This Privacy Policy explains how Appath, Inc. ("Appath," "we," "us," or "our") collects, uses, discloses, stores, protects, and deletes information when you visit appath.com, use the Appath Platform, use the optional AI Product Optimizer, or otherwise interact with Appath. By using the Services, you acknowledge the practices described in this Privacy Policy.
Overview#
The "Services" include:
- The Appath Platform — a subscription service for multichannel catalog management, channel listing management, inventory management, order routing, order accounting, and AI-assisted operational features.
- The AI Product Optimizer — a separate, optional, on-demand service that creates channel-ready product content from authorized product and catalog data.
- Appath websites, support services, integrations, and related applications.
Appath's Role#
Appath may process information in different capacities depending on the context.
For information collected directly through our website, account-registration process, billing relationship, or business communications, Appath generally acts as the business or data controller responsible for determining how the information is used.
For ecommerce, order, customer, supplier, marketplace, and sales-channel data processed on behalf of an Appath customer, Appath generally acts as a service provider or data processor. The Appath customer remains responsible for its relationship with its buyers, employees, suppliers, and other data subjects, including providing any legally required notices or obtaining required permissions.
Definitions#
For purposes of this Privacy Policy:
- Customer means a retailer, supplier, business, organization, or authorized user that uses the Services.
- Customer Data means information submitted to, stored in, synchronized with, or otherwise processed through the Services on behalf of a Customer.
- Sales Channel Data means information obtained from or submitted to a connected ecommerce marketplace, storefront, or sales channel.
- Amazon Information means information obtained through Amazon's Selling Partner API, an Amazon-authorized integration, or an authorized seller-provided Amazon export.
- Personal Information means information that identifies, relates to, describes, or could reasonably be linked with an individual.
- Amazon Customer PII means personally identifiable information relating to an Amazon customer or order recipient, such as a recipient name, shipping address, telephone number, buyer email address, or delivery instructions containing personal information.
Information We Collect#
Account and business information
We may collect:
- Name.
- Business name.
- Business email address.
- Business telephone number.
- Business and billing address.
- Job title or role.
- Account and organization identifiers.
- User permissions and access roles.
- Authentication and login metadata.
- Communication preferences.
Appath uses a managed authentication provider. Appath does not receive or store the password used with that authentication provider.
Billing information
We may collect:
- Billing contact information.
- Billing address.
- Subscription selection.
- Payment status.
- Transaction references.
- Tax-related business information where required.
Payment-card information is processed by Stripe, Appath's payment processor, and is not stored directly by Appath. Stripe may process billing, payment-method, transaction, device, and fraud-prevention information in accordance with Stripe's Privacy Policy.
Connected sales-channel information
When a Customer authorizes a sales-channel connection, Appath may receive or process:
- Seller and marketplace identifiers.
- Store and account configuration.
- Authorization and refresh tokens.
- Listings and offers.
- Product attributes and images.
- Catalog information.
- Pricing.
- Inventory.
- Orders and order items.
- Fulfillment status.
- Carrier and tracking information.
- Returns and exceptions.
- Fees, settlements, and financial events.
- Fulfillment-program information.
- Seller-specific analytics and performance reports.
- Marketplace validation messages and errors.
Supported or planned sales channels may include Amazon, Walmart Marketplace, Shopify, eBay, and other channels expressly connected by the Customer.
Order-recipient and fulfillment information
For seller-authorized fulfillment, Appath may process the minimum recipient information needed to route and fulfill an order, such as:
- Recipient name.
- Shipping address.
- Telephone number when required for fulfillment.
- Ordered SKU and quantity.
- Shipping service.
- Delivery instructions.
- Carrier and tracking information.
- Order and purchase-order references.
Appath does not use order-recipient information for independent advertising or unrelated marketing.
Catalog and supplier information
We may collect or process:
- Product titles and descriptions.
- Product attributes.
- Images.
- SKUs and supplier SKUs.
- Product variations.
- Inventory.
- Wholesale costs.
- Retail pricing.
- Supplier availability.
- Supplier account information.
- Fulfillment capabilities.
- Shipping-service mappings.
- Purchase orders.
- Supplier invoices.
- Supplier performance and exception information.
AI feature information
When a Customer uses the AI Assistant or optional AI Product Optimizer, Appath may process:
- Prompts and questions.
- Authorized product and catalog information.
- Listing content.
- Product images.
- Seller instructions.
- Brand and voice preferences.
- Non-PII listing-performance information.
- Generated content.
- Validation results.
- User feedback and approved corrections.
Communications and support information
We may collect information submitted through:
- Contact forms.
- Support requests.
- Product demonstrations.
- Early-access requests.
- Email communications.
- Surveys.
- Security reports.
- Feedback and feature requests.
Information collected automatically
When you use our website or Services, we may collect:
- IP address.
- Browser type.
- Operating system.
- Device and session identifiers.
- Login and access times.
- Pages and features used.
- Referring pages.
- Application events.
- Error information.
- Security events.
- Audit records.
- Approximate location derived from IP address.
We do not intentionally include Amazon Customer PII in ordinary application, analytics, or security logs.
Sources of Information#
Appath may obtain information:
- Directly from Customers and authorized users.
- Through sales channels authorized by the Customer.
- Through Amazon's Selling Partner API.
- From Customer-provided sales-channel exports.
- From approved suppliers and fulfillment providers.
- From shipping carriers.
- From payment processors.
- From authentication providers.
- From authorized integrations.
- From analytics, security, and monitoring providers.
- From publicly available business sources where legally permitted.
Appath does not obtain Amazon Information through unauthorized scraping, data brokers, unrelated sellers, or purchased Amazon customer datasets.
How We Use Information#
Appath may use information to:
- Create and administer accounts.
- Authenticate users.
- Provide the Services.
- Connect authorized sales channels.
- Import and manage catalogs.
- Create and update channel listings.
- Synchronize inventory.
- Retrieve and process orders.
- Route seller-authorized orders.
- Generate supplier purchase orders.
- Submit fulfillment and tracking information.
- Support Amazon FBM, FBA, and other authorized workflows.
- Process pricing and offer information.
- Reconcile fees and financial events.
- Calculate order-level accounting and profitability.
- Provide seller-specific analytics.
- Generate alerts and exception reports.
- Provide the AI Assistant.
- Provide the optional AI Product Optimizer.
- Process subscriptions and payments.
- Provide customer support.
- Improve reliability, security, and usability.
- Detect fraud, unauthorized access, and abuse.
- Investigate security events.
- Maintain audit records.
- Enforce our agreements.
- Comply with legal and regulatory requirements.
- Protect Appath, our Customers, and others.
Appath may use aggregated or de-identified information for analytics, security, product planning, and service improvement where the information cannot reasonably identify a Customer, seller, buyer, or individual.
AI and Model-Training Practices#
The AI Product Optimizer is a separate, optional service. It is not required to use the Appath Platform.
Appath may process authorized product, catalog, image, listing, and non-PII performance information to provide AI-assisted features requested by a Customer.
Appath does not:
- Send Amazon Customer PII to AI providers.
- Use Amazon Customer PII to train AI models.
- Use one seller's Amazon Information to provide another seller with competitive intelligence.
- Pool seller-specific Amazon analytics across unrelated sellers to train a shared model.
- Use Customer Data to train generalized or shared AI models without authorization.
Appath may use synthetic data, properly de-identified data, Appath-owned data, licensed data, publicly available data where legally permitted, or data for which Appath has received appropriate permission to develop, evaluate, or improve AI systems.
Where Appath uses a contracted AI service provider, information submitted to that provider is limited to what is necessary for the requested feature. Amazon Customer PII is excluded.
AI-generated content is provided as draft content or a recommendation and should be reviewed by the Customer before publication or operational use.
How We Disclose Information#
Appath does not sell Personal Information. Appath does not disclose Personal Information to data brokers and does not share Personal Information for cross-context behavioral advertising. We may disclose information in the following circumstances.
Connected sales channels
Appath submits information to the sales channels that a Customer has authorized in order to manage listings, inventory, pricing, orders, fulfillment, and other requested operations.
Seller-approved suppliers and fulfillment providers
For seller-authorized merchant fulfillment, Appath may disclose the minimum order and shipping information required to the specific supplier or fulfillment provider selected for that order.
The information may include:
- Recipient name.
- Shipping address.
- Telephone number when required.
- Ordered SKU and quantity.
- Shipping service.
- Necessary delivery instructions.
- Order or purchase-order reference.
Suppliers and fulfillment providers may use this information only to fulfill, deliver, support, or process a return for the applicable order.
Shipping carriers
Appath may provide necessary shipment and recipient information to an authorized shipping carrier to create a shipment, provide delivery service, obtain rates, or retrieve tracking information.
Infrastructure and service providers
Appath may use service providers for:
- Cloud hosting and storage.
- Authentication.
- Payment processing.
- Email delivery.
- Security monitoring.
- Error monitoring.
- Customer support.
- Analytics.
- AI processing involving approved non-PII information.
- Backup and disaster recovery.
These providers are permitted to process information only as needed to provide services to Appath and are subject to applicable contractual, confidentiality, security, and data-protection obligations.
Legal and safety purposes
Appath may disclose information when reasonably necessary to:
- Comply with law, regulation, legal process, or a valid government request.
- Protect the rights, safety, or property of Appath, our Customers, or others.
- Investigate fraud, abuse, or security incidents.
- Enforce our agreements.
- Establish, exercise, or defend legal claims.
Business transactions
Information may be transferred in connection with a merger, acquisition, financing, restructuring, bankruptcy, or sale of all or part of Appath's business or assets, subject to applicable confidentiality and legal requirements.
At the Customer's direction
We may disclose information when a Customer instructs us to do so or otherwise provides valid authorization.
Amazon Selling Partner Data#
Appath collects Amazon Information only through:
- Seller authorization.
- Amazon's Selling Partner API.
- Seller-provided Amazon reports or exports.
- Other Amazon-authorized methods.
Appath processes Amazon Information only to provide features authorized by the applicable seller, including:
- Listing and catalog management.
- Inventory synchronization.
- Order management.
- Merchant fulfillment.
- FBA-related operations.
- Pricing.
- Financial-event processing.
- Order accounting.
- Seller-specific analytics.
- Seller-specific content recommendations.
Amazon Customer PII is:
- Used only for permitted fulfillment, tax, legal, or regulatory purposes.
- Encrypted in transit and at rest.
- Restricted to authorized personnel and systems with a business need.
- Excluded from ordinary application logs.
- Excluded from AI prompts and model-training data.
- Shared only with the seller-approved supplier, fulfillment provider, or carrier that requires the information for the applicable order.
- Not sold.
- Not used for advertising.
- Not used for unrelated marketing.
- Not disclosed to unrelated sellers.
- Deleted according to the retention periods described below.
Amazon Information is not pooled across unrelated sellers to create shared competitive intelligence.
Data Retention#
Appath retains information only for as long as needed to provide the Services, satisfy authorized business purposes, maintain security, comply with law, resolve disputes, and enforce agreements.
Account and business information
Account and business information is generally retained while the account is active and for a reasonable period afterward for billing, support, security, dispute-resolution, and legal purposes.
Customer Data
Customer Data is generally retained while required to provide the Services or until the Customer deletes the data, closes the account, disconnects the applicable integration, or requests deletion, subject to legal and contractual obligations.
Amazon Customer PII
Amazon Customer PII is retained only as long as necessary for permitted order fulfillment, tax, invoicing, return, legal, or regulatory purposes.
Unless longer retention is required by law for a specific permitted purpose, Appath deletes Amazon Customer PII no later than 30 days after order delivery. Where reliable delivery information is unavailable, Appath may apply an earlier or shipment-based deletion schedule.
Amazon Customer PII retained because of a legal requirement is limited to the information legally required, segregated, encrypted, access-restricted, and deleted when the legal obligation ends.
Amazon non-PII
Amazon non-PII is retained for no longer than 18 months unless longer retention is required by applicable law or expressly permitted by Amazon.
Security logs
Security and audit logs relating to Amazon Information are retained for at least 12 months. Appath excludes Amazon Customer PII from ordinary logs unless its inclusion is specifically required by law.
Integration credentials
Authorization tokens and integration credentials are retained only while needed to operate an authorized connection. When an integration is disconnected or authorization is revoked, Appath invalidates, revokes, or deletes the applicable credentials in accordance with operational and legal requirements.
