Deltapp
Back to site

Privacy Policy

Last updated: 14 May 2025

This privacy policy describes how Deltapp ("we", "us", "Delta") processes personal data when you visit our website, sign up for an account, or use the application. It is written to meet the UK GDPR and EU GDPR transparency requirements.

1. Who we are

Deltapp is the trading name of the entity operating the deltapp.com domain. For data protection enquiries email privacy@deltapp.com.

2. Data we collect

  • Account data: name, email, hashed password (handled by our auth processor Clerk), authentication metadata.
  • Connected store data: eBay store ID, OAuth tokens (encrypted at rest), policy and listing data necessary to provide the service.
  • Product data: ASINs, scraped Amazon product information, prices, your draft and published listings.
  • Order data: eBay orders synced into the platform, buyer name and shipping address (data minimised - we only store what we need to fulfil orders).
  • Usage data: IP address, browser metadata, timestamps, structured logs of your actions in the app.
  • Payment data: handled entirely by our payment processor; we never see card numbers.

3. How we use it

  • Provide the service you signed up for (the lawful basis is contract performance).
  • Send transactional emails (price-check summaries, order alerts, account notices).
  • Diagnose errors and prevent abuse (legitimate interest).
  • Comply with legal obligations (record-keeping, tax).

We do not sell your data, share it with advertisers, or train AI models on it.

4. Sub-processors

We use a small number of trusted sub-processors to operate the service. Each is bound by a data processing agreement. See the live list on our sub-processors page.

5. Retention

  • Account data is retained while the account is active.
  • Activity logs are retained for 90 days, then deleted.
  • Scrape attempt logs are retained for 30 days.
  • Database backups are retained for 30 days before being overwritten.
  • On account deletion, all personal data is removed within 30 days.

6. Your rights

Under UK and EU GDPR you have the right to access, correct, erase, restrict, port, and object to processing of your personal data. Email privacy@deltapp.comto exercise any of these rights. You also have the right to complain to your supervisory authority (in the UK: the ICO).

7. International transfers

Where sub-processors are located outside the UK / EEA, transfers are protected by Standard Contractual Clauses or adequacy decisions. Details on the sub-processors page.

8. Security

Encryption in transit (TLS 1.2+) and at rest. Role-based access. Audit trails. Sentry captures errors without sensitive payloads. See our security page.

9. Changes

We update this policy as the product evolves. Material changes are emailed to account holders at least 14 days before they take effect.

This document is a working template. Final wording is pending legal review before public launch.