Privacy Policy
Last updated: May 15, 2026
OAuth, not passwords
We never see your Etsy password. Tokens are AES-256-GCM encrypted at rest.
You approve everything
No automated changes. Rewrites apply to your shop only after you click Approve.
Delete anytime
Disconnect a shop or delete your account — tokens and listing data are wiped immediately.
1
What we collect
- Account credentials: email address and bcrypt-hashed password, or Google OAuth identifier.
- Etsy OAuth tokens: encrypted at rest with AES-256-GCM. Used only to read your listings and apply rewrites you approve. Never logged or shared.
- Etsy listing data: titles, tags, descriptions, attributes, and photo thumbnails for shops you connect. Stored to power the audit and rewrite features.
- IP address: used for rate limiting on public free tools. Not retained long-term.
- Usage metadata: audit runs, rewrite generations, apply/revert events. No behavioral tracking or session replay.
2
What we do NOT collect
- Your Etsy password. We use Etsy's OAuth 2.0 flow — we never see your Etsy credentials.
- Payment card details. Polar (our Merchant of Record) handles billing; we receive only subscription status.
- Browsing history outside of getlistora.app.
- Third-party advertising or marketing pixels.
3
How we use your data
- To audit your listings and generate AI-powered rewrite suggestions.
- To apply approved rewrites back to Etsy on your behalf, and to revert them at your request.
- To send transactional emails (sign-up confirmation, billing receipts, broken-token alerts). No marketing emails without consent.
- To enforce rate limits on free tools and prevent abuse.
- We do not sell your data or share it with third parties for advertising.
4
AI processing
- Listing titles, tags, and descriptions are sent to Anthropic's Claude API to generate SEO rewrites.
- Photo thumbnails are sent to Claude Vision for photo quality scoring.
- Per Anthropic's API policy, prompt and completion data is not used to train their models.
- We do not store raw Claude API responses beyond the duration of your rewrite session.
5
Subprocessors
| Service | Purpose | Region |
|---|---|---|
| Dedicated server | Application hosting | EU |
| PostgreSQL | Database for accounts, listings, rewrites | EU |
| Anthropic (Claude API) | AI rewrites + Vision photo scoring | US |
| Etsy API | Read listings, write approved rewrites | US |
| Polar | Subscription billing (Merchant of Record) | US |
| Resend | Transactional email delivery | US |
| Google OAuth | Optional sign-in provider | US |
6
Data retention
Account data, connected shops, and listing snapshots are retained while your account is active. Etsy OAuth tokens are revoked and deleted immediately on disconnect or account deletion. To delete your account and all associated data, email support@getlistora.app. Deletion requests are processed within 14 days.
7
Your rights (GDPR / CCPA)
- Access: request a copy of all data we hold about you.
- Deletion: delete your account and all data at any time.
- Correction: contact us to correct inaccurate account data.
- Portability: export your audit and rewrite history on request.
8
Contact
Questions about this policy or your data? support@getlistora.app