Privacy & Data Protection Policy

Prolisto (“we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy. This policy explains what data we collect, how we use it, with whom we share it, and your rights in relation to it.

This policy applies to all users of the Prolisto platform, accessible at prolisto.com, and any associated applications or services.

By creating an account or using our Service, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein.

We collect the following categories of personal data:

Account & Identity Data

• Email address (required for account creation)
• Name (if provided through social sign-in)
• Profile picture (if provided through social sign-in)
• Authentication credentials (password hash - never stored in plain text)

Integration & Marketplace Data

• eBay and Shopify OAuth tokens and seller identifiers
• Listing data, pricing data, and inventory information retrieved from connected marketplaces
• Repricing rules, automation settings, and strategies you configure

Usage & Technical Data

• IP address, browser type, and device information
• Pages visited, features used, and interactions within the Service
• Error logs and performance data
• Cookie identifiers and session tokens (see our Cookie Policy)

Communications Data

• Email correspondence if you contact our support
• Transactional emails (account confirmation, billing receipts)
• Marketing emails (only if you opt in)

Referral Data

• Referral codes and affiliate identifiers via our Endorsely referral programme

We process your personal data for the following purposes and on the following legal bases:

• Contract performance: to create and manage your account, provide the Service, and process payments.
• Legitimate interests: to improve and develop the Service, detect and prevent fraud, ensure security, and conduct analytics.
• Legal obligation: to comply with applicable laws, regulations, and lawful requests from authorities.
• Consent: to send marketing communications (where you have opted in) and to place non-essential cookies.

We share your data only with trusted third-party providers who process data on our behalf, subject to appropriate data processing agreements. Categories of recipients include:

• Authentication and infrastructure providers - hosting, database storage, and user authentication services
• AI processing providers - listing content may be sent to AI services for analysis; no personal identifiers are included in these requests
• Email delivery providers - transactional and marketing email services
• Analytics providers - usage analytics, session analytics, and platform performance monitoring
• Advertising and marketing measurement providers - conversion tracking and advertising effectiveness measurement
• Referral and affiliate programme providers - referral attribution and affiliate tracking
• Marketplace platform providers - eBay, Shopify, and other connected marketplaces receive data as necessary to provide repricing and listing services on your behalf

We do not sell your personal data to third parties.

Some of our third-party providers are based outside the United Kingdom and European Economic Area. Where data is transferred to countries without an adequacy decision, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the ICO/European Commission, or equivalent mechanisms.

We retain your personal data for as long as your account is active or as necessary to provide the Service. Upon account deletion, we will delete or anonymise your personal data within 90 days, except where we are required to retain it for legal, regulatory, or legitimate business purposes (e.g., billing records are retained for 7 years).

Marketplace data (such as eBay listing data retrieved via API) is retained for the purpose of providing repricing services and is deleted promptly upon account termination or integration disconnection.

Depending on your location, you may have the following rights in relation to your personal data:

• Access: to request a copy of the personal data we hold about you
• Rectification: to ask us to correct inaccurate or incomplete data
• Erasure: to request deletion of your personal data (the “right to be forgotten”)
• Restriction: to ask us to restrict processing in certain circumstances
• Portability: to receive your data in a structured, commonly used, machine-readable format
• Objection: to object to processing based on legitimate interests
• Withdraw consent: to withdraw any consent you have given at any time, without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us via prolisto.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or your local supervisory authority.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include encryption in transit (TLS), encryption at rest, access controls, and regular security reviews.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant authorities as required by law.

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal data from anyone under 18. If you become aware that a minor has provided us with personal data, please contact us so we can take appropriate action.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on the Service before the change takes effect. We encourage you to review this policy periodically.

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at prolisto.com.