Privacy Policy

Last updated: June 2, 2026

This Privacy Policy explains how Wyrmspire LLC ("Wyrmspire," "we," "us") collects, uses, stores, shares, and protects information when you use SellerPipe (the "Service"), available at sellerpipe.xyz. SellerPipe is an ETL service that connects to your Amazon Seller Central account via the Selling Partner API ("SP-API") and Amazon Advertising APIs and loads the resulting data into a destination warehouse — typically your own Google BigQuery project.

1. Information we collect

1.1 Account information

When you create a SellerPipe account or contact us, we collect your name, email address, company name, and (where applicable) billing information.

1.2 Amazon Information

When you authorize SellerPipe through Seller Central or Amazon Advertising, we receive and store:

  • An OAuth refresh token that lets SellerPipe call the SP-API or Ads API on your behalf
  • Your Amazon seller identifier (merchant token), marketplace identifiers, and brand metadata
  • Operational data returned by the APIs you have authorized — for example: orders, sales, FBA inventory, settlements, financial events, listings, fulfillment events, returns, and (for Brand-Registry-enrolled sellers) Brand Analytics; for Advertising: campaign, ad group, keyword, and report data

We refer to the data covered in this section collectively as "Amazon Information." Amazon Information is handled in accordance with the Amazon Acceptable Use Policy and the Amazon Data Protection Policy. See Section 4 for specifics.

1.3 Destination warehouse

SellerPipe loads synced data into a destination you control — typically a Google BigQuery dataset in your own GCP project. We collect the dataset identifier and the service-account credentials you provide for SellerPipe to write to that destination. We do not retain a separate long-term copy of synced rows on our infrastructure beyond what is required for in-flight sync, retry, and short-window debugging (typically 7 days).

1.4 Usage and security data

We collect logs of API calls SellerPipe makes on your behalf, sync run history, error traces, and audit records of which authorized apps accessed which data. We collect IP addresses and user-agent strings for authentication and abuse-prevention purposes.

1.5 Cookies and analytics

The sellerpipe.xyz website does not set tracking or advertising cookies. The static landing page is served by GitHub Pages, which may set basic technical cookies as part of its CDN operation. When you sign in to the SellerPipe application (where available), we set a session cookie strictly necessary for authentication.

2. How we use information

We use the information described above to:

  • Provide and operate the Service, including running scheduled syncs and writing results to your destination warehouse
  • Send transactional notifications about sync status, failures, and account events
  • Provide customer support (including via support@sellerpipe.xyz)
  • Bill you for the Service, including processing payments through a third-party payment processor where applicable
  • Detect, investigate, and prevent fraud, abuse, and security incidents
  • Comply with legal obligations and respond to lawful requests

We do not use Amazon Information to train machine-learning models, to benchmark you against other sellers without your explicit consent, or for any purpose unrelated to providing the Service to you.

3. How we share information

We do not sell, rent, or trade your information. We share information only as described below:

  • Apps you authorize. If you grant another application access to your SellerPipe data via the app-delegation feature, that application receives scoped, revocable access to the categories of data you specify. You can revoke access at any time from the SellerPipe dashboard.
  • Sub-processors. We use the following sub-processors to operate the Service: Amazon Web Services (compute, storage, KMS, Secrets Manager); Google Cloud (the destination BigQuery project you control, and SellerPipe's own operational metadata storage); GitHub Pages (static website hosting); and email infrastructure providers for transactional and support email delivery. Each sub-processor is bound by confidentiality and security obligations.
  • Legal compliance. We may disclose information when required by law, subpoena, or other valid legal process, or to protect the rights, property, or safety of Wyrmspire, our customers, or the public. Where legally permitted, we will notify you before complying with a request that targets your data.
  • Business transfers. If Wyrmspire is involved in a merger, acquisition, or asset sale, your information may transfer as part of that transaction. We will notify you and provide reasonable choices before any transfer.

4. Amazon Information: specific handling

Because SellerPipe is an Amazon SP-API and Ads API consumer, the following commitments apply specifically to Amazon Information:

  • Encryption in transit. All Amazon Information transmitted between SellerPipe and Amazon, between SellerPipe and your destination warehouse, and between SellerPipe and you is encrypted using TLS 1.2 or higher.
  • Encryption at rest. Refresh tokens and any cached Amazon Information are encrypted at rest using AES-256 with keys managed in AWS Key Management Service (KMS).
  • Access controls. Access to Amazon Information by Wyrmspire personnel is restricted to a small number of authorized engineers on a least-privilege basis, requires multi-factor authentication, and is fully audit-logged.
  • Per-tenant isolation. Each customer's Amazon Information is stored in a logically isolated dataset. No customer can read another customer's data.
  • Retention. Refresh tokens and operational state are retained for as long as your SellerPipe account is active. Following account termination or token revocation, we delete refresh tokens within 30 days and any cached Amazon Information within 90 days, unless we are required by law to retain it longer.
  • No aggregation across sellers. We do not combine Amazon Information across sellers, do not produce cross-seller benchmarks without your explicit consent, and do not use Amazon Information to make decisions that affect other sellers.
  • No resale or unauthorized sharing. We do not sell Amazon Information and we do not share it with any party other than (a) sub-processors necessary to operate the Service, (b) apps you have explicitly authorized through the app-delegation feature, and (c) as required by law.
  • Amazon's audit rights. We agree to provide records and reasonable cooperation to Amazon as required by the SP-API Developer Agreement and Data Protection Policy.

5. Data retention and deletion

You can disconnect any seller account at any time from the SellerPipe dashboard, which revokes the SP-API refresh token immediately. To request deletion of all data SellerPipe has stored on your behalf — account, billing records, audit logs, and any cached Amazon Information — email support@sellerpipe.xyz. We process deletion requests within 30 days and confirm completion in writing.

Data that has already been loaded into your destination warehouse (e.g., your BigQuery project) is under your control; SellerPipe cannot delete it on your behalf and you are responsible for managing it directly.

6. Your rights

You have the right to access, correct, export, and delete the personal information SellerPipe holds about you. To exercise any of these rights, email support@sellerpipe.xyz. We respond to verified requests within 30 days.

If you are located in the European Economic Area, the United Kingdom, or California, you have additional rights under the GDPR, UK GDPR, and CCPA respectively, including the right to lodge a complaint with your local supervisory authority.

7. Security

We protect information using industry-standard administrative, technical, and physical safeguards: encryption in transit (TLS 1.2+) and at rest (AES-256 via KMS), strict access controls with multi-factor authentication for all administrative access, audit logging, network segmentation, regular dependency patching, and incident-response procedures.

If we become aware of a security incident affecting your Amazon Information or other sensitive data, we will notify affected customers without undue delay and, in any event, within 72 hours of confirming the incident, in accordance with the Amazon Data Protection Policy and applicable law.

8. International data transfers

SellerPipe operates primarily in the United States. If you access the Service from outside the US, your information will be transferred to, processed, and stored in the US. Where required, we rely on appropriate transfer mechanisms such as Standard Contractual Clauses.

9. Children

The Service is not intended for individuals under 18 years of age, and we do not knowingly collect information from anyone under 18.

10. Changes to this Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, notify you by email or through the Service. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

11. Contact

Questions, requests, or complaints about this Privacy Policy or our handling of your information:

Wyrmspire LLC
Email: support@sellerpipe.xyz