1. Home
  2. Privacy Policy

Privacy Policy

Privacy Policy

We are committed to protecting your privacy and handling your personal data responsibly.

SellerLegend Privacy Policy

Last updated: September 2025

SellerLegend Limited ("SellerLegend", "we", "our", "us") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

1. Who We Are

SellerLegend Limited is a UK company (Company No. 10320585), registered at 5 Masters Orchard, Southam, CV47 0JD, United Kingdom.

  • For account and billing data, SellerLegend acts as a Data Controller.
  • For Amazon marketplace data processed through our platform, SellerLegend acts as a Data Processor on behalf of our customers.

You can contact us at support@sellerlegend.com for any privacy-related questions.

2. What Data We Collect

  • Account Data: name, company details, email, billing address, tax identifiers, subscription/payment details.
  • Amazon Data: orders, sales, buyer details, product data imported from your Seller Central account.
  • Support Data: conversations with our helpdesk, support tickets.
  • Technical Data: IP addresses, login events, usage logs, security events.

We do not intentionally collect special category data (e.g., health, religion).

3. How We Use Your Data

We use your data to:

  • Deliver our SaaS services and provide analytics from your Amazon Seller Central account.
  • Manage billing, subscriptions, and customer support.
  • Monitor system performance, detect fraud, and secure our platform.
  • Comply with legal and tax obligations.

4. Legal Bases for Processing

We rely on the following legal bases under GDPR and UK GDPR:

  • Contract performance (to provide the services you subscribed to).
  • Legitimate interests (e.g., payment retries, fraud detection, improving our service).
  • Legal obligations (e.g., tax record retention).

5. Data Retention

  • Active accounts: data retained while your subscription is active.
  • Payment arrears: if your payment fails, we retry over a 6–7 week period. We keep your data for up to 75 days after first failure to allow reactivation and arrears recovery.
  • Closed accounts: Amazon marketplace data is deleted within 30 days of final closure.
  • Billing records: retained for 6 years (legal requirement).
  • Logs: security and access logs retained for up to 3 years for fraud detection and breach investigation.

6. Sharing Your Data (Sub-Processors)

We use trusted third-party providers ("Sub-Processors") to deliver our services (e.g., AWS, Stripe, Intercom).

  • A current, regularly updated list is published here: View Sub-Processors List.
  • Customers will be notified of material changes to this list.

7. International Data Transfers

  • For US providers certified under the EU-US Data Privacy Framework and UK Extension, we rely on those certifications.
  • For other transfers outside the UK/EEA, we use the 2021 Standard Contractual Clauses (SCCs) + UK Addendum.

8. Your Rights

You have rights under GDPR and UK GDPR to:

  • Access your data
  • Rectify inaccuracies
  • Request erasure
  • Restrict processing
  • Data portability
  • Object to processing

Requests can be made at support@sellerlegend.com. We aim to respond within 10 business days.

9. Security Measures

We implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS 1.2+) and at rest (AES-256).
  • Multi-factor authentication and role-based access controls.
  • Hosting on AWS with ISO27001/PCI-DSS certifications.
  • Daily encrypted backups, geo-redundant storage, tested recovery.
  • Continuous logging, monitoring, and vulnerability scanning.
  • Regular staff training on confidentiality and data protection.

In addition, SellerLegend maintains Cyber and Data Liability Insurance with Hiscox, providing coverage for cyber incidents and data protection risks.

10. Data Breaches

In the unlikely event of a personal data breach, we will notify affected customers and regulators (where required) without undue delay, and always within 24 hours of becoming aware.

11. Children

Our services are not directed to children under 16. We do not knowingly collect data relating to children.

12. Complaints

If you believe your data has been mishandled, you may lodge a complaint with the UK Information Commissioner's Office (ICO) or your local supervisory authority.

Contact us:

SellerLegend Limited
support@sellerlegend.com