Privacy Policy

1. Who we are

SellerMatrix is operated by Hamish Pritchard, trading as SellerMatrix ("we", "us", "our"). We are the data controller for the personal data described in this policy.

Contact: hello@sellermatrix.com
Website: sellermatrix.com
Country: United Kingdom

2. What data we collect

We collect the following categories of personal data:

Waitlist and account data

• Email address — provided when you join our waitlist or create an account
• Name — provided voluntarily when signing up
• IP address and browser information — collected automatically when you visit our website

Amazon seller account data (when you connect your account)

• Sales and order metrics — order counts, revenue totals, daily and weekly aggregates
• PPC and advertising data — campaign spend, ACOS, clicks, impressions via the Amazon Advertising API
• Listing health data — listing status, suppression flags, buy box status
• Account health data — Order Defect Rate, cancellation rate, late shipment rate
• Financial data — Amazon fee breakdowns, settlement amounts, refund data
• Inventory data — FBA stock levels

We do not collect or store any personally identifiable information about your Amazon customers (buyers). Only aggregated business performance metrics are stored.

3. How we use your data

We process your data for the following purposes:

• Providing the service — displaying your performance dashboard, generating your weekly digest email, and powering AI-driven account reviews
• Account management — managing your account, communicating service updates, and responding to support requests
• Service improvement — understanding how SellerMatrix is used to improve features and performance
• Legal compliance — meeting our obligations under applicable law

Legal basis for processing (UK GDPR):

• Contract performance — processing necessary to deliver the service you've signed up for
• Legitimate interests — improving the service and communicating relevant updates
• Consent — where we rely on your explicit consent (e.g. marketing emails), which you may withdraw at any time

4. Third parties we share data with

We use the following trusted sub-processors to operate SellerMatrix, each under data-processing terms and only to deliver the service to you. We do not sell your data, and we do not share it with any advertising, analytics, or data-broker third party.

Processors that handle Amazon Information (your own aggregated seller data — never any buyer personal information):

• Supabase, Inc. — database and backend infrastructure, hosted on AWS. Stores your aggregated performance data, encrypted at rest (AES-256) and isolated per seller.
• Netlify, Inc. — application and serverless hosting. Runs the functions that retrieve and process your data in transit; your Amazon Information is not persistently stored by Netlify.
• Resend — transactional email delivery, including your weekly performance digest, which may contain your own aggregated metrics and is sent only to your account email address.
• Anthropic, PBC (Claude API) — used only when you enable the optional AI account review feature. Only your aggregated business metrics (no buyer personal information) are sent, solely to generate your own review, and are not used to train AI models per Anthropic's API terms.

Processors that do not receive Amazon Information (they handle only your account or contact details):

• Stripe, Inc. — billing and subscription management. Handles your account and payment details only; it does not receive any Amazon Information.
• Kit (ConvertKit) — manages our waitlist and marketing email list. Handles your email address and contact details only; it does not receive any Amazon Information.

Source of your Amazon data:

• Amazon SP-API and Advertising API — the source of your seller account data, which we access on your behalf with your authorisation.

In every case the data is your own information, shared via encrypted API calls (HTTPS/TLS) under each provider's data-protection terms. All sub-processors are required to handle your data in accordance with applicable data protection law.

5. International data transfers

Some of our third-party service providers store or process data outside the UK and EEA (primarily in the United States). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses or equivalent protections.

6. How long we keep your data

• Waitlist data — retained until you unsubscribe or request deletion
• Account data — retained for the duration of your account, plus 30 days after account closure
• Amazon seller performance data — retained for up to 24 months to support historical trend analysis, or until you disconnect your Amazon account or request deletion
• Usage logs — retained for 90 days for security and debugging purposes

7. Data security

We take the security of your data seriously. Our measures include:

• All data transmitted between your browser and our services is encrypted using HTTPS/TLS
• Database encryption at rest using AES-256 via Supabase
• API credentials stored as encrypted environment variables — never in source code or public repositories
• Multi-factor authentication enforced on all administrative accounts
• Access to your data restricted to authorised personnel only

In the event of a data breach that is likely to affect your rights or freedoms, we will notify you and the Information Commissioner's Office (ICO) within 72 hours of becoming aware of it.

8. Your rights

Under UK GDPR, you have the following rights:

• Access — request a copy of the personal data we hold about you
• Rectification — ask us to correct inaccurate or incomplete data
• Erasure — request deletion of your personal data ("right to be forgotten")
• Restriction — ask us to limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests
• Withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at hello@sellermatrix.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

9. Cookies

Our website uses minimal cookies necessary for the site to function. We do not use third-party advertising or tracking cookies. You can control cookies through your browser settings.

10. Amazon data compliance

SellerMatrix accesses your Amazon seller account data ("Amazon Information") via the Amazon Selling Partner API (SP-API) and Amazon Advertising API, solely to provide you with the SellerMatrix service. We comply with Amazon's Acceptable Use Policy and Data Protection Policy.

Specifically, your Amazon Information is:

• Encrypted in transit (HTTPS/TLS) and at rest (AES-256), and isolated per seller;
• Shared only with the sub-processors listed in Section 4, each under data-processing terms, and solely to deliver the service to you;
• Never sold, and never shared with any advertising, analytics, or data-broker third party;
• Never used for advertising, and never used to train AI or machine-learning models;
• Limited to aggregated business performance metrics — we do not collect, store, or share any personally identifiable information about your Amazon customers (buyers).

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact us

If you have any questions about this policy or how we handle your data, please get in touch: