AI Auto Lister

Privacy Policy

Last Updated: February 13, 2026

This Privacy Policy describes how AIAL — AI Auto Lister ("we," "our," "us") collects, uses, stores, and protects your information when you use our platform at aial.app and related services (collectively, the "Service"). By using the Service, you consent to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create an account through our authentication provider (Clerk), we collect:

• Name (first and last name)
• Email address
• Profile image URL
• Account creation date

This information is synced to our backend servers when you sign in.

1.2 Product Images & Listing Data

When you use the Service to create listings, we collect:

• Product images you upload (JPEG, PNG, WebP, GIF — up to 12 per listing, 10 MB each). Images are compressed client-side (resized to a maximum of 2048×2048 pixels, converted to JPEG at 85% quality) before being uploaded to our servers.
• Image metadata including file hashes (SHA256) and dimensions
• Listing details you provide: seller description, price, category hints, product condition, and sales strategy preferences
• AI-generated listing content: titles, descriptions, pricing suggestions, category classifications, item specifics, and comparable market pricing data

1.3 eBay Account Data

When you connect your eBay account, we receive and store:

• OAuth tokens (authorization code, access token, refresh token) used to access your eBay account on your behalf
• Business policies: your eBay payment, fulfillment, and return policy names and identifiers
• Inventory locations: merchant location names, types, and addresses (country, city, postal code)
• Profile defaults: your default marketplace, currency, listing format, and location settings
• Listing engagement metrics: views, impressions, click-through rates, and conversion rates for synced listings

1.4 Order & Fulfillment Data

When you use order management features, we retrieve from eBay:

• Order details: order IDs, dates, statuses, and item information
• Buyer information: buyer username, email, and shipping address
• Financial data: order subtotals, shipping costs, tax amounts, and totals
• Shipping information: tracking numbers, carrier details, and label data

This data is retrieved from eBay's API and displayed within the Service. We access it under the eBay OAuth permissions you granted.

1.5 Subscription & Billing Data

Subscription management and payment processing are handled by Clerk. We receive and store:

• Subscription details: plan name, status (active, canceled, past due), and billing period dates
• Usage data: AI operations used, pending, and remaining in your current billing cycle

We do not collect, store, or have access to your credit card number, bank account details, or other payment method information. All payment data is handled directly by Clerk.

1.6 Analytics Data

We compute and store analytics about your listing activity, including:

• Listