Privacy Policy

Last updated: 17 May 2026

The Seller Reports, operated by The Seller Reports, Pakistan, is the data controller responsible for personal information processed when you use our Service. This Privacy Policy explains what we collect, why, who we share it with, and the rights you have.

1. Information We Collect

We collect the following categories of personal data:

  • Account data — name, business name, email address, username, hashed password.
  • Business data you upload — Amazon Unified Transaction Reports, purchase / cost files and the derived reports we generate for you.
  • Subscription & billing data — plan, billing period, country, payment status and Paddle transaction identifiers. We do not see or store your full card number, CVV or bank credentials — those are collected and stored by Paddle.
  • Technical data — IP address, browser type, signup IP, login activity, anti-abuse signals (rate-limit counters, failed login counts) and limited application logs.
  • Support communications — messages you send via our contact form or by email.
  • Cookies — see section 8 below.

2. Why We Use Your Data & Legal Basis

  • To deliver the Service (generate reports, host your account, switch between multi-account workspaces) — legal basis: performance of a contract.
  • To process payments and prevent fraud — legal basis: performance of a contract / legitimate interests / legal obligation (tax).
  • To send transactional emails (verification codes, invoices, password resets, expiry reminders) — legal basis: performance of a contract.
  • To secure the Service (rate limiting, login lockout, abuse detection) — legal basis: legitimate interests in protecting our platform and our users.
  • To meet legal & tax obligations — legal basis: legal obligation.

3. Sub-processors & Third Parties

We share personal data with the following service providers, each only to the extent needed:

  • Paddle.com Market Limited (Merchant of Record) — processes all payments, handles invoicing, refunds, chargebacks and global sales-tax compliance. See Paddle’s Privacy Notice.
  • AWS — cloud infrastructure (servers, databases, file storage).

We do not sell or rent your personal data to anyone. We do not use it for cross-context behavioural advertising.

4. International Transfers

Some of our sub-processors (notably Paddle, headquartered in the United Kingdom, and our infrastructure providers) are located outside your country of residence. Where personal data is transferred outside the EEA, UK or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses or the UK International Data Transfer Addendum, as published by the respective sub-processor.

5. Data Retention

  • Account records: while your account is active and for up to 12 months after closure, after which they are deleted or anonymised.
  • Uploaded transaction / cost files: retained for the duration of your active subscription; you may delete them earlier via the “Reset workspace” control.
  • Generated saved reports (P&L, itemwise, item profitability): retained while the related Amazon account exists in your workspace.
  • Billing and tax records: retained for as long as required by applicable law (typically 6–10 years).
  • Unverified signups: automatically purged after the period set by the operator (default 24 hours).
  • Security / abuse-prevention logs: typically retained for up to 90 days.

6. Your Rights

Depending on where you live (e.g. EU/EEA, UK, California, India under DPDPA) you may have the following rights:

  • access a copy of the personal data we hold about you;
  • request correction of inaccurate data;
  • request deletion (“right to be forgotten”);
  • request data portability in a machine-readable format;
  • object to or restrict certain processing;
  • withdraw consent where processing is based on consent;
  • complain to your local data-protection authority.

To exercise any of these rights, email info@thesellerreports.com from the address on file. We respond within 30 days. For payment-related data held by Paddle, please use the Paddle Privacy Notice for the appropriate buyer-portal route.

7. Security

Passwords are stored hashed with bcrypt. Sessions use HttpOnly, SameSite cookies and (in production) the Secure flag. We enforce per-IP rate limits, account lockout after repeated failed logins, and CSRF protection on every state-changing form. Communications between your browser and our servers should always use HTTPS. While no system can be perfectly secure, we keep our software and dependencies up to date and review access on an ongoing basis.

8. Cookies

We use only the cookies that are strictly necessary to keep you logged in (a signed session cookie) and to protect forms against CSRF attacks. We do not set advertising or analytics cookies. If you enable Cloudflare Turnstile, Cloudflare may set short-lived cookies to validate the anti-bot challenge.

9. Children

The Service is intended for business users aged 18 or over. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date above will reflect any change; material changes will also be communicated by email or in-app notice at least 14 days before they take effect.

11. Contact

Data Controller: The seller reports, Pakistan. For any privacy question or to exercise a right above, email info@thesellerreports.com.