Your Privacy Matters

Privacy Policy

Last updated: March 2026

TL;DR: We collect only what's needed to run the service. We never sell your data. Your listing content is processed by AI only when you request it. You can delete everything at any time.

1Information We Collect

Account Information

When you create an account, we collect your email address and authentication credentials. These are stored securely via Supabase Auth with industry-standard encryption.

Listing Data

When you use our audit or rewrite features, we process your Etsy listing data including titles, descriptions, tags, and prices. This data is stored in your audit history for your reference and is never shared with other users.

Payment Information

Payment processing is handled entirely by Stripe. We never store credit card numbers, CVVs, or bank account details on our servers. We only retain your Stripe customer ID and subscription status.

Usage Metrics

We track basic usage data — audits performed, rewrites used, features accessed — to enforce plan limits, detect abuse, and improve the service. This data is tied to your account, not your device.

2How We Use Your Information

Provide, maintain, and improve the Service and its features
Process your listing audits and generate AI-powered optimization recommendations
Manage your account, subscription, and billing
Send essential service communications (account verification, billing, security alerts)
Enforce our Terms of Service and prevent abuse or fraud
Generate anonymized, aggregated analytics to improve the product

We will never use your data for advertising, sell it to third parties, or use it to train AI models.

3AI Data Processing

When you use our AI audit or rewrite features, your listing data is sent to Anthropic's Claude API for processing. Here's exactly what happens:

Your listing title, description, and tags are sent to the API as a one-time request
The AI generates analysis or rewritten content and returns it immediately
Anthropic does not store your data or use it for model training (per their API terms)
We sanitize all input before sending to prevent data leakage
You can use the local audit engine (no AI) if you prefer — it runs entirely on our servers

4Data Sharing & Third Parties

We share data only with the service providers necessary to operate EtsyBoost:

Provider	Purpose	Data Shared
Supabase	Database hosting, authentication, and row-level security	Email, profile, audit history
Stripe	Payment processing and subscription management	Email, payment method (on their servers)
Anthropic	AI-powered listing analysis and content generation	Listing data only (title, tags, description)
Vercel	Application hosting, CDN, and serverless functions	Request logs, performance data

Each provider processes data under their own privacy policy and our data processing agreements. We do not sell, rent, or trade your personal information to any third party.

5Data Security

All data encrypted in transit via HTTPS/TLS 1.3
Database encryption at rest via Supabase's managed PostgreSQL
Row-Level Security (RLS) policies ensuring users can only access their own data
Secure session management via HTTP-only, SameSite cookies
API keys stored in encrypted database fields, not in source code
Regular security audits and dependency vulnerability scanning
Stripe webhook signature verification to prevent forged events
Input sanitization on all user-facing endpoints to prevent injection attacks

6Data Retention

We retain your data according to these policies:

Account data: retained while your account is active
Audit history: retained for 12 months, then automatically deleted
Rewrite history: retained for 12 months, then automatically deleted
Payment records: retained as required by tax and financial regulations
After account deletion: personal data removed within 30 days, anonymized analytics may be retained

7Your Rights

Depending on your jurisdiction, you may have the right to:

Access — request a copy of all personal data we hold about you
Correction — update or correct inaccurate information
Deletion — request complete deletion of your account and associated data
Export — download your audit history and profile data in a portable format
Restriction — limit how we process your data in certain circumstances
Objection — opt out of non-essential data processing
Withdrawal — revoke consent for optional data processing at any time

To exercise any of these rights, contact privacy@etsyboost.app. We will respond within 30 days.

8Chrome Extension Privacy

The extension only activates on Etsy listing pages when you explicitly use it
It extracts listing data (title, description, tags, price, images) from the current page only
No data is collected in the background or when the extension is idle
Only your authentication token is stored locally in chrome.storage
The extension communicates only with our API — no third-party tracking or analytics
You can revoke the extension's permissions at any time through Chrome settings

9Cookies

We use only essential cookies:

Authentication session cookies (HTTP-only, secure, SameSite)
Supabase auth tokens for maintaining your login state
No advertising cookies, no tracking pixels, no analytics cookies

Third-party services (Stripe checkout) may set their own cookies during payment flows, governed by their respective policies.

10Children's Privacy

EtsyBoost is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If we discover that a child under 16 has created an account, we will delete it promptly.

11Changes to This Policy

We may update this privacy policy from time to time. Significant changes will be communicated via email at least 14 days before taking effect. The "Last updated" date at the top reflects the most recent revision. Continued use after changes constitutes acceptance.

12Contact

For privacy-related questions, data requests, or to report a concern:

Email: privacy@etsyboost.app
Response time: within 30 days for data requests
For urgent security issues: security@etsyboost.app