Vendlists
PricingHow It WorksLog in

Privacy Policy

Effective date: March 28, 2026 · Last updated: March 28, 2026

Introduction

Vendlists ("we," "us," or "our") operates the vendlists.com website and AI-powered eBay listing automation service (the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By using Vendlists, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

  • Name, email address, and password (stored as a cryptographic hash — we cannot read your password)
  • Profile preferences and settings

1.2 eBay Account Data

When you connect your eBay seller account via OAuth, we receive:

  • An OAuth access token and refresh token (encrypted at rest)
  • Your eBay username and seller account identifier
  • Your eBay selling policies (fulfillment, payment, return policies)

We do not receive or store your eBay password. We use eBay's official OAuth 2.0 flow.

1.3 Listing Data

  • Photos you upload for AI analysis
  • AI-generated listing content (titles, descriptions, item specifics, pricing suggestions)
  • Listing metadata (status, eBay listing IDs, publication dates)

1.4 API Keys (BYOK)

If you provide your own AI API key, it is encrypted at rest. We use it solely to make API calls on your behalf and never share it.

1.5 Payment Information

Subscription billing is handled by a trusted third-party payment processor. We store a customer identifier for billing purposes but never store credit card numbers, bank details, or other payment credentials.

1.6 Device & Mobile Data

  • Device type, operating system, and app version
  • Push notification tokens (for delivery of listing status updates and account notifications)
  • Camera and photo library access (only when you grant permission, for listing photos)

1.7 Usage Data

  • AI generation counts and token usage (for billing and rate limiting)
  • Feature usage analytics (pages visited, actions taken)
  • Device type and browser information (from standard HTTP headers)

2. How We Use Your Information

  • Provide the Service: Analyze product photos with AI, generate listing drafts, publish listings to your eBay account, and track listing status.
  • Process payments: Manage your subscription billing.
  • Communicate with you: Send transactional emails (verification, password reset, listing notifications). You can manage email preferences in Settings.
  • Improve the Service: Analyze usage patterns to improve features, fix bugs, and optimize performance.
  • Enforce our Terms: Prevent abuse, enforce rate limits, and protect the security of the platform.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share data only with:

  • eBay: Listing data (titles, descriptions, photos, prices, item specifics) is sent to eBay via their API when you publish listings. This is the core function of the Service.
  • AI Processing: Product photos and listing prompts are processed by our AI to generate listing content. If you use our built-in AI, processing goes through our systems. If you provide your own API key, it goes through your account.
  • Payment Processor: Billing information for subscription management.
  • Infrastructure Providers: We use trusted cloud service providers to host and operate the Service. Data is stored in data centers in the United States.

We may also disclose information if required by law, court order, or to protect our rights or the safety of our users.

4. eBay Marketplace Account Deletion

In compliance with eBay's Marketplace Account Deletion requirements, when an eBay user deletes their eBay account, eBay notifies us and we automatically:

  • Delete the user's eBay OAuth tokens from our system
  • Remove the eBay account connection from their Vendlists profile
  • Retain only non-eBay data (Vendlists account, listing drafts) unless the user separately deletes their Vendlists account

5. Data Security

  • Passwords are securely hashed using industry-standard algorithms (we cannot read your password)
  • eBay OAuth tokens and API keys are encrypted at rest
  • All data is transmitted over HTTPS/TLS
  • Authentication tokens are stored in secure, encrypted cookies
  • API endpoints are protected by authentication and rate limiting
  • Uploaded photos are stored privately and served via a secure content delivery network

If we discover a data breach that affects your personal information, we will notify you within 72 hours.

6. Data Retention

  • Active accounts: Data is retained while your account is active.
  • Deleted accounts: When you delete your account, we permanently remove your personal data, eBay tokens, API keys, listing drafts, and uploaded photos. This process is irreversible.
  • Rate limit records: Automatically deleted after 24 hours via TTL.
  • Webhook idempotency records: Automatically deleted after 24 hours via TTL.

7. Your Rights

You have the right to:

  • Access your data — email us and we'll provide a copy of all data we hold about you
  • Correct your data — update your profile information at any time in Settings
  • Delete your account — go to Settings → Profile → Delete Account. This permanently removes all your data.
  • Disconnect eBay — revoke our access to your eBay account at any time from Settings → eBay, or directly from your eBay account settings
  • Remove API keys — delete your stored API keys from Settings → API Keys
  • Unsubscribe from emails — every email includes an unsubscribe link. Transactional emails (verification, password reset) cannot be unsubscribed as they are necessary for account security.
  • Export your data — contact us to request a full export of your data

If you are a resident of the European Economic Area (EEA), you have additional rights under GDPR including the right to data portability and the right to lodge a complaint with a supervisory authority.

If you are a California resident, you have rights under the CCPA including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale of personal information. We do not sell personal information.

8. Cookies

We use the following cookies:

  • Session cookie — Keeps you logged in. Expires after 1 hour of inactivity.
  • Refresh cookie — Allows seamless re-authentication so you don't have to log in frequently. Expires after 30 days.
  • vendlists-theme — Your preferred color theme (localStorage, not a cookie). No expiry.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Third-Party Services

ServicePurposeData Shared
eBayListing managementListing content, photos, pricing
AI providerAI listing generationProduct photos, listing prompts
Payment processorSubscription billingEmail, subscription tier
Cloud hosting providersInfrastructure & hostingAll data (hosted in the US)
Apple App StoreIn-app purchases & subscriptions (iOS)Transaction receipts, subscription status
Google PlayIn-app purchases & subscriptions (Android)Purchase tokens, subscription status

10. Children's Privacy

Vendlists is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or your data, contact us at:

Email: hello@vendlists.com

Website: vendlists.com