RepriceLab

Privacy Policy

Last updated: November 17, 2025

CCPA/CPRA Compliant · Amazon SP-API Data Protection Policy

Quick Navigation

1. Information We Collect2. How We Use Your Information3. Data Sharing & Disclosure4. Amazon SP-API Data Protection5. Data Security Measures6. Your Privacy Rights (CCPA/CPRA)

Introduction

RepriceLab ("we," "our," or "us") is a US-based company committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Amazon repricing service. We comply with US privacy laws including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and Amazon's SP-API Data Protection Policy.

1. Information We Collect

1.1 Account Information

  • Personal Data: Name, email address, password (encrypted with bcrypt)
  • Payment Information: Processed securely through Stripe (PCI DSS Level 1 compliant). We do not store credit card details.
  • Contact Information: Information provided when contacting support

1.2 Amazon Seller Data (via SP-API OAuth)

When you connect your Amazon Seller Central account, we access:

  • Product Listings: SKU, ASIN, titles, descriptions, images, categories
  • Inventory Data: Stock levels, fulfillment methods (FBA/FBM)
  • Pricing Information: Current prices, competitive offers, Buy Box status
  • Order Data: Order history for analytics (read-only access)
  • Seller Metrics: Account health, performance indicators
  • Marketplace Participations: Active marketplaces and regions

1.3 Automatically Collected Data

  • Usage Data: Pages visited, features used, time spent on platform
  • Device Information: IP address, browser type, operating system
  • Log Data: API calls, repricing actions, error logs
  • Cookies: Session management, authentication tokens (JWT)

2. How We Use Your Information

Repricing Services

Automated price adjustments based on your configured rules, Buy Box ownership analysis, and competitor monitoring

Analytics & Reporting

Dashboard metrics, sales insights, profitability analysis, historical data tracking

Service Operations

Account management, billing, customer support, service improvements

Security & Compliance

Fraud prevention, security monitoring, legal compliance, incident response

3. Data Sharing and Disclosure

✓ We DO NOT Sell Your Data

We never sell, rent, or trade your personal information or Amazon seller data to third parties for marketing purposes.

3.1 Service Providers

  • Amazon Web Services (AWS): Cloud hosting, infrastructure (SOC 2, ISO 27001 certified)
  • Stripe: Payment processing (PCI DSS Level 1 compliant)
  • Email Service Providers: Transactional emails and notifications

All service providers are contractually bound to protect your data and use it only for specified purposes.

3.2 Legal Requirements

  • Law, regulation, subpoena, or court order
  • Government or regulatory authority requests
  • Protection of our legal rights or prevention of fraud
  • Emergency situations involving safety or security

4. Amazon SP-API Data Protection

As an Amazon SP-API solution provider, we comply with Amazon's Data Protection Policy requirements:

Access Control

  • Role-based access (RBAC)
  • Least privilege principle
  • Multi-factor authentication (MFA)
  • Regular access reviews

Data Encryption

  • TLS 1.2+ in transit
  • AES-256 encryption at rest
  • Encrypted backups
  • Secure key management

Data Retention

  • Active account: data retained
  • Account closure: 30-day grace
  • Permanent deletion after 30 days
  • Compliance logs: 7 years

Token Security

  • OAuth refresh tokens encrypted
  • Secure storage in PostgreSQL
  • Auto-revocation on disconnect
  • No token logging

5. Data Security Measures

Technical Safeguards

  • Authentication: JWT-based secure authentication, bcrypt password hashing (cost factor 12)
  • Network Security: AWS VPC isolation, security groups, DDoS protection
  • Database Security: PostgreSQL with encrypted connections, parameterized queries
  • Infrastructure: AWS infrastructure with SOC 2, ISO 27001, and PCI DSS compliance
  • Monitoring: 24/7 security monitoring, intrusion detection, automated alerts

Operational Safeguards

  • Backups: Automated daily encrypted backups, 30-day retention
  • Incident Response: Documented procedures, 24-hour response time
  • Vulnerability Management: Regular security scans, patch management
  • Employee Access: Background checks, NDA agreements, security training
  • Audits: Annual third-party security assessments

6. Your Privacy Rights (CCPA/CPRA)

Under California and other US state privacy laws, you have the following rights:

Right to Know

Request disclosure of personal information we collect, use, and share

Right to Delete

Request permanent deletion of your account and personal data

Right to Correct

Correct inaccurate or incomplete information

Right to Portability

Export your data in machine-readable format (JSON/CSV)

Right to Opt-Out

Opt-out of sale/sharing of personal data (we don't sell data)

Right to Non-Discrimination

Exercise rights without discrimination or denial of service

How to Exercise Your Rights

Contact us at support@repricelab.com or our Contact Form. We will respond within 45 days (CCPA requirement).

7. Data Retention

  • Active Accounts: Data retained while your account is active
  • After Cancellation: 30-day grace period for account recovery
  • Permanent Deletion: All personal data deleted after 30 days
  • Legal Compliance: Financial records and compliance logs retained for 7 years
  • Amazon SP-API Tokens: Automatically deleted upon store disconnection

8. Cookies and Tracking Technologies

Essential Cookies (Required)

Authentication tokens (JWT), session management, security features

Analytics Cookies (Optional)

Usage patterns, feature adoption — requires user consent

9. Do Not Track Signals

We currently do not respond to Do Not Track (DNT) browser signals. However, we comply with CCPA's "Right to Opt-Out of Sale" and do not sell personal information.

10. Children's Privacy

RepriceLab is intended for business use by individuals 18 years or older. We do not knowingly collect information from children under 18.

11. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Material changes will be communicated via:

  • Email notification to registered users
  • Dashboard notification banner
  • Updated "Last Updated" date at the top of this page

12. Contact Information

Privacy Questions or Concerns?

Email: support@repricelab.com

Contact Form: repricelab.com/contact

Response Time: Within 48 hours for privacy inquiries

Compliance & Certifications

CCPA Compliant — California Consumer Privacy Act
CPRA Compliant — California Privacy Rights Act
Amazon SP-API DPP — Data Protection Policy Certified
PCI DSS via Stripe — Payment Card Industry Standard
© 2026 RepriceLab. All rights reserved. RepriceLab is a product of Codexia LLC.