Privacy Policy

Reseller OS ("we," "us," or "our") operates the reseller-os.com website and the Reseller OS SaaS platform — a profit-intelligence tool for independent resellers and arbitrage merchants. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

If you have questions about this Policy or wish to exercise your privacy rights, contact us at privacy@reseller-os.com.

We collect information in the following categories:

Account & Identity Data: When you register, we collect your name, email address, and any profile information you voluntarily provide. Account authentication is managed by Clerk, Inc. We store a reference to your Clerk user ID but do not store your password.

Usage & Activity Data: When you use the Service, we automatically collect data about your interactions — including search queries you submit, items you save to your watchlist, pages you visit, features you use, and actions you take within the platform.

Device & Technical Data: We collect information about the device and browser you use to access the Service, including IP address, browser type and version, operating system, referring URLs, and session timestamps. This data is collected via server logs and our analytics provider (PostHog).

Payment Data: If you subscribe to a paid plan, your payment is processed by Stripe, Inc. We do not store, process, or have access to your full card number, CVV, or other sensitive financial details. We receive only a tokenised reference, the last four digits of your card, and billing address from Stripe for record-keeping purposes.

Communications: If you contact us by email or through the support channel, we retain a record of that correspondence including your name, email address, and the content of your message.

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data only where we have a valid legal basis to do so:

Contract performance: Processing necessary to provide you with the Service you signed up for — such as authenticating your account, returning search results, and managing your subscription.

Legitimate interests: Processing for purposes such as fraud prevention, security monitoring, product improvement, and aggregate analytics, where those interests are not overridden by your rights and interests.

Consent: Processing for optional analytics cookies and marketing emails, where we have obtained your prior consent. You may withdraw consent at any time.

Legal obligation: Processing required to comply with applicable laws, such as retaining financial records for tax purposes.

We use the information we collect to:

(a) Provide, operate, and maintain the Service, including processing your search queries and returning marketplace data;

(b) Create and manage your account, and authenticate your identity on sign-in;

(c) Process subscription payments and manage billing through Stripe;

(d) Send transactional emails, including account confirmations, password resets, subscription receipts, and important Service notifications;

(e) Send product update emails and feature announcements, where you have opted in to receive them;

(f) Monitor and analyse usage patterns to improve Service performance, reliability, and features;

(g) Detect, investigate, and prevent fraudulent transactions, abuse, or other harmful activity;

(h) Comply with applicable legal obligations, including responding to lawful requests from public authorities.

We do not use your personal data for automated decision-making that produces legal or similarly significant effects.

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. We share your data only in the following circumstances:

Service providers (sub-processors): We share data with third-party companies that perform services on our behalf. Each sub-processor is contractually bound to protect your data and may only use it for the specific purposes we authorise:

• Clerk, Inc. — authentication and identity management (clerk.com)

• Stripe, Inc. — payment processing and subscription billing (stripe.com)

• Supabase, Inc. — cloud database hosting and infrastructure (supabase.com)

• PostHog, Inc. — product analytics and usage insights (posthog.com)

Legal requirements: We may disclose your data where required by law, court order, or government regulation, or where we believe in good faith that disclosure is necessary to protect the rights, property, or safety of Reseller OS, our users, or the public.

Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you via email and/or a prominent in-app notice at least 30 days before any such transfer and before your data becomes subject to a different Privacy Policy.

We use the following types of cookies and similar technologies:

Strictly necessary cookies: Required for core functions of the Service, including session authentication and security. These cannot be disabled without affecting Service functionality.

Analytics cookies: Set by PostHog to help us understand how users interact with the Service — including which features are used, where users drop off, and overall session behaviour. These are optional. You may opt out by (a) using a browser extension that blocks PostHog, (b) enabling "Do Not Track" in your browser settings, or (c) contacting us at privacy@reseller-os.com.

We do not use advertising cookies, behavioural retargeting cookies, or third-party tracking pixels for advertising purposes.

Most browsers allow you to control cookies through their settings. Disabling strictly necessary cookies will impair the Service's authentication functionality.

We retain your personal data for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Account data (name, email, authentication records): Retained for the life of your account and deleted within 30 days of account deletion, except where retention is required by law.

Search history and watchlist data: Retained for 12 months on a rolling basis. You may delete individual entries or your full search history at any time from Settings → Export & Delete.

Payment and billing records: Retained for 7 years in accordance with applicable financial and tax regulations, even after account deletion.

Support correspondence: Retained for 2 years from the date of the last communication.

Anonymised, aggregated usage analytics may be retained indefinitely as they cannot be used to identify you.

We implement and maintain appropriate technical and organisational security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:

• TLS/HTTPS encryption for all data in transit between your browser and our servers;

• Encryption at rest for sensitive data stored in our Supabase database;

• Role-based access controls limiting employee access to production data on a strict need-to-know basis;

• Regular security reviews of our infrastructure and dependencies.

Despite these measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security. If you become aware of any security incident or vulnerability, please contact us immediately at support@reseller-os.com.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify affected users and, where applicable, the relevant supervisory authority within the timeframes required by applicable law.

Depending on your location, you may have the following rights with respect to your personal data:

All users: (a) Access — you may request a copy of the personal data we hold about you; (b) Correction — you may request that we correct inaccurate or incomplete data; (c) Deletion — you may request deletion of your personal data, subject to legal retention obligations; (d) Portability — you may request your data in a structured, machine-readable format; (e) Objection — you may object to processing based on our legitimate interests.

EEA & UK users (GDPR/UK GDPR): In addition to the rights above, you have the right to restrict processing and to lodge a complaint with your local data protection authority. If you are in the EEA, your lead supervisory authority is in the EU member state of your habitual residence or place of work.

California residents (CCPA/CPRA): You have the right to know what personal information we collect and how it is used, the right to delete your personal information, the right to opt out of the sale or sharing of personal information (we do not sell or share your data), and the right not to be discriminated against for exercising these rights.

To exercise any of these rights, contact us at privacy@reseller-os.com or use the data controls available in Settings → Export & Delete. We will respond to verified requests within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

The Service is not directed to, and we do not knowingly collect personal data from, children under the age of 13 (or under the age of 16 where applicable under GDPR).

If you believe that a child under the applicable minimum age has provided us with personal information, please contact us at privacy@reseller-os.com and we will promptly investigate and, where confirmed, delete such data.

Reseller OS is operated from the United States. Your personal data may be transferred to and processed in the United States and other countries where our sub-processors operate, including countries outside the EEA or UK that may not provide the same level of data protection as your home country.

Where we transfer personal data from the EEA or UK to countries not deemed adequate by the European Commission or UK ICO, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms under applicable law, to ensure that your data remains protected to the standards required by GDPR and UK GDPR.

The Service may contain links to third-party websites, including marketplace listings on eBay, Walmart, and Amazon. These third-party sites are governed by their own privacy policies, and we are not responsible for their content, practices, or handling of your personal data. We encourage you to review the privacy policy of any third-party site you visit.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will notify you by email and/or by posting a prominent notice within the Service at least 14 days before the changes take effect.

The "Last updated" date at the top of this page will always reflect the most recent revision. We encourage you to review this Policy periodically. Your continued use of the Service after the effective date of a revised Policy constitutes your acceptance of the changes.