Kaizen Seller Logo

Privacy Policy

Effective date: May 2, 2026

Kaizen Seller is a product of Chase Surplus Inc. ("we", "us", "our"). This Privacy Policy explains what information we collect, how we use it, and the choices you have. This policy applies to our websites and services at kaizenseller.com and any connected applications (together, the "Service").

Information we collect

Account information

When you create an account we collect your name, email address, company name, and authentication identifiers (including Firebase UID and, if you sign in with Google, your Google OAuth identifier). You may also upload a company logo.

Marketplace credentials

When you connect a marketplace such as eBay, we receive OAuth tokens and seller identifiers through that platform's authorization flow. These tokens are stored server‑side, encrypted at rest, and used only to perform actions you request (e.g., listing management, order sync, inventory and pricing updates). We request only the scopes necessary to operate the features you enable.

Product and catalog data

You may provide or import product information including SKU, title, brand, MPN, condition, description, pricing, inventory quantities, images, and marketplace‑specific fields (eBay categories, item specifics, etc.). We also store AI‑generated content such as optimized titles, descriptions, SEO metadata, and pricing suggestions created by the Service on your behalf.

Order and sales data

When you use order management features, we sync and store order details from connected marketplaces, including order numbers, dates, statuses, buyer usernames, line items, shipping addresses, carrier and tracking numbers, payment amounts, refund status, and estimated marketplace fees.

Project and consignment data

If you use the Projects feature for consignment or revenue‑sharing arrangements, we store project names, split percentages, payout records, and associated sales data.

Contact and affiliate submissions

Our contact form collects your name, email, subject, and message. If you apply for our affiliate program, we collect your business name, website, audience details, and related information.

Usage and diagnostic data

We automatically collect information about how you interact with the Service, including pages visited, features used, API call logs, error logs, and device/browser metadata. This data helps us improve reliability, diagnose issues, and enhance the product.

Cookies and session data

We use essential cookies to manage your authenticated session. Our session cookie is HttpOnly, Secure, and SameSite‑strict with a 14‑day expiration. We do not use third‑party advertising or tracking cookies.

How we use information

  • Provide the Service: Create, manage, and optimize product listings; synchronize orders and inventory across marketplaces; generate AI‑powered titles, descriptions, pricing, and category suggestions; manage consignment projects and payouts.
  • AI content generation: Product data and images you submit may be sent to our AI provider (OpenAI) to generate titles, descriptions, pricing recommendations, and other content. This data is transmitted securely, used only for your request, and is not used by OpenAI to train their models under our data‑processing agreement.
  • Security and integrity: Authenticate users, prevent abuse and unauthorized access, and troubleshoot technical issues.
  • Communications: Send transactional emails (e.g., scheduled reports, automation summaries), respond to support requests, and notify you of important Service updates.
  • Improvement: Analyze usage patterns and diagnostics to improve features, performance, and reliability.
  • Legal compliance: Meet legal obligations, enforce our Terms of Service, and comply with marketplace requirements.

Third‑party services

We rely on the following categories of service providers to operate the Service. Each receives only the data necessary for its function and is subject to appropriate confidentiality and security commitments:

  • Cloud infrastructure (Google Cloud / Firebase): Authentication, database, file storage, and hosting. Your data is stored in Google‑managed data centers.
  • AI provider (OpenAI): Product data and images are sent to OpenAI to generate content. Data is processed under our agreement and is not used for model training.
  • Marketplace platforms (eBay and others): When you connect a marketplace, we exchange listing, order, and inventory data with that platform to perform the actions you authorize.
  • Email delivery (SMTP / Gmail): Transactional emails such as scheduled reports and automation summaries are sent through our email provider.

We do not sell your personal information to any third party.

Data retention

  • Account and profile data: Retained for the lifetime of your account. Deleted upon account deletion request.
  • Product and catalog data: Retained while your account is active. Removed when you delete individual products or your entire account.
  • Order and sales data: Retained while your account is active and for any additional period required for legal, tax, or dispute‑resolution purposes.
  • Marketplace tokens: Retained while the marketplace connection is active. Revoked and deleted when you disconnect the marketplace or delete your account.
  • Diagnostic and log data: Retained for up to 90 days for troubleshooting, then automatically purged.

You may request deletion of your account and all associated data at any time by contacting support.

Security

We implement industry‑standard safeguards to protect your information, including:

  • Encryption of marketplace tokens and credentials at rest.
  • HTTPS/TLS encryption for all data in transit.
  • HttpOnly, Secure, SameSite session cookies to protect authentication.
  • Firestore security rules that restrict data access to authenticated, authorized users.
  • Least‑privilege access controls and regular monitoring.

No method of electronic transmission or storage is 100% secure. We maintain and continually improve our security controls to mitigate risk.

