Privacy Policy

Last updated: May 16, 2026

CoreSeller ("we," "our," or "us") operates the CoreSeller platform (the "Service"). This Privacy Policy describes how we collect, use, store, and protect your information when you use our Service.

By using CoreSeller, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create a CoreSeller account, we collect:

  • Name and email address
  • Password (stored securely using one-way hashing)
  • Business name (optional)

1.2 eBay Account Data

When you connect your eBay seller account(s) to CoreSeller, we receive data through eBay's official APIs, including:

  • eBay user ID and account identifiers
  • OAuth tokens (access and refresh tokens)
  • Inventory and listing data (titles, descriptions, quantities, prices, images)
  • Order and fulfillment data (order details, buyer shipping addresses, tracking numbers)
  • Seller account settings (return policies, fulfillment policies, payment policies)

1.3 Usage Data

We automatically collect certain technical information:

  • IP address and browser type
  • Pages visited and features used within the Service
  • Timestamps of actions and requests

2. How We Use Your Information

We use collected information to:

  • Provide and maintain the CoreSeller Service
  • Sync inventory and process orders across your connected eBay stores
  • Send service-related notifications (e.g., sync errors, order updates)
  • Respond to support requests
  • Improve and optimize the Service
  • Comply with legal obligations

We do not use your data for advertising, profiling, or any purpose unrelated to providing the Service.

3. Data Sharing

We do not sell, rent, or trade your personal information or eBay data to third parties. We may share data only in the following limited circumstances:

  • Service providers: Trusted infrastructure providers (hosting, database, email) who process data on our behalf under strict confidentiality agreements
  • Legal requirements: When required by law, regulation, or legal process
  • Business transfers: In connection with a merger, acquisition, or sale of assets (with prior notice to users)

4. Data Security

We implement industry-standard security measures to protect your data:

  • All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256 encryption
  • eBay OAuth tokens are stored encrypted and never exposed in logs or interfaces
  • Access to production systems is restricted and audited
  • Regular security reviews and updates are performed

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data: Retained while your account is active; deleted within 30 days of account closure
  • eBay data: Retained while the corresponding eBay account is connected; deleted when you disconnect the account or close your CoreSeller account
  • Usage logs: Retained for up to 90 days for operational purposes
  • Backups: Purged within our standard 30-day backup rotation cycle

6. Your Rights

6.1 General Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Withdraw consent for data processing at any time

6.2 GDPR Rights (European Economic Area)

If you are located in the EEA, you have additional rights under the General Data Protection Regulation, including:

  • Right to data portability
  • Right to restrict processing
  • Right to object to processing
  • Right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is: (a) your consent, (b) performance of our contract with you, and (c) our legitimate interest in providing and improving the Service.

6.3 CCPA Rights (California)

If you are a California resident, you have the right to:

  • Know what personal information is collected and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of personal information (note: we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

7. Account Deletion

You may request deletion of your CoreSeller account and all associated data at any time by:

  • Using the account deletion feature in your CoreSeller dashboard settings
  • Emailing support@coreseller.app with a deletion request

Upon receiving a deletion request:

  • Your account will be deactivated immediately
  • All personal data and eBay data will be permanently deleted within 30 days
  • eBay OAuth tokens will be revoked
  • Backup copies will be purged within our standard backup rotation cycle

8. Cookies

CoreSeller uses only essential cookies required for the Service to function:

  • Session cookies: To maintain your authenticated session
  • CSRF tokens: For security against cross-site request forgery

We do not use advertising or tracking cookies.

9. eBay Data

This section specifically addresses how we handle data obtained through eBay's APIs, in compliance with eBay's API License Agreement and Developer Program policies.

9.1 Data Collection & Use

We access eBay data solely to provide the CoreSeller Service. Data obtained through eBay APIs is used exclusively for:

  • Displaying seller inventory and order information within the CoreSeller dashboard
  • Synchronizing inventory quantities across connected eBay stores
  • Processing and tracking order fulfillment
  • Providing operational reports and insights to the seller

9.2 Data Minimization

We practice strict data minimization with eBay data:

  • We only request API scopes necessary for the features we provide
  • We only store eBay data that is required for active functionality
  • Transient data used for processing is not persisted beyond the immediate operation

9.3 No Selling or Sharing of eBay Data

We will never sell, license, rent, or share eBay user data with any third party for any purpose. eBay data is only accessible to the authenticated seller who owns that data.

9.4 Account Deletion Compliance

CoreSeller fully supports eBay's Marketplace Account Deletion requirements:

  • We process account deletion notifications received via eBay's Marketplace Account Deletion webhook
  • Upon receiving a deletion notification, all eBay data for the specified user is permanently removed from our systems within 30 days
  • This includes all inventory data, order data, account settings, and OAuth tokens
  • Deletion events are logged for compliance auditing

9.5 eBay Data Security

eBay data receives the same security protections as all user data (see Section 4), with additional measures:

  • OAuth tokens are stored with additional encryption layers
  • API communications with eBay use TLS 1.2+ exclusively
  • Access to eBay data is scoped to the owning seller account

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will notify you via email.

11. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us: