Privacy Policy
Effective date: March 10, 2026
Sellary ("Company," "we," "us," or "our") operates the Sellary platform, website, and related services (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Service, whether as a seller ("you" or "Seller") or as a buyer interacting with a Seller's checkout experience ("Buyer").
By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Information You Provide
- Account Information: When you register, we collect your name, email address, and password. If you upgrade to a paid plan, we collect billing information through our payment processor, Stripe.
- Workspace and Business Information: Business name, store settings, product listings, and inventory data you enter into the Service.
- Integration Credentials: API keys and OAuth tokens for third-party services (Meta, Stripe, Shippo) that you connect to Sellary. These are encrypted at rest using AES-256-GCM and never stored in plaintext.
- Shipping Information: Sender addresses, package dimensions, and carrier preferences you configure for label creation.
- Communications: Messages you send to us via email or support channels.
1.2 Information Collected from Buyers
When Buyers interact with Seller checkout links generated by Sellary, we collect:
- Contact Information: Name, email address, and phone number (if provided).
- Shipping Address: Street address, city, state, postal code, and country for order fulfillment.
- Payment Information: Payment details are collected and processed directly by Stripe. We do not store full credit card numbers, CVVs, or bank account details on our servers.
1.3 Information Collected Automatically
- Usage Data: Pages visited, features used, actions taken, session duration, and timestamps.
- Device and Browser Data: IP address, browser type and version, operating system, device type, and screen resolution.
- Cookies and Similar Technologies: We use essential cookies for authentication and session management. See Section 7 for details.
1.4 Information from Third Parties
- Social Media Platforms: When you connect Facebook or Instagram, we receive your account ID, page names, profile information, and live video comment data as authorized through the Meta OAuth flow.
- Payment Processor: Stripe provides us with transaction status, payment confirmations, and payout information.
- Shipping Provider: Shippo provides carrier rates, tracking information, and label status updates.
2. How We Use Your Information
We use personal information to:
- Provide, maintain, and improve the Service
- Process claims from live video comments, manage inventory, and generate checkout links
- Process payments through Stripe and create shipping labels through Shippo on your behalf
- Send transactional communications (account verification, password resets, billing receipts, order notifications)
- Provide customer support and respond to your inquiries
- Monitor for abuse, fraud, and violations of our Terms of Service
- Generate aggregated, anonymized analytics to improve the Service (e.g., claim conversion rates, average fulfillment times)
- Comply with legal obligations and enforce our rights
3. How We Share Your Information
We do not sell your personal information. We share information only as follows:
3.1 With Third-Party Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Buyer name, email, payment details |
| Shippo | Shipping label creation and tracking | Buyer name, shipping address, package details |
| Meta (Facebook/Instagram) | Live video comment ingestion | OAuth tokens (encrypted), page/account IDs |
| Redis/Infrastructure | Real-time processing and task queues | Transient operational data only |
3.2 With Sellers (for Buyer Data)
Buyer information (name, email, shipping address, order details) is shared with the Seller whose checkout link the Buyer used. Sellers are responsible for their own compliance with applicable privacy laws regarding Buyer data.
3.3 For Legal Reasons
We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
3.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you before your information becomes subject to a different privacy policy.
4. Data Retention
- Account Data: Retained for as long as your account is active. Upon account deletion, we remove your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes).
- Buyer Data: Retained for as long as the associated Seller account is active, or as required for order fulfillment, dispute resolution, or legal compliance.
- Live Video Comments: Comment data from Facebook and Instagram live streams is retained for the duration of the associated show and for 90 days thereafter for analytics and dispute resolution, then automatically purged.
- Integration Tokens: Encrypted OAuth tokens are deleted immediately when you disconnect an integration.
- Backups: Data may persist in encrypted backups for up to 30 days after deletion from production systems.
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption in transit: All data transmitted to and from the Service uses TLS 1.2 or higher.
- Encryption at rest: Sensitive data, including OAuth tokens and API keys, is encrypted using AES-256-GCM with per-record initialization vectors.
- Password security: Passwords are hashed using bcrypt with a cost factor of 12. We never store passwords in plaintext.
- Access controls: Database access is restricted to authorized services and personnel. API routes are protected by JWT authentication.
- Infrastructure: Our infrastructure is hosted on secure cloud providers with SOC 2 compliance.
While we take reasonable precautions, no method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it to legal@sellary.live.
6. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete data.
- Deletion: Request deletion of your personal information, subject to legal retention requirements.
- Data Portability: Request your data in a structured, machine-readable format.
- Objection: Object to processing of your data for specific purposes.
- Withdrawal of Consent: Where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, contact us at legal@sellary.live. We will respond within 30 days.
6.1 California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To exercise your rights, contact us using the information above.
6.2 European Economic Area Residents (GDPR)
If you are located in the EEA, our legal bases for processing your information include contract performance (providing the Service), legitimate interests (improving the Service and preventing fraud), and consent (where applicable). You have the right to lodge a complaint with your local data protection authority.
7. Cookies and Tracking Technologies
We use the following types of cookies:
- Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
- Functional Cookies: Remember your preferences and settings (e.g., theme, default filters).
We do not use third-party advertising cookies or tracking pixels. We do not participate in cross-site behavioral advertising.
8. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.
9. International Data Transfers
Your information may be processed and stored in the United States or other countries where our service providers operate. By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence. We take appropriate safeguards to ensure your data is protected in accordance with this policy.
10. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice within the Service at least 30 days before the changes take effect. The "Effective date" at the top of this page indicates when the policy was last revised.
11. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: legal@sellary.live
- Or through your account settings within the Service