Privacy Policy

Information We Collect

When you create an account with Peaklyst, we collect personal information necessary to provide our services. This includes your name, email address, billing information, and company details. When you connect your Amazon Seller account through the Selling Partner API (SP-API), we access listing data, performance metrics, keyword rankings, and other marketplace information required to deliver optimization recommendations.

We also collect usage data automatically as you interact with our platform. This includes which features you use, how often you access the platform, the optimization actions you take, and general device and browser information. Our analytics system (Umami) is cookieless and GDPR-compliant by design, tracking only aggregate page views without personally identifiable information.

Peaklyst does not access, store, or process Amazon buyer Personally Identifiable Information (PII). Our integration uses only non-restricted SP-API roles limited to catalog, listings, and aggregate performance data.

How We Use Your Information

We use the information we collect to deliver and improve our services. Specifically, we use your data to power AI-driven listing optimization, generate keyword research insights, calculate quality scores, produce performance analytics, and run autopilot optimization cycles. Your billing information is used exclusively to process subscription payments through our payment processor.

We may also use your email address to send transactional notifications about your account, optimization results, and important service updates. You can manage your communication preferences at any time from your account settings. We never use your data for advertising purposes or share it with third-party advertisers.

Data Sharing and Third Parties

We share your data only with the third-party services required to operate our platform. Our payment processor (Stripe) receives billing information to process subscriptions. Our cloud infrastructure providers host your data with enterprise-grade security. Our analytics service (Umami) processes anonymized, cookieless page view data only.

We access your Amazon marketplace data through the official Selling Partner API under your authorization. This data flows through Amazon's secure API infrastructure. We do not sell your personal data to anyone, under any circumstances.

Amazon Seller Data

When you connect your Amazon Seller account, we access listing content (titles, bullet points, descriptions, backend keywords), performance metrics (sessions, conversion rates, BSR rankings, Buy Box percentage), keyword data (search terms, rankings, search volume), and PPC campaign data (bids, impressions, clicks, ACoS).

This data is used exclusively to power our optimization services. We analyze your listings to generate quality scores, identify keyword opportunities, produce AI-optimized content, and track performance improvements over time. Your Amazon data is never shared with competitors or other sellers. Each customer's data is strictly isolated through row-level security policies.

Cookies and Tracking

Peaklyst uses a minimal, privacy-first approach to tracking. Our analytics platform (Umami) is entirely cookieless and does not use any tracking cookies, fingerprinting, or persistent identifiers. It collects only anonymous, aggregate page view data and is fully compliant with GDPR, CCPA, and PECR without requiring cookie consent banners.

We use essential cookies only for authentication session management when you are logged into the application. These are strictly necessary for the service to function and cannot be opted out of while using the platform. We do not use any third-party tracking cookies, advertising pixels, or social media trackers.

Data Security

We take the security of your data seriously. All data is encrypted at rest and in transit using industry-standard encryption protocols (TLS 1.3 for data in transit, AES-256 for data at rest). Our infrastructure runs on Kubernetes with strict network policies and non-root container execution.

Customer data is isolated at the database level through row-level security (RLS) policies, ensuring that no customer can access another customer's data even in the event of an application vulnerability. We conduct regular security reviews and maintain access logging for all sensitive operations.

In the event of a security incident affecting Amazon marketplace data, we will notify Amazon within 24 hours of discovery, as required by Amazon's Data Protection Policy.

Data Retention

We retain your account data and Amazon marketplace data for as long as your account is active and you maintain an active subscription. Performance history and optimization records are retained to provide trend analysis and long-term tracking capabilities.

Upon account closure or deletion request, we initiate a 30-day grace period during which you can export your data or reactivate your account. After this period, all personal data and Amazon marketplace data associated with your account is permanently deleted from our systems, including backups, within 90 days.

If you revoke Peaklyst's authorization in Seller Central, we will cease accessing your Amazon data immediately and delete all stored Amazon marketplace data within 30 days.

Your Rights

Depending on your jurisdiction, you may have specific rights regarding your personal data:

Under GDPR (EU/EEA residents): You have the right to access, rectify, delete, port, and restrict processing of your personal data. You may also object to processing based on legitimate interests and withdraw consent at any time.

Under CCPA (California residents): You have the right to know what personal information we collect, request deletion of your data, and opt out of any sale of personal information (though we do not sell personal data).

To exercise any of these rights, contact us at [email protected]. We will respond to all legitimate requests within 30 days.

International Transfers

Our services are operated from infrastructure located in the European Union and the United States. If you access our services from outside these regions, your data may be transferred to and processed in these locations. We ensure appropriate safeguards are in place for any international data transfers, including standard contractual clauses approved by the European Commission.

Children's Privacy

Peaklyst is a business-to-business service designed for Amazon sellers and is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will delete it.

Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, or legal requirements. For material changes, we will notify you by email at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of our services after changes take effect constitutes acceptance of the revised policy.

Data Controller

The data controller responsible for your personal data is:

tupevo S.àr.l.-S
12, Rue du Château d'Eau
L-3364 Leudelange, Luxembourg
RCS Luxembourg: B306404
VAT: LU37375443

Supervisory authority: Commission Nationale pour la Protection des Données (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg — https://cnpd.public.lu

Contact Us

If you have questions about this privacy policy, your personal data, or our privacy practices, contact us at:

• Email: [email protected]
• General inquiries: Contact page