Privacy Policy

Last Updated: May 11, 2026

This Privacy Policy explains how ShelvIQ Intelligence Private Limited ("ShelvIQ," "we," "us," or "our") collects, protects, and handles information in connection with the ShelvIQ platform and services. ShelvIQ Intelligence Private Limited is an independent software company and is not affiliated with, endorsed by, sponsored by, or acting as an agent or representative of Amazon.com, Inc. or any of its subsidiaries or affiliates.

Professional B2B Focus: ShelvIQ is a business-to-business intelligence platform. Our systems are designed to process operational brand data. We do not intentionally collect or process Amazon customer personal data such as buyer names, shipping addresses, or phone numbers, except where such data is incidentally included in seller account data, support communications, or service logs, or where processing is required for service delivery and permitted by applicable law. Where such data is incidentally processed, it is not used for any purpose beyond service delivery and is excluded from all model training pipelines.

1. Information We Collect

We collect only the data reasonably necessary to provide, maintain, secure, and improve our services. ShelvIQ collects the following categories of data in connection with the delivery of its services:

Seller Account Data: Data retrieved from your marketplace seller account(s) via official API channels (such as the Amazon Selling Partner API) upon your explicit authorisation via the OAuth 2.0 framework. This includes inventory and fulfillment data, advertising and campaign performance metrics, catalog and pricing data, and order analytics. We access only the data roles explicitly authorised by you. Where order-level data incidentally contains buyer information, such data is processed solely for service delivery and is not retained beyond operational necessity.
Technical Usage and Device Data: IP addresses, browser type, device identifiers, and dashboard interaction logs collected to maintain and improve platform performance. This data is processed by PostHog, our internal product analytics provider. PostHog may use cookies and session recording technology to capture interaction data within the ShelvIQ dashboard. This data relates to your use of the ShelvIQ platform and is not sourced from marketplace APIs. You may manage cookie preferences through your browser settings.
Contact and Account Data: Information you provide when creating an account or contacting us, including name, business email, company name, and support communications.

2. Lawful Basis for Processing

We process personal data on the following lawful bases under the Digital Personal Data Protection Act, 2023 (India) and applicable data protection standards:

Contractual Necessity: The primary basis for processing Seller Account Data is that such processing is necessary to perform the service you have contracted for. Without this processing, we cannot provide the ShelvIQ platform.
Legitimate Interests: Technical usage and device data is processed on the basis of our legitimate interest in maintaining, securing, and improving the platform, provided such interests are not overridden by your data protection rights.
Consent: Where we use anonymised, aggregated data for model training or analytics improvement purposes, we rely on your agreement to the Terms of Use, which provides an opt-out mechanism. See Section 7.3 of our Terms of Use for full details.

3. Data Usage & Processing

Data collected from your marketplace seller account is used exclusively to provide you with the insights, alerts, and reports that constitute the ShelvIQ service. We do not use your seller account data for marketing purposes or share it with other clients of ShelvIQ. We do not sell or trade your raw marketplace data to third parties.

Where anonymised, aggregated derivatives of seller account data are used for model training or platform improvement purposes, such use is governed by Section 7.3 of our Terms of Use, which provides a clear opt-out mechanism and sets out the anonymisation standards and restrictions that apply.

To ensure compliance with specific marketplace developer terms, data obtained through the Amazon Selling Partner API (SP-API) is never aggregated across Authorized Users’ businesses to provide or sell market insights, benchmarks, or competitive intelligence to third parties.

4. Data Retention & Deletion

To ensure high-performance analytics while maintaining data minimisation, we adhere to the following:

Rolling Retention: We maintain a rolling 90-day window for active operational data. Historical data older than 90 days is automatically purged unless the user has explicitly authorised extended retention for long-term trend analysis.
Revocation Deletion: If you revoke ShelvIQ's API access, all associated seller account data is flagged for permanent deletion from our active systems within 30 days of revocation.
Backup Systems: Deleted data may remain in encrypted backup systems for a limited period until overwritten in the ordinary course of business. Such backup copies are not accessible for operational use and are subject to the same security controls as active data.
Legal Retention: Notwithstanding the above, we may retain data for longer periods where required by Applicable Law, regulatory obligation, or for the purpose of resolving disputes or enforcing our agreements.