Your rights and choices

  • Access and correction: View and update your account information and product data at any time from within the app.
  • Data export: Export your catalog and product data via CSV from the catalog page.
  • Marketplace disconnection: Revoke marketplace access at any time through Settings. We will delete the associated tokens.
  • Account deletion: Request complete deletion of your account and data by contacting support@kaizenseller.com. We will process deletion requests within 30 days.
  • eBay account deletion: In compliance with eBay Marketplace Account Deletion requirements, we maintain a dedicated endpoint to receive and process account‑deletion notifications from eBay.

Depending on your jurisdiction, you may have additional rights under applicable data protection laws (such as the CCPA or GDPR), including the right to request access to, correction of, or deletion of your personal data, the right to object to or restrict processing, and the right to data portability. To exercise any of these rights, contact us at the address below.

Amazon Selling Partner API & Personally Identifiable Information

When you connect an Amazon Seller Central account to Kaizen Seller, we access the Amazon Selling Partner API (SP-API) on your behalf to manage your catalog, inventory, orders, and fulfillment. This section describes how Amazon Information — including buyer Personally Identifiable Information (PII) — is handled in accordance with the Amazon Acceptable Use Policy and Data Protection Policy.

What Amazon Information we receive

  • Order data (non-PII): Amazon Order ID, ASIN, SKU, item quantity, item price, marketplace ID, order status, and ship-by date.
  • Restricted PII (Direct-to-Consumer fulfillment only): Buyer name, shipping address, buyer email (when applicable for fulfillment), and contact phone number. This data is received only when necessary to ship orders directly to consumers.
  • Catalog & inventory data: Product titles, descriptions, images, item specifics, FBA inventory levels, and settlement reports.

How we use Amazon PII

Amazon buyer PII is used solelyfor the purpose of fulfilling the buyer's Amazon order via Direct-to-Consumer shipping. Specifically: generating shipping labels through ShipStation (USPS, UPS, FedEx), validating delivery addresses, and uploading tracking back to Amazon. Amazon PII is never used for marketing, analytics, profile building, model training, or any purpose other than order fulfillment, and is never sold to any third party.

How we protect Amazon PII

  • Encryption at rest: All buyer PII fields (name, address, email, phone) are encrypted with AES-256-GCM using a dedicated PII encryption module before being written to Firestore. Encryption keys are managed in Google Cloud Secret Manager with IAM-restricted access. Google Cloud additionally provides AES-256 encryption at the storage layer.
  • Encryption in transit: All Amazon SP-API calls and internal service-to-service traffic use TLS 1.2 or higher.
  • Access controls: Access to Amazon Information is restricted to authenticated, authorized users via Google Workspace SSO with mandatory Multi-Factor Authentication. Firestore Security Rules enforce per-user data isolation at the document level.
  • No PII in logs: Application logs, analytics, and error reports do not contain Amazon PII. Logging middleware redacts all known PII fields prior to any log write.
  • No PII in test environments: Production Amazon data is never copied to development or staging environments. All test fixtures use synthetic data.

Sharing of Amazon Information

The only third party that receives buyer PII derived from Amazon orders is ShipStation, which generates shipping labels and submits shipments to the carrier (USPS, UPS, FedEx). The carrier subsequently receives the shipping label data needed to deliver the order. We do not share Amazon Information with any other third party, and we do not retrieve Amazon Information from any non-Amazon source.

Retention & deletion of Amazon PII

Amazon buyer PII is retained for no longer than 30 days after order shipment, after which it is permanently deleted from active storage. Encrypted backups follow the same retention schedule. Aggregated, de-identified order metadata (order ID, totals, ship date) may be retained longer for tax, accounting, and dispute-resolution purposes, but contains no PII.

Audit logging

All access events involving Amazon Information are written to a dedicated audit log capturing user ID, timestamp, source IP address, event type, and resource accessed. Audit logs contain no PII, are retained for a minimum of 12 months, and are reviewed at least biweekly for suspicious activity.

Security incident notification

In the event of a Security Incident involving Amazon Information, Kaizen Seller will notify Amazon at security@amazon.com within 24 hours of detection, in accordance with the Amazon Data Protection Policy. Affected sellers and any impacted individuals will be notified per applicable regulatory timelines. Our Incident Response Plan is reviewed every 6 months.

Amazon disconnect & data deletion

You may disconnect your Amazon Seller Central account at any time from Settings. Upon disconnection, OAuth tokens are revoked immediately, and associated Amazon Information — including any retained buyer PII — is purged from active storage within 30 days. Account-level deletion requests are honored within 30 days of receipt at support@kaizenseller.com.

International data transfers

Your information may be stored and processed in the United States or other countries where our service providers maintain facilities. By using the Service, you acknowledge that your data may be transferred to and processed in jurisdictions that may have different data protection laws than your own.

Children's privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 13, we will delete it promptly.

Changes to this policy

We may update this policy from time to time. We will post the revised policy on this page and update the effective date above. Material changes may also be communicated via email or in‑app notice. Your continued use of the Service after changes become effective constitutes acceptance of the updated policy.

Contact

Questions, concerns, or data requests? Email support@kaizenseller.com.

Chase Surplus Inc.

This page is provided for informational purposes and does not constitute legal advice.