Skip to main content

Legal

Privacy Policy

Last updated: April 5, 2026

1. Information We Collect

When you use ListerPilot, we collect information you provide directly, including your email address, Etsy shop name, and any listing data you import. We also collect usage data such as pages visited, features used, and timestamps of actions taken within the dashboard.

When you connect your Etsy shop via OAuth, we receive an access token that allows us to read and manage your Etsy listings on your behalf. We do not store your Etsy password.

2. How We Use Your Information

  • To provide, maintain, and improve ListerPilot services
  • To optimize your Etsy listings using AI-powered tools
  • To analyze shop performance and generate analytics
  • To communicate with you about your account and updates
  • To detect and prevent fraud or abuse

3. Data Storage and Security

Your data is stored on secure servers hosted on Railway with workspace-level isolation. Each seller's data, tokens, and shop access are separated from other users.

Etsy OAuth tokens are encrypted at rest using Fernet-based symmetric encryption with PBKDF2-HMAC-SHA256 key derivation. Tokens are decrypted only at the moment they are needed for an Etsy API call. They are never logged in plaintext, never sent to the frontend, and never stored in environment variables.

We use HTTPS for all data transmission. Session cookies are set with HttpOnly, Secure, and SameSite=Strict flags. Sessions have a 7-day absolute expiry and 1-day idle timeout, and are stored server-side in our database, not in browser cookies. Access to production systems is restricted to authorized personnel only.

4. Third-Party Services

We integrate with the following third-party services:

  • Etsy API (v3) - to read your listings, listing images, shop sections, shipping profiles, taxonomy properties, inventory context, and sales receipts for your connected shop. When you approve changes, we write updated listing fields such as titles, tags, descriptions, materials, attributes, product dimensions, images, and listing state back to Etsy where the API allows it. Draft preparation may also save listing details before a seller chooses whether to publish or sync them live.
  • OpenAI / Anthropic - to generate optimized listing content such as titles, descriptions, and tags. Only listing data relevant to the generation task is sent. This data is used solely for the generation request.
  • Railway - for hosting, PostgreSQL database, and persistent file storage

5. Data Caching & Freshness

In compliance with Etsy's API Terms of Use, listing data displayed in the ListerPilot dashboard is refreshed on a rolling basis and targeted to stay within Etsy's freshness limits. Listing data is scheduled for refresh before it reaches the 6-hour threshold, and other Etsy-derived content is refreshed on a separate schedule designed to stay within Etsy's 24-hour limit. If cached data approaches those limits, ListerPilot can trigger a background refresh and warn or delay sensitive actions until fresher data is available.

6. Data Retention

We retain your account data for as long as your account is active. Performance analytics history is retained according to your subscription tier: 30 days for Starter, 90 days for Professional, and full history for Enterprise. This data is used to power decay curve analysis, re-optimization alerts, and listing health scores.

If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained for analytics purposes.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Revoke Etsy OAuth access at any time via your Etsy settings
  • Export your data in a machine-readable format

8. Cookies

We use a single session cookie (mt_session) to maintain your login state. This cookie contains only a session identifier. Your actual session data is stored server-side in our database. We do not use advertising cookies or third-party ad trackers. The product dashboard relies on functional session cookies only. If we enable first-party website analytics in the future, we will update this policy accordingly.

9. Contact

For privacy-related questions or requests, contact us at support@listerpilot.com.