Seller Copilot

Legal

Privacy Policy

Last updated:

Official URL: https://seller-copilot.com/privacy/ · You can also open /privacy-policy/, which redirects here.

This document describes our privacy practices in plain language. It is not legal advice for your own business or your obligations toward your customers; consider independent advice where appropriate.

1. Who we are

This Privacy Policy applies to SELLER COPILOT LTD, a company registered in England and Wales (company number 17011039), with its registered office at 199 Brentwood Road, Romford, England, RM1 2SJ ("Seller Copilot", "we", "us", "our"). We are the data controller for personal data we collect about you when you use our marketing website and when you register for or use the Seller Copilot software platform (the "Services"), except where we act as a processor on your instructions (see section 6).

For all privacy enquiries, including requests to exercise your rights, contact us at contact@seller-copilot.com or write to the address above. We aim to respond within one calendar month for rights requests, in line with UK GDPR.

2. Scope

This policy describes our processing of personal data in connection with:

  • Our public website at seller-copilot.com (including contact forms, demos, and marketing pages); and
  • The Seller Copilot cloud platform used by merchants and their authorised users to manage e-commerce operations (orders, inventory, shipping, listings, and related features).

The Services are intended for businesses and authorised individuals acting in a professional capacity. They are not directed at children (see section 15).

3. Personal data we collect

Depending on how you interact with us, we may process the following categories of personal data:

  • Account and identity: name, work email address, telephone number, job title, company name, account identifiers, authentication data (for example hashed credentials or tokens issued by our identity provider), and user preferences inside the platform.
  • Billing and contracts: billing contact details, purchase history, subscription tier, and payment-related references (full payment card data is handled by our payment service provider; we do not store complete card numbers on our servers).
  • Service and technical data: IP address, approximate location derived from IP, browser and device type, operating system, timestamps, pages or screens viewed, feature usage, error logs, API request metadata, and security audit logs needed to operate and secure the Services.
  • Support and communications: content you send us by email, chat, or support tickets, including attachments you choose to provide.
  • Marketing: where permitted, your marketing preferences, campaign engagement (for example email opens or clicks), and event registrations.
  • Data you import into Seller Copilot: when you connect sales channels, carriers, or other integrations, we process operational data you synchronise into the platform. That may include order and fulfilment data (such as buyer name, delivery address, email, telephone number, order lines, SKUs, prices, tracking numbers, and messages) and product or inventory data. You decide what channels and data to connect; the categories processed depend on your configuration and the third-party platforms you use.

4. Lawful bases (UK GDPR)

We process personal data on one or more of the following lawful bases:

  • Performance of a contract — to register your account, provide the Services, bill you, and give support you have requested.
  • Legitimate interests — to secure and improve the Services, prevent fraud and abuse, analyse aggregated usage, run our business (including internal reporting), and send service-related communications. We balance these interests against your rights and you may object to certain processing (see section 13).
  • Legal obligation — where we must retain or disclose information to comply with law, regulation, court order, or tax and accounting rules.
  • Consent — where required for non-essential cookies, certain marketing, or other processing we expressly ask you to agree to. You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

5. How we use personal data

We use personal data to:

  • Provide, operate, maintain, and secure the Services;
  • Authenticate users, enforce access controls, and prevent unauthorised access;
  • Process transactions, invoices, and subscription changes;
  • Communicate with you about the Services (including security notices, product updates, and policy changes);
  • Provide customer support and respond to incidents;
  • Develop and improve features (including testing and quality assurance, using aggregated or de-identified information where appropriate);
  • Comply with applicable law and defend our legal rights; and
  • Send marketing communications where we have a lawful basis to do so (see section 10).

6. Your customers and order data (controller / processor)

When you use Seller Copilot to manage orders and shipments, you may import personal data relating to your end customers (for example buyers on marketplaces). In respect of that data, you are typically the data controller and you instruct us to process it solely to provide the Services to you. We process such data in accordance with our agreement with you and this policy, and we do not use it for our own independent marketing purposes.

You are responsible for ensuring you have appropriate notices and lawful bases to collect and upload your customers' personal data into Seller Copilot, and for honouring your customers' rights (for example by handling their access or deletion requests where you are controller).

7. Disclosures and subprocessors

We do not sell your personal data. We may share personal data with:

  • Service providers (subprocessors) who host infrastructure, provide databases, logging, email delivery, analytics, customer support tooling, security monitoring, payment processing, or similar functions. They may only process data on our documented instructions and are subject to confidentiality and security obligations.
  • Professional advisers such as lawyers and accountants, where bound by professional duties of confidentiality.
  • Authorities or third parties when required by law or to protect rights, safety, and security.
  • Business transfers: if we are involved in a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction, subject to appropriate safeguards and notice where required.

A current list of key hosting and infrastructure categories is available on request. Where we use providers outside the UK, we implement appropriate safeguards such as the UK International Data Transfer Agreement (IDTA) or UK Addendum, or reliance on adequacy regulations, as applicable.

8. International transfers

We may process and store data in the United Kingdom and the European Economic Area, and in other countries where our subprocessors operate. When personal data is transferred outside the UK, we ensure appropriate safeguards are in place as required by UK data protection law.

9. Retention

We retain personal data only for as long as necessary for the purposes described in this policy, including to satisfy legal, regulatory, tax, accounting, or reporting requirements. Retention periods vary depending on the type of data and whether you have an active subscription. When data is no longer needed, we delete or anonymise it in line with our internal retention schedule, unless a longer period is required by law.

After account closure, we may retain certain information for a limited period to resolve disputes, enforce our terms, or meet legal obligations.

10. Marketing

We may send marketing communications about Seller Copilot where we have a lawful basis (for example your consent, or soft opt-in for similar products where applicable). You can opt out at any time using the unsubscribe link in emails or by contacting us. We will continue to send essential service and transactional messages (such as security alerts and billing receipts) where necessary to perform our contract with you.

11. Cookies and similar technologies

Our website and platform may use cookies, local storage, and similar technologies for essential functions (such as session management and security), and, where you agree, for analytics or marketing measurement. You can control non-essential cookies through your browser settings and any cookie banner or preference centre we provide. Blocking essential cookies may affect how the Services work.

12. Security

We implement appropriate technical and organisational measures designed to protect personal data against accidental loss, unauthorised access, alteration, or disclosure. These measures include access controls, encryption in transit (and where appropriate at rest), segregation of environments, logging, and staff training. No method of transmission over the Internet is completely secure; we encourage you to use strong passwords and protect your account credentials.

13. Your rights

Under UK GDPR and the Data Protection Act 2018, you may have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase data in certain circumstances ("right to be forgotten");
  • Restrict processing in certain circumstances;
  • Object to processing based on legitimate interests or for direct marketing;
  • Data portability for data you provided where processing is based on consent or contract and is automated; and
  • Withdraw consent at any time, where processing is based on consent.

To exercise these rights, contact contact@seller-copilot.com. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

14. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects on individuals in the sense of UK GDPR Article 22 in respect of account holders. Features you configure inside the Services may automate operational workflows according to rules you set; that is under your control as a business user.

15. Children

The Services are not directed at individuals under 16, and we do not knowingly collect personal data from children. If you believe we have collected such data, please contact us and we will take steps to delete it.

16. Third-party sites and integrations

Our website may contain links to third-party websites. This policy does not apply to those sites. When you connect third-party platforms (for example marketplaces or carriers) to Seller Copilot, their collection and use of personal data is governed by their own privacy policies; we encourage you to read them.

17. Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Where changes are material, we will provide additional notice as required by law (for example by email or in-product notice).

18. Contact

For privacy questions or to exercise your rights: