Privacy Policy

Last updated April 29, 2026

DataBridge AI is a tool for Amazon sellers. Once you connect your Seller Central account, we read listing, order, and inventory data on your behalf so you can manage them in one place. This page is the plain-English version of what that means for your data.

1. Scope of this policy

This covers the DataBridge AI web application and the Amazon Selling Partner API integration that runs behind it. It does not cover Amazon itself — when you click "Connect to Amazon" you're sent to Seller Central, and what happens on that page is governed by Amazon's privacy notice, not ours.

If you only browse our marketing pages and never sign in, the only thing we receive is standard server log information: request path, IP address, user agent, and timestamp. We use these to keep the service running and to investigate abuse; we don't build profiles from them.

2. What we read from Amazon

When you grant access through Login with Amazon, the authorization screen tells you exactly which scopes you're approving. We request the minimum needed for the features you use. Concretely, that usually includes:

  • An OAuth refresh token and short-lived access tokens. The refresh token is the one piece of credential material we store; access tokens live in memory and expire in roughly one hour.
  • Listing data via the Catalog Items and Listings Items APIs — ASINs, SKUs, titles, attributes, images, and the offer pricing attached to them.
  • Inventory levels via the FBA Inventory API and Reports API, including warehouse-level quantities and inbound shipments.
  • Order data via the Orders API: order IDs, line items, buyer-anonymized shipping addresses (the addresses Amazon itself returns to sellers), order status, and totals. DataBridge AI never asks for the buyer's full name, email, or phone number, even when the API would let us.
  • Aggregated performance data — Buy Box wins, advertising spend if you connect Amazon Ads, and feedback scores — when the matching feature is enabled.

We also collect what you give us directly: your email address and password (hashed with bcrypt), team members you invite, and any notes you write inside the app.

3. What we do with it

Everything we do with your Amazon data is in service of showing it back to you or acting on it on your instruction. That means: rendering dashboards, syncing edits you make in DataBridge AI back to your catalog, generating the reports and alerts you configure, and powering the search and filters across your listings.

We do not train any machine learning model on your account-level data and we do not use your numbers to benchmark other sellers. If we publish aggregate stats (e.g. "average reply time on the platform was 4.2 hours last month"), they are computed across all customers in a way that cannot be linked back to a single account.

4. Where the data lives

Application data is stored in a managed PostgreSQL database hosted on AWS, with automated daily backups retained for 30 days. Refresh tokens are encrypted at the column level using AES-256 with a key managed in AWS KMS, so a database export alone is not enough to call the Amazon API in your name.

Traffic between your browser, our servers, and Amazon's endpoints is TLS 1.2 or higher. Internally, only a small number of engineers can reach production, access is gated by SSO with mandatory hardware-key 2FA, and every database session is logged.

5. Who else sees it

We do not sell your data and we do not share it for advertising. The only third parties that see your Amazon data are the infrastructure providers we need to run the service:

  • Amazon Web Services — hosting, database, and object storage.
  • Amazon itself — every API call we make on your behalf goes to Amazon and is logged on their side under your seller account.
  • Cloudflare — edge network and DDoS protection (sees request metadata, not your seller data).
  • Postmark — transactional email (receives only the recipient address and the message we send, e.g. password resets).

We may also disclose data if we receive a valid legal request we cannot lawfully refuse. If that happens and we are permitted to tell you, we will.

6. How long we keep it

Order and listing snapshots used for reporting are retained for as long as your account is active. If you disconnect your Amazon seller account from DataBridge AI, the refresh token is purged immediately and we stop calling the SP-API on your behalf. The historical data already pulled is kept for 90 days so you can reconnect without losing your reports, then deleted.

If you delete your DataBridge AI account entirely, we wipe the primary records within 30 days. Backups age out on their normal 30-day rotation, after which nothing of yours remains.

7. Your controls

You can revoke our access at any time from inside Seller Central, under Apps & Services → Manage Your Apps. The moment you do, our next API call fails and we stop pulling new data. You don't need to ask us first.

Inside the app, the Settings page lets you export your DataBridge AI data as JSON, change your email, and delete your account. If something there isn't working, email us and a human will handle it manually.

8. Changes to this policy

When we update this page we change the "Last updated" date at the top. For changes that meaningfully expand what we collect or share, we'll send active customers an email at least 14 days before they take effect, so you have time to review and, if you'd rather not continue, disconnect.

9. Contact

Privacy questions, data requests, or anything that feels off — write to privacy@databridge-ai.com and a real person on our team will reply, usually within two business days.

© 2026 DataBridge AI. All rights reserved.