Privacy Policy

Last updated: June 27, 2026

Ecom Store Manager (“ESM”, “we”, “us”) is a multi-account operations tool that helps e-commerce sellers manage their stores on marketplaces such as Walmart Marketplace, Amazon (Selling Partner API) and others — including order synchronization, listing and catalog management, shipping-label generation, and reporting. This policy explains what data we process, why, how we protect it, and how long we keep it.

Contact: danglch@iart.group

1. Data we process

• Account data: your email, name and authentication credentials for ESM.
• Marketplace connection data: the API credentials / OAuth tokens you authorize us to use to connect to your marketplace seller accounts (Walmart, Amazon SP-API, eBay, etc.).
• Order data: orders retrieved from your connected marketplaces, including order IDs, items, SKUs, quantities, prices, status and ship-by dates.
• Buyer personal information (PII): for the sole purpose of fulfilling your orders, we process the buyer’s name, shipping address and phone number as provided by the marketplace.
• Listing & catalog data: product titles, images, attributes, prices and publish status of your listings.

2. How we use data

• Synchronize and display your orders, listings and catalog.
• Create and manage shipping labels and push tracking back to the marketplace.
• Generate operational reports and health/monitoring for your account.

We do not sell your data or buyers’ data, and we do not use it for advertising. Buyer PII obtained through marketplace APIs (including Amazon SP-API) is used strictly to fulfill the related orders, consistent with each marketplace’s Acceptable Use and Data Protection policies.

3. Sharing

• Shipping carriers / providers (e.g., USPS via our shipping provider) — to purchase and generate the shipping label for an order.
• Infrastructure sub-processors — hosting and database providers (Vercel, Supabase) under their own security and confidentiality obligations.
• We never share buyer PII with third parties for any purpose other than fulfilling the order.

4. Storage & security

• All data is encrypted in transit (TLS 1.2+) and at rest.
• Access is restricted by row-level security so each operator only sees data for the stores they own (least privilege).
• API credentials and tokens are stored as protected secrets, never exposed in client code or logs.
• Buyer PII is never written to application logs.
• Administrative access requires authentication and is limited to authorized personnel.

5. Data retention & deletion

We keep order data only as long as needed to operate the service and meet legal/marketplace obligations. Buyer personal information (name, address, phone) is retained only for the period required to fulfill and support the order, after which it is deleted or anonymized. You may request deletion of your account and associated data at any time by contacting us. We also honor automated account closure/deletion notifications from connected marketplaces (including eBay’s Marketplace Account Deletion notifications): upon receiving a verified notification we delete or anonymize the affected user’s data from our systems.

6. Your rights

You may request access to, correction of, or deletion of your personal data by emailing danglch@iart.group. We respond within a reasonable time.

7. Cookies

We use only essential cookies required to keep you signed in. We do not use advertising or cross-site tracking cookies.

8. Changes

We may update this policy from time to time. Material changes will be reflected by updating the “Last updated” date above.