5. Security Controls

In the event of a security incident involving personal data, we will take appropriate remedial measures and notify affected parties without unreasonable delay, subject to Applicable Law and any ongoing investigation requirements.

Our infrastructure (hosted via Vercel and AWS/Supabase) is operated in accordance with the Amazon Data Protection Policy requirements:

Encryption: All data is encrypted using AES-256 at rest and TLS 1.2+ in transit.
Access Management: We enforce the Least Privilege Principle. Only authorised ShelvIQ personnel with Multi-Factor Authentication (MFA) enabled can access internal monitoring tools and production data.
Incident Response: We maintain a documented incident response plan with defined roles and 6-month review cycles. In the event of a suspected data breach involving Amazon Selling Partner data, we will notify security@amazon.com and affected users within 24 hours of detection.
Credential Security: All credentials, encryption keys, and API access tokens are stored in secure secrets management systems. We do not store credentials in public repositories or hard-code them into applications.

6. Cross-Border Data Transfers

ShelvIQ's infrastructure providers — including AWS, Supabase, and Vercel — may store and process data on servers located outside India. Where such cross-border transfers occur, we ensure that appropriate safeguards are in place, including contractual data protection obligations with our infrastructure providers consistent with applicable Indian data protection standards. By using the ShelvIQ platform, you acknowledge that your data may be transferred to and processed in jurisdictions outside India in connection with the delivery of the Service.

7. Third-Party Sub-processors

We utilise the following trusted infrastructure providers to deliver our services:

AWS / Supabase: Encrypted database storage and API execution. Data may be stored on servers located outside India.
Vercel: Dashboard hosting and frontend delivery. Data may be processed on servers located outside India.
PostHog: Internal product analytics. PostHog processes technical usage and device data only — it does not receive marketplace seller account data. PostHog may use cookies and session tracking within the ShelvIQ dashboard.

8. Data Accuracy and Service Dependencies

Data sourced via marketplace APIs (including Amazon SP-API) reflects the availability, accuracy, and latency of those APIs at the time of retrieval. ShelvIQ is not responsible for incomplete, delayed, outdated, or inaccurate data resulting from Third-Party Platform limitations, API downtime, rate limiting, or changes to marketplace data policies. Insights and reports generated through the ShelvIQ platform are intended for operational support purposes and should not be relied upon as the sole basis for business-critical decisions without independent verification.

9. Your Rights and Grievance Redressal

In accordance with the Digital Personal Data Protection Act, 2023 (India) and applicable data protection standards, you have the right to access, correct, or request the deletion of your business data stored on our platform. You also have the right to withdraw consent to data processing where consent is the applicable lawful basis, and to raise a grievance regarding the handling of your personal data.

To exercise these rights or raise a grievance, please contact our designated Grievance Officer:

Grievance Officer: Aditya Shete
Designation: Chief Technology Officer
ShelvIQ Intelligence Private Limited
C-401, 4th Floor, Surobhi Township, Dhanori, Pune City, Pune - 411015, Maharashtra, India
Email: legal@shelviq.com

We will acknowledge your request within 48 hours and respond to verified requests within 30 days. If you are not satisfied with our response, you may escalate to the Data Protection Board of India as and when such escalation mechanisms are made available under applicable law.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in marketplace requirements, applicable law, or our technical infrastructure. Material changes will be communicated via the ShelvIQ dashboard and by email to registered account contacts, with at least 15 days' prior notice before taking effect, where reasonably practicable. Continued use of the Service after notification of changes constitutes acceptance of the updated policy.

11. Contact Information

For general privacy-related queries, contact us at:

ShelvIQ Intelligence Private Limited
C-401, 4th Floor, Surobhi Township, Dhanori, Pune City, Pune - 411015, Maharashtra, India
Email: legal@shelviq.com

ShelvIQ's data handling practices are designed in accordance with the requirements of the Amazon SP-API Data Protection Policy and the Amazon Acceptable Use Policy.