Backups
Deleted information may remain temporarily in encrypted backups until those backups expire under Appath's documented backup schedule. Backup copies are access-restricted and are not restored for ordinary business use after a valid deletion request except when required for disaster recovery, security, or law.
Data Security#
Appath maintains administrative, technical, and organizational safeguards designed to protect information. These safeguards include, as appropriate:
- Encryption in transit.
- Encryption at rest.
- Multi-factor authentication.
- Unique user accounts.
- Role-based and least-privilege access.
- Tenant and supplier data isolation.
- Network segmentation.
- Firewalls and intrusion detection or prevention.
- Centralized security logging and monitoring.
- Managed secrets and encryption keys.
- Vulnerability scanning.
- Secure development and release controls.
- Penetration testing.
- Managed and encrypted employee devices.
- Data-loss prevention controls.
- Backup and recovery procedures.
- Vendor and supplier security assessments.
- Incident-response procedures.
- Employee security training.
No system can guarantee absolute security. Customers are also responsible for securing their accounts, protecting their credentials, configuring appropriate user access, and promptly notifying Appath of suspected unauthorized access.
Account Disconnection and Data Deletion#
Customers may disconnect authorized sales channels through the applicable Appath connection controls or through the connected sales channel.
Disconnecting a sales channel:
- Stops future authorized access once revocation takes effect.
- Does not necessarily delete all previously processed information immediately.
- Does not eliminate information that must be retained for security, accounting, legal, tax, fraud-prevention, or regulatory purposes.
Instructions for disconnecting integrations and requesting deletion are available at:
Appath may verify the requester's identity and authority before fulfilling a deletion, access, or export request.
Privacy Rights and Choices#
Depending on your location, you may have rights to:
- Request access to Personal Information.
- Request correction.
- Request deletion.
- Request a portable copy.
- Request restriction of certain processing.
- Object to certain processing.
- Withdraw consent where processing is based on consent.
- Opt out of the sale or legally defined sharing of Personal Information.
- Appeal a denied privacy request where applicable.
Appath does not discriminate against individuals for exercising applicable privacy rights.
Where Appath processes Personal Information on behalf of a Customer, individuals should generally direct their request to that Customer. Appath will assist the Customer as required by applicable law and contract.
Authorized agents may submit requests where permitted by law. Appath may require proof of authority and identity verification.
Because Appath does not sell Personal Information or share it for cross-context behavioral advertising, an opt-out may not be necessary. Where legally required, Appath will recognize applicable browser-based opt-out preference signals.
Cookies and Similar Technologies#
Appath may use cookies and similar technologies to:
- Authenticate users.
- Maintain secure sessions.
- Remember preferences.
- Prevent fraud and abuse.
- Understand website and feature usage.
- Diagnose errors.
- Improve performance.
You can control cookies through your browser settings. Disabling required cookies may prevent portions of the Services from functioning.
Where required by law, Appath will request consent before using non-essential cookies.
International Data Transfers#
Appath is based in the United States. Information may be processed in the United States or other countries where Appath or its authorized service providers operate.
Where required, Appath uses appropriate contractual, organizational, or technical safeguards for international data transfers.
Children's Privacy#
The Services are intended for businesses and are not directed to children under 16.
Appath does not knowingly collect Personal Information directly from children under 16. Contact us if you believe a child has provided Personal Information to Appath.
Third-Party Services#
The Services may contain links to or integrations with third-party services.
This Privacy Policy does not govern the independent privacy practices of Amazon, Walmart, Shopify, eBay, suppliers, carriers, payment processors, or other third parties. Customers should review the privacy policies and terms of those services.
Changes to This Privacy Policy#
Appath may update this Privacy Policy to reflect changes to:
- The Services.
- Connected sales channels.
- Legal requirements.
- Security practices.
- Data-processing activities.
- Service providers.
We will post the revised policy and update the "Last updated" date. Where required, we will provide additional notice of material changes.
Contact Us#
Questions, privacy requests, data-rights requests, security concerns, and other inquiries may be submitted through Appath's contact form. Requests concerning account disconnection or deletion may also be submitted through our data-deletion page. Appath may request information necessary to verify the requester's identity, authority, account, or organization before processing a privacy, access, correction, export, or deletion request.
Wilmington, Delaware
United States