Privacy Policy

Website: skuascout.ai · Last updated: [DATE]

NoteDRAFT, FOR REVIEW. This is a working draft of a GDPR-oriented Privacy Policy, to be reviewed and finalized by a qualified lawyer or data-protection adviser before publication. Items highlighted in amber are placeholders or decisions that still need to be confirmed. Nothing here constitutes legal advice.

1. Who We Are

This Privacy Policy explains how [LEGAL ENTITY NAME] ([COMPANY FORM, e.g. SRL], registered in [COUNTRY / CITY], registration number [REG. NO.]) ("SkuaScout," "we," "us," or "our") collects and uses your personal data when you use the website at skuascout.ai and the SkuaScout application and services (together, the "Service").

For the purposes of the EU General Data Protection Regulation ("GDPR"), we are the data controller of the personal data described in this Policy. Our contact details for privacy matters are in Section 12.

2. The Data We Collect

We collect the following categories of personal data:

  • Account data. Your name (if provided), email address, password (stored in hashed form), and, if you sign in with a third-party provider such as Google, the basic profile information that provider shares with us.
  • Payment data. When you subscribe or buy Credits, payment is processed by our payment processor. We receive limited billing information (such as your plan, transaction status, and partial card details), but we do not store your full payment card number ourselves.
  • Content you submit. The inputs you provide to the Service, such as keywords, ASINs, niches, and uploaded files (including Helium 10 X-ray CSV exports), and the outputs generated from them.
  • Usage and technical data. Information about how you use the Service, such as features used, Credit activity, log data, device and browser type, IP address, and approximate location derived from it.
  • Communications. Messages you send us (for example, support requests) and your preferences for marketing communications.
  • Referral data. If you participate in the referral program, the referral codes used and the link between referring and referred accounts, to apply discounts and rewards and prevent abuse.

3. How We Collect It

  • Directly from you when you create an account, subscribe, upload content, or contact us.
  • Automatically as you use the Service, through logs, cookies, and similar technologies (see Section 6).
  • From third parties, such as your chosen sign-in provider and our payment processor.

4. Why We Use Your Data and Our Legal Basis

Under the GDPR we must have a legal basis for processing your personal data. We rely on the following:

  • To provide the Service (create your account, run analyses, store your work), legal basis: performance of our contract with you.
  • To process payments and manage subscriptions, Credits, and referrals, legal basis: performance of our contract and our legitimate interests.
  • To secure, maintain, and improve the Service, including preventing fraud and abuse, legal basis: our legitimate interests.
  • To communicate with you about your account, changes, and support, legal basis: performance of our contract and our legitimate interests.
  • To send marketing (where applicable), legal basis: your consent, which you can withdraw at any time.
  • To comply with legal obligations (such as tax and accounting), legal basis: compliance with a legal obligation.

5. Automated Processing and AI

The Service uses automated systems, including AI models, to generate scores, analyses, and recommendations from the content you submit. These outputs are decision-support tools and do not produce legal or similarly significant effects on you within the meaning of Article 22 of the GDPR. [CONFIRM whether any submitted data is sent to third-party AI/LLM providers, and name them in Section 7.]

6. Cookies and Similar Technologies

We use cookies and similar technologies to operate the Service, remember your session, and understand usage. [CONFIRM your cookie/analytics setup, e.g. which analytics provider, whether you use non-essential cookies, and whether a cookie-consent banner is required.] Further detail is provided in our Cookie Policy at [COOKIE POLICY URL, if separate].

7. How We Share Your Data

We do not sell your personal data. We share it only with the following categories of recipients, who act as our processors or as independent controllers where applicable:

  • Payment processor, [Stripe], to process payments and manage subscriptions.
  • Hosting and infrastructure, [HOSTING PROVIDER], to host the Service and store data.
  • AI / model providers, [NAME ANY LLM/AI APIs you send data to, or state "none"].
  • Email and communications, [EMAIL PROVIDER], to send transactional and (where consented) marketing emails.
  • Analytics, [ANALYTICS PROVIDER, or "none"].
  • Professional advisers and authorities, where required by law or to protect our rights.

Our processors are bound by data-processing agreements that require them to protect your data and process it only on our instructions.

8. International Transfers

Some of our processors may be located outside the European Economic Area (EEA). Where we transfer personal data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision. [CONFIRM which processors are outside the EEA and the safeguard used.]

9. How Long We Keep Your Data

We keep your personal data only as long as necessary for the purposes described in this Policy. In general: account and content data are kept while your account is active and for [RETENTION PERIOD, e.g. 30 days] after closure (unless you request earlier deletion); billing and tax records are kept for [STATUTORY PERIOD, e.g. as required by Romanian tax law]; and log data is kept for [PERIOD]. After these periods we delete or anonymize the data.

10. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

  • Access, to obtain a copy of the data we hold about you.
  • Rectification, to correct inaccurate or incomplete data.
  • Erasure, to ask us to delete your data in certain circumstances.
  • Restriction, to ask us to limit how we use your data.
  • Portability, to receive your data in a portable format, or have it sent to another provider where technically feasible.
  • Objection, to object to processing based on our legitimate interests, and to direct marketing at any time.
  • Withdraw consent, where we rely on consent, to withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us using the details in Section 12. You also have the right to lodge a complaint with a supervisory authority, in Romania, the National Supervisory Authority for Personal Data Processing (ANSPDCP). [CONFIRM supervisory authority if your establishment differs.]

11. Security and Children

We use reasonable technical and organizational measures to protect your personal data, such as encryption in transit, hashed passwords, and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.

The Service is not directed to children, and you must be at least 18 (or the age of majority in your jurisdiction) to use it. We do not knowingly collect data from children.

12. Changes and Contact

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice (for example, by email or an in-app notice). The "Last updated" date at the top shows when it was last revised.

For any privacy questions or to exercise your rights, contact us at [PRIVACY CONTACT EMAIL], [LEGAL ENTITY NAME], [REGISTERED ADDRESS]. [If you appoint a Data Protection Officer or EU representative, add their details here.]