Privacy Policy

Last updated: 1 March 2026

1. Who we are

e-Lister is operated by [Company Name] ("we", "us", "our"), a company registered in England and Wales. We provide a multichannel listing and order management platform (the "Service") to e-commerce businesses ("Customers").

For the purposes of data protection law, we are the data controller in respect of the personal data we collect about you when you visit our website or enquire about our Service. When you use our Service as a Customer, we act as a data processor in respect of any personal data about your end customers that you pass through our platform.

For questions about this policy or to exercise your rights, contact us at: privacy@e-lister.io

2. The data we collect about you

2.1 Website visitors and enquirers

When you visit our website or submit a demo request, we may collect:

• Identity data: first name, last name, company name
• Contact data: email address, phone number
• Business data: website URL, channels you sell on, order volumes, product categories, current software in use
• Technical data: IP address, browser type and version, time zone, browser plug-in types, operating system — collected automatically by our hosting provider
• Usage data: pages visited, links clicked, time on page
• Communication data: contents of any messages you send to us

2.2 Customers using the Service

When you use e-Lister as a paying customer, we also collect and process:

• Account data: login credentials (passwords are hashed and never stored in plain text)
• Business data: your product catalogue, SKU data, inventory levels, order records, marketplace credentials (stored encrypted)
• Billing data: payment card details (processed by our payment processor; we do not store full card numbers)
• Marketplace data: data retrieved from connected marketplaces via official APIs on your authorisation, including order information that may contain your customers' personal data

3. How we use your data

We use your personal data for the following purposes and on the following legal bases:

• To respond to your demo enquiry — legitimate interests (responding to business enquiries)
• To provide and operate the Service — performance of a contract
• To process payments and manage billing — performance of a contract and legal obligation
• To send you transactional communications (account confirmations, billing notifications, service updates) — performance of a contract
• To send you marketing communications about e-Lister — consent (you may opt out at any time)
• To comply with legal obligations — legal obligation
• To improve our Service — legitimate interests
• To detect and prevent fraud and abuse — legitimate interests and legal obligation

4. Marketplace data and your customers' personal data

When you connect a marketplace to e-Lister and we retrieve order data on your behalf, that order data may include personal data about your end customers (such as buyer names, delivery addresses and contact information). In respect of this data:

• You are the data controller; we are the data processor.
• We process this data solely to provide the Service to you — specifically to display orders, facilitate dispatch, sync fulfilment status back to the marketplace, and enable buyer messaging.
• We do not use your customers' personal data for our own commercial purposes.
• We do not sell, share or disclose your customers' personal data to any third party except as necessary to provide the Service (e.g. passing a delivery address to a carrier to generate a shipping label).
• Sensitive personal data (e.g. names, addresses in order records) is handled with field-level encryption where required by the relevant marketplace's data protection policies.
• We will notify you promptly if we become aware of any personal data breach affecting your customers' data.

5. Sharing your data

We do not sell your personal data. We may share it with:

• Google Cloud Platform — our hosting and infrastructure provider. Data is stored in Google Firestore within EU/UK data centres.
• Payment processor — for billing purposes. Your card data is processed by our payment provider and is not stored on our systems.
• EmailJS — used to route demo request submissions to our team. Submission data is transmitted via their service and is subject to their privacy policy.
• Marketplace platforms — data is exchanged with the platforms you connect (eBay, Etsy, etc.) as necessary to operate the integrations. Each platform's own privacy policy governs how they handle the data.
• Law enforcement or regulatory bodies — where we are legally required to do so.

We require all third-party service providers to process your data only on our instructions and in accordance with applicable data protection law.

6. Data retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting or reporting requirements.

• Enquiry and pre-sales data: 24 months from last contact, or until you request deletion
• Customer account and billing data: for the duration of your subscription plus 7 years (to meet financial record-keeping obligations)
• Order and marketplace data: for the duration of your subscription plus 12 months, unless you request earlier deletion
• Website analytics data: 26 months (standard retention period)

7. International transfers

Your personal data is stored on Google Cloud Platform infrastructure within the UK and European Economic Area. Where any transfer outside the UK/EEA is necessary, we ensure appropriate safeguards are in place in accordance with UK GDPR, including standard contractual clauses where required.

8. Your rights

Under UK GDPR you have the following rights in respect of your personal data:

• Right of access — to request a copy of the personal data we hold about you
• Right to rectification — to request correction of inaccurate data
• Right to erasure — to request deletion of your personal data in certain circumstances
• Right to restrict processing — to request that we limit the way we use your data
• Right to data portability — to receive your data in a structured, machine-readable format
• Right to object — to object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making — we do not make automated decisions with legal or significant effects about individuals

To exercise any of these rights, please email privacy@e-lister.io. We will respond within one month. If you are unhappy with how we have handled your data, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

9. Cookies

Our website uses cookies. For full details of the cookies we use and your choices, please read our Cookie Policy.

10. Security

We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, alteration, disclosure or destruction. These include TLS encryption for all data in transit, AES-256 encryption for data at rest, access controls based on the principle of least privilege, and regular security reviews. No method of electronic transmission or storage is 100% secure; while we take every reasonable step to protect your data, we cannot guarantee absolute security.

11. Children

Our Service is directed at businesses and is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data about a child, please contact us immediately.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify existing customers of material changes by email. The current version will always be available on this page with the "last updated" date shown at the top.

13. Contact us

For any queries about this Privacy Policy or our data practices, please contact:
e-Lister — privacy@e-lister.io