Skip to main content

Legal

Privacy Policy

Last updated: April 5, 2026

1. Information We Collect

When you use ListerPilot, we collect information you provide directly, including your email address, Etsy shop name, and any listing data you import. We also collect usage data such as pages visited, features used, and timestamps of actions taken within the dashboard.

When you connect your Etsy shop via OAuth, we receive an access token that allows us to read and manage your Etsy listings on your behalf. We do not store your Etsy password.

If you use our competitor monitoring feature, we collect publicly available data from third-party Etsy shops that you designate — including their listing tags, titles, and keyword usage. This data is sourced from public Etsy listings and is used solely to provide competitive analysis within your dashboard.

2. How We Use Your Information

  • To provide, maintain, and improve ListerPilot services
  • To optimize your Etsy listings using AI-powered tools
  • To analyze shop performance and generate analytics
  • To communicate with you about your account and updates
  • To detect and prevent fraud or abuse

3. Data Storage and Security

Your data is stored on secure servers hosted on Railway with workspace-level isolation — each seller's data, tokens, and shop access are fully separated from other users.

Etsy OAuth tokens are encrypted at rest using Fernet symmetric encryption (AES-128-CBC with HMAC-SHA256 for integrity). The encryption key is derived from a master secret using PBKDF2-HMAC-SHA256 with 480,000 iterations. Tokens are decrypted only at the moment they are needed for an Etsy API call — they are never logged in plaintext, never sent to the frontend, and never stored in environment variables.

We use HTTPS for all data transmission. Session cookies are set with HttpOnly, Secure, and SameSite=Strict flags. Sessions have a 7-day absolute expiry and 1-day idle timeout, and are stored server-side in our database — not in browser cookies. Access to production systems is restricted to authorized personnel only.

4. Third-Party Services

We integrate with the following third-party services:

  • Etsy API (v3) — to read your listings, shop sections, shipping profiles, taxonomy properties, images, and sales receipts. When you approve changes, we write updated titles, tags, descriptions, materials, attributes, and product dimensions back to Etsy. New listing creation uploads images and sets taxonomy, shipping, and section assignments. All API calls are rate-limited to 5 requests per second maximum.
  • OpenAI / Anthropic — to generate optimized listing content (titles, descriptions, tags). Only listing data relevant to the generation task (product type, dimensions, keywords, and optionally photos) is sent. This data is used solely for the generation request and is not stored by these providers beyond the API call.
  • Railway — for hosting, PostgreSQL database, and persistent file storage

5. Data Caching & Freshness

In compliance with Etsy's API Terms of Use, listing data displayed in the ListerPilot dashboard is refreshed at least every 6 hours to ensure it is not more stale than the corresponding data on Etsy. Other Etsy content (shop info, sections, shipping profiles) is refreshed within 24 hours. Data is not cached longer than is reasonably necessary to provide the Service.

6. Data Retention

We retain your account data for as long as your account is active. Performance analytics history (listing views, favorites, conversion rates) is retained according to your subscription tier — 30 days for Starter, 90 days for Professional, and full history for Enterprise. This data is used to power decay curve analysis, re-optimization alerts, and listing health scores.

If you delete your account, we will delete your personal data within 30 days, except where retention is required by law. Anonymized, aggregated data may be retained for analytics purposes. Competitor monitoring data associated with your account is deleted at the same time.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Revoke Etsy OAuth access at any time via your Etsy account settings
  • Export your data in a machine-readable format

8. Cookies

We use a single session cookie (mt_session) to maintain your login state. This cookie contains only a session identifier — your actual session data is stored server-side in our database. We do not use third-party tracking cookies, advertising cookies, or analytics cookies. Our cookies are strictly functional.

9. Contact

For privacy-related questions or requests, contact us at support@listerpilot.com.