Privacy Policy

1. Who We Are

AutoListing ("we", "our", "us") is the developer and publisher of the AutoListing browser extension, available on the Chrome Web Store. AutoListing is an independent product designed to help Facebook Marketplace sellers relist their products quickly and efficiently using a native browser side panel.

Our contact email is noreply@auth.autorelist.com.

This Privacy Policy governs how AutoListing collects, uses, stores, and protects personal information in connection with the use of our extension, our website, and any related services (collectively, the "Service"). By installing or using AutoListing, you acknowledge that you have read, understood, and agree to the practices described in this policy.

2. Scope of This Policy

This Privacy Policy applies to all users of the AutoListing browser extension and the AutoListing website. It covers:

• Information collected through the browser extension installed in your Chrome browser.
• Information collected through our website and landing pages.
• Information collected through our payment processor when you subscribe to a paid plan.
• Communications between you and AutoListing through email or support channels.

3. Information We Collect

Account Information

When you sign in, we collect your email address for authentication purposes. We use a passwordless, code-based authentication system — no passwords are ever stored.

Usage & Quota Data

We track the number of relists you perform each billing period to enforce plan limits (free or paid). This is stored as a simple counter tied to your account.

Subscription Status

If you subscribe to a paid plan, we store your plan type (monthly or annual), Stripe customer ID, and subscription expiration date. We do not store your credit card number or billing details — this data is handled entirely by Stripe.

Session Tokens

When you authenticate, we generate a secure session token stored locally in your browser via chrome.storage.local. Only a SHA-256 hash of this token is stored server-side.

Anonymous Error Logs

We use Sentry for anonymous error tracking to diagnose and fix bugs. Error logs may contain stack traces and browser metadata but do not contain personal information or Marketplace data.

Communications

If you contact us via email or submit uninstall feedback, we retain the content of those messages for support and product improvement purposes.

4. Information We Do NOT Collect

AutoListing is designed to be privacy-first. We explicitly do not collect:

• Passwords — We use passwordless authentication.
• Browsing history — We do not track which websites you visit.
• Facebook or Marketplace data — We do not read, store, or transmit your listing content, images, prices, buyer messages, or any other Facebook data.
• Device location — No GPS or geolocation data is collected.
• Hardware or sensor data — No device identifiers, fingerprints, or telemetry.
• Tracking pixels or third-party analytics — No Google Analytics, Facebook Pixel, or similar tracking services.
• Credit card or payment details — All payment processing is handled securely by Stripe.
• Children's data — See Section 12.

5. How We Use Your Information

We use the information we collect for the following purposes:

• Authentication: To verify your identity and create/manage your session.
• Service Delivery: To provide the relisting functionality and enforce plan-based usage limits.
• Quota Management: To track your monthly relist usage and determine remaining credits.
• Billing: To manage your subscription status and communicate with Stripe for payment processing.
• Security: To detect and prevent unauthorized access, abuse, or fraud.
• Support: To respond to your inquiries and improve our product based on feedback.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

6. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, or other jurisdictions that require a legal basis for data processing, we rely on:

• Contract Performance: Processing necessary to deliver the Service you signed up for (authentication, quota tracking, subscription management).
• Legitimate Interests: Error monitoring and security measures to maintain a functional and secure service.
• Legal Obligation: Processing required to comply with tax, accounting, or regulatory requirements.

7. Third-Party Services

AutoListing integrates with the following third-party services:

• Supabase — Backend-as-a-service used for authentication, database, and serverless functions. Supabase processes your email address and session data. Supabase Privacy Policy.
• Stripe — Payment processor used for subscription billing. Stripe processes your payment information directly and securely. AutoListing never sees or stores your card details. Stripe Privacy Policy.
• Sentry — Error tracking service used to diagnose bugs. Sentry receives anonymous error logs and browser metadata only. Sentry Privacy Policy.

8. Data Storage, Security & Retention

All server-side data is stored on Supabase-managed infrastructure with encryption at rest and in transit. Access to the database requires service-level authentication with role-based access controls.

Session tokens are stored as SHA-256 hashes — the original tokens are never stored server-side.

Authentication codes (OTP) are stored as SHA-256 hashes and expire after 15 minutes.

Retention

• Error logs: Retained for up to 14 days, then automatically purged.
• Account data: Retained as long as your account is active. Upon deletion request, data is removed within 30 days.
• Session tokens: Expire after 30 days and are revoked on logout.

9. Cookies & Local Storage

AutoListing does not use cookies for tracking or advertising.

We use chrome.storage.local (Chrome extension local storage) to store your session token for authentication persistence. This data stays on your device and is not shared externally.

10. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to any third party.

We may share data only in these limited circumstances:

• Service Providers: With Supabase, Stripe, and Sentry as described in Section 7, strictly for the purpose of delivering the Service.
• Legal Requirements: If required by law, court order, or government regulation.
• Safety: To protect the rights, safety, or property of AutoListing, our users, or the public.

11. International Data Transfers

Your data may be processed in jurisdictions outside your country of residence, including the United States and Canada, where our service providers operate. We rely on Standard Contractual Clauses (SCCs) and other approved transfer mechanisms to ensure adequate protection of your data.

12. Children's Privacy

AutoListing is not directed at individuals under the age of 13. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected data from a child under 13, we will delete it promptly.

13. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten").
• Restriction: Request that we limit processing of your data in certain circumstances.
• Portability: Request a machine-readable copy of your data.
• Objection: Object to processing based on legitimate interests.
• Withdrawal of Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at noreply@auth.autorelist.com. We will respond within 5 business days.

14. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide at least 14 days' notice before the changes take effect, via the extension or our website. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us at:

Email: noreply@auth.autorelist.com

We aim to respond to all inquiries within 5 business days.