transactional email (Postmark), error monitoring (Sentry), secrets management (Doppler), pack-size verification (Google Gemini), and historical product data (Keepa GmbH, Germany). See the full list, regions, and data-processing details on our Sub-processors page.

We enter into data-processing agreements (or equivalent contractual terms) with all sub-processors that handle personal data. We will notify you of new sub-processors at least 14 days before they begin processing your data.

7. Lawful bases for processing (GDPR)

  • Contract performance (Art. 6(1)(b)). Account data, SP-API data, and extension page-read data are processed to deliver the service you signed up for.
  • Legitimate interest (Art. 6(1)(f)). Usage telemetry, affiliate click reconciliation, and Keepa data are processed under our legitimate interest in improving the service and sustaining the business. We have conducted balancing tests confirming these interests do not override user rights given the data minimisation applied.
  • Legal obligation (Art. 6(1)(c)). Billing records are retained for 7 years as required by applicable accounting and tax law.
  • Consent (Art. 6(1)(a)). Deal Delivery newsletter subscription is based on your explicit opt-in. You may withdraw consent at any time by unsubscribing.

8. International data transfers

Pricelyzer is based in the United States. Application compute runs on Hetzner Cloud (Ashburn, Virginia, USA); the managed database is hosted by Supabase (Canada Central). If you are located in the European Economic Area, United Kingdom, or Switzerland, your personal data is transferred to the United States and/or Canada for processing by Pricelyzer and our sub-processors. These transfers are governed by the EU Standard Contractual Clauses (Commission Decision 2021/914) executed with each relevant sub-processor, together with adequacy decisions where available (the European Commission has issued an adequacy decision for Canada's commercial sector under PIPEDA). A copy of applicable SCCs is available on request at privacy@pricelyzer.app.

Keepa GmbH is based in Germany (EU) and processes data within the EEA; no additional transfer mechanism is required for data sent to Keepa.

9. Data retention

  • Active account data. Retained for the life of your account.
  • SP-API tokens and cached SP-API data. Invalidated/deleted within 30 days of account cancellation.
  • Usage telemetry. Aggregated after 90 days; raw event logs deleted after 180 days.
  • Billing records. Retained for 7 years to comply with tax and accounting law.
  • Extension lookup data. Not retained beyond the API response cycle (seconds).
  • Deal Delivery subscriber data. Retained until you unsubscribe. Proof of consent (timestamp, source IP hash) retained for 3 years to demonstrate compliance.
  • Affiliate click logs. Retained for 90 days for commission reconciliation, then aggregated.

10. Your rights — CCPA / CPRA (California)

California residents have the following rights under the California Consumer Privacy Act (as amended by the CPRA):

  • Right to know. Request disclosure of categories and specific pieces of personal data we have collected about you.
  • Right to delete. Request deletion of your personal data, subject to legal retention requirements.
  • Right to correct. Request correction of inaccurate personal data.
  • Right to opt out of sale or sharing. Pricelyzer does not sell personal data and does not currently share personal data with third-party affiliate networks. If you wish to be excluded from any future affiliate-network sharing, email privacy@pricelyzer.app with subject line "Do Not Sell or Share." We will process your request within 15 business days.
  • Right to limit use of sensitive personal data. We do not use sensitive personal data (as defined by CPRA) for purposes beyond operating the service.
  • Non-discrimination. We will not deny service, charge different prices, or provide a lower quality of service because you exercised a CCPA/CPRA right.

To exercise any of these rights, email privacy@pricelyzer.app from the address associated with your account. We will verify your identity before processing requests. You may designate an authorized agent by providing written authorization.

11. Your rights — GDPR / UK GDPR

If you are located in the EEA or UK, you have the following rights under GDPR or UK GDPR:

  • Access (Art. 15). Request a copy of the personal data we hold about you.
  • Erasure (Art. 17). Request deletion of your personal data where no legal basis for retention exists.
  • Rectification (Art. 16). Request correction of inaccurate or incomplete personal data.
  • Portability (Art. 20). Receive your personal data in a structured, machine-readable format and transfer it to another controller.
  • Restriction (Art. 18). Request that processing of your personal data be restricted while a dispute is resolved.
  • Objection (Art. 21). Object to processing based on legitimate interest, including profiling.
  • Withdrawal of consent (Art. 7(3)). Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
  • Supervisory authority complaint. Lodge a complaint with your local data protection authority (e.g., your EU Member State DPA, or the UK ICO at ico.org.uk).

To exercise these rights, contact privacy@pricelyzer.app. We respond within 30 days. For complex requests, we may extend by a further two months with notice.

12. Children's privacy

Pricelyzer is a business tool intended for Amazon sellers. We do not knowingly collect personal data from individuals under 18. If you believe a minor has provided us data, contact privacy@pricelyzer.app and we will delete it promptly.

13. Security

We implement technical and organisational security measures appropriate to the risk, including TLS in transit, AES-256 encryption at rest via our managed database provider, access-controlled credential storage, rate limiting, and periodic security reviews. See our Security page for details. No transmission over the internet is guaranteed to be 100% secure.

14. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email and/or an in-app banner at least 14 days before taking effect. Continued use after the effective date constitutes acceptance of the updated policy.

15. Contact

Privacy inquiries: privacy@pricelyzer.app
Mailing address: Pricelyzer, Inc., mailing address available on request at the privacy email above.
EU representative: Contact us at the privacy email above; we will designate a formal EU representative upon request from EEA data subjects.

Pricelyzer is not affiliated with, endorsed by, or sponsored by Amazon.com, Inc. Amazon, Amazon Seller Central, Fulfillment by Amazon (FBA), and related marks are trademarks of Amazon.com, Inc. All fee estimates displayed in Pricelyzer are approximations derived from SP-API data and may not reflect current Amazon fee schedules.

legal · pricelyzer.app