Privacy Policy
Overview
Rufusly is an AI-powered content and intelligence platform for Amazon and Shopify sellers (“Rufusly”, “we”, “us”, “our”). This Privacy Policy explains how we collect, use, store, and protect information when you use our platform at rufusly.ai.
We are committed to handling your data responsibly. We collect only what is necessary to provide our service, we never sell your personal data, and we never use your Amazon seller data to compete with you or share it with other sellers.
Key point on Amazon data: When you connect your Amazon account, we access your selling data solely to generate AI-optimised content and business intelligence for your own use. We request the minimum permissions required, and you can revoke our access at any time from your Amazon Seller Central account.
Data we collect
Account and profile data
When you create a Rufusly account we collect:
- Name and email address
- Password (hashed, never stored in plain text)
- Business name and type (optional, used to personalise outputs)
- Billing address (collected by Stripe, not stored on our servers)
Usage data
When you use the platform we collect:
- Features used, pages visited, and actions taken within the product
- Listing rewrites, image generations, and other job outputs you create
- Credit usage and subscription activity
- Error logs and performance data for debugging
Brand profile data
Brand profiles you create in Rufusly (brand name, product name, accent colours, key claims, target customer, certifications) are stored to personalise your AI-generated content. You can delete brand profiles at any time from your account settings.
Technical data
We collect standard web server logs including IP addresses, browser type, and device type. This data is used for security, fraud prevention, and aggregate analytics only.
Amazon account data
Rufusly integrates with Amazon's Selling Partner API (SP-API). When you choose to connect your Amazon account, the following applies:
What access we request
| API scope | What we access | Why we need it |
|---|---|---|
| Catalog Items | Product details, images, category data | To fetch product context for listing rewrites |
| Listings Items | Your existing listing content (title, bullets, description) | To generate AI-optimised rewrites of your actual listings |
| Reports | Brand Analytics, Search Query Performance reports | To provide keyword intelligence and BI reports |
| Finances | Settlement data, fee summaries | To calculate true profitability in BI reports |
| Orders | Order counts, sales velocity | To provide sales trend analysis |
| Inventory | FBA stock levels, days of supply | To surface inventory risk in BI reports |
How we handle Amazon data
- Read-only access. We never write to your Amazon listings, place orders, change bids, modify inventory, or take any action on your account without your explicit instruction and confirmation.
- No data sharing with other sellers. Your Amazon selling data is never shared with, sold to, or made accessible to other Rufusly users or third parties.
- No competitive use. We do not use your Amazon data to inform product decisions for competing sellers, or to build competitive intelligence products.
- Data minimisation. We sync only the data required to provide the specific features you use.
- Revoke at any time. You can revoke Rufusly's access through Amazon Seller Central → Apps & Services → Manage Your Apps, or by contacting us directly.
Amazon relationship disclaimer: Rufusly is an independent service provider. We are not affiliated with, endorsed by, or sponsored by Amazon.com, Inc. or its affiliates. Amazon is not responsible for Rufusly's services.
How we use your data
| Purpose | Legal basis (UK GDPR) |
|---|---|
| Providing and operating the Rufusly service | Contractual necessity |
| Generating AI listing rewrites and product images | Contractual necessity |
| Processing subscription payments via Stripe | Contractual necessity |
| Sending transactional emails (receipts, alerts) | Contractual necessity |
| Improving our AI models and product features | Legitimate interests |
| Fraud prevention and security | Legitimate interests |
| Sending product update emails (opt-out available) | Legitimate interests / consent |
| Complying with legal obligations | Legal obligation |
We do not sell your personal data. We do not use your data for advertising targeting on other platforms.
Third-party services
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Database, authentication, file storage | User accounts, job outputs, brand profiles |
| Vercel | Application hosting and serverless functions | Request logs, environment variables (no user PII) |
| Anthropic (Claude API) | AI listing generation and text analysis | Product data and prompts submitted for rewriting |
| fal.ai | AI product image generation | Image prompts and brand profile fields |
| Stripe | Payment processing | Name, email, billing address, payment method tokens |
We do not share your data with any third parties beyond those listed above, except where required by law or with your explicit consent.
Storage and security
Your data is stored in the European Union on Supabase infrastructure. All data is encrypted at rest and in transit using TLS 1.2+ encryption.
- Row-Level Security (RLS) on all database tables — every query is scoped to the authenticated user
- All API keys stored in server-side environment variables, never exposed to the browser
- OAuth 2.0 for Amazon account connections — we never store your Amazon password
- Amazon SP-API tokens stored encrypted in our database
- Automatic session expiry and token rotation for Amazon OAuth connections
If you become aware of any security vulnerability, please contact us immediately at security@rufusly.ai.
Data retention
We retain your data for as long as your account is active. When you delete your account:
- Your profile, brand profiles, and listing history are deleted within 30 days
- Amazon SP-API tokens are revoked and deleted immediately
- Generated images and CSV exports are deleted from storage within 30 days
- Billing records are retained for 7 years as required by UK law
- Anonymised, aggregated analytics data may be retained indefinitely
You can request immediate deletion of all personal data by emailing hello@rufusly.ai.
Your rights
Under UK GDPR, you have the following rights:
- Right to access: Request a copy of all personal data we hold about you
- Right to rectification: Request correction of inaccurate or incomplete data
- Right to erasure: Request deletion of your personal data
- Right to restrict processing: Request that we limit how we use your data
- Right to data portability: Request your data in a machine-readable format
- Right to object: Object to processing based on legitimate interests
- Right to withdraw consent: Withdraw any consent given at any time
To exercise any of these rights, email hello@rufusly.ai. You also have the right to lodge a complaint with the ICO at ico.org.uk.
Cookies
Rufusly uses essential cookies only:
- Authentication cookie: Keeps you logged in during your session (essential, cannot be disabled)
- Preference cookie: Stores UI preferences such as theme and view settings
We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
Children's privacy
Rufusly is a business tool intended for adults aged 18 and over. We do not knowingly collect personal data from children under 18.
Policy changes
When we make material changes, we will notify you by email and update the “Last updated” date at the top of this page. Continued use of Rufusly after the effective date constitutes acceptance of the updated policy.