Privacy Policy
Last updated: March 2026
1. Who We Are
ListifyAI is an AI-powered listing tool for Etsy sellers, operated from the United Kingdom. For the purposes of UK GDPR, we act as the Data Controller for any personal data collected through this website. If you have any questions about how your data is handled, you can contact us at hello@listifyai.net.
2. What Data We Collect
We collect and process the following personal data: • Email address — collected when you create an account. Used to log you in, send transactional emails (account confirmation, subscription updates), and occasional product emails if you have opted in. • Password — stored as a secure, one-way hash via Supabase Auth. We never see or store your raw password. • Product descriptions — text you type into our listing generator. This is sent to OpenAI's API to generate your listing and is not stored permanently beyond what you explicitly save. • Product images — photos you upload for AI vision generation. These are processed by OpenAI's API and are not retained by us after generation is complete. • Billing information — we do not collect or store your card details. All payment data is handled directly by Stripe, Inc., who are PCI-DSS compliant. We receive only a Stripe Customer ID and subscription status. • Usage data — via Google Analytics (GA4), we collect anonymised data about how you use the site: pages visited, session duration, device type, and approximate location (country/city level). This data is aggregated and cannot identify you personally.
3. Legal Basis for Processing (UK GDPR)
We process your data under the following legal bases: • Contract performance (Article 6(1)(b)) — processing your email and subscription data is necessary to provide the service you signed up for. • Legitimate interests (Article 6(1)(f)) — we use anonymised analytics to understand how our product is used and to improve it. This does not override your rights. • Consent (Article 6(1)(a)) — we only activate Google Analytics cookies after you explicitly click "Accept" on our cookie banner. You can withdraw consent at any time by clearing your cookies or using our banner settings.
4. How We Use Your Data
We use your data exclusively to: • Provide and operate the ListifyAI service • Authenticate your account and maintain your session • Process your subscription payments via Stripe • Send transactional emails (account created, payment confirmed, subscription cancelled) • Send onboarding and retention emails (day 3 and day 7 after signup) — you can unsubscribe from these at any time • Analyse aggregate usage patterns to improve the product (Google Analytics, with your consent) We do not use your data for advertising. We do not sell your data to any third party. We do not profile you for automated decision-making.
5. Third-Party Services We Use
We share your data only with the following trusted processors, each bound by their own data protection agreements: • Supabase (supabase.com) — stores your account data and saved listings. Servers are hosted in the EU. Supabase is GDPR-compliant. • OpenAI (openai.com) — receives your product descriptions and images to generate listing content. OpenAI does not use API inputs to train its models by default. See OpenAI's privacy policy for details. • Stripe (stripe.com) — processes all payments. Stripe stores your billing information and is PCI-DSS Level 1 certified. • Google Analytics (analytics.google.com) — collects anonymised usage data with your consent. Data is processed in the US under Standard Contractual Clauses. • Resend (resend.com) — sends transactional and onboarding emails on our behalf. • Vercel (vercel.com) — hosts the ListifyAI application. Vercel may process IP addresses in server logs. We do not use any advertising networks, data brokers, or third-party tracking pixels.
6. Data Retention
We retain your data for as long as your account is active. Specifically: • Account data (email, hashed password) — retained until you delete your account. • Saved listings — retained until you delete them individually or delete your account. • Stripe billing records — retained as required by UK financial regulations (typically 6 years). • Google Analytics data — retained for 14 months, after which it is automatically deleted by Google. • Server logs (Vercel) — retained for up to 30 days. When you delete your account, all personal data held by us is permanently removed within 30 days.
7. Your Rights Under UK GDPR
As a UK resident or user, you have the following rights regarding your personal data: • Right of access — you can request a copy of the data we hold about you. • Right to rectification — you can ask us to correct inaccurate data. • Right to erasure ("right to be forgotten") — you can request deletion of your account and all associated data. • Right to restriction — you can ask us to limit how we process your data. • Right to data portability — you can request your saved listings in a machine-readable format (CSV export is available directly in the app). • Right to object — you can object to processing based on legitimate interests, including analytics. • Right to withdraw consent — if you have given consent (e.g. for analytics cookies), you can withdraw it at any time. To exercise any of these rights, email us at hello@listifyai.net. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.
8. Cookies
We use cookies for two purposes: (1) essential authentication cookies set by Supabase to keep you logged in, and (2) Google Analytics cookies, which are only activated after you click "Accept" on our cookie banner. For full details, see our Cookie Policy at listifyai.net/cookies.
9. International Data Transfers
Some of our third-party processors (OpenAI, Google, Stripe, Vercel) operate in the United States. These transfers are covered by Standard Contractual Clauses (SCCs) approved by the UK ICO, ensuring your data receives adequate protection regardless of where it is processed.
10. Children
ListifyAI is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently collected data from a minor, please contact us immediately at hello@listifyai.net and we will delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or UK law. When we make significant changes, we will notify you by email or by displaying a prominent notice on the website. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of ListifyAI after any changes constitutes your acceptance of the updated policy.
12. Contact
If you have any questions or concerns about this Privacy Policy or how we handle your data, please contact us at hello@listifyai.net. We aim to respond to all enquiries within 5 business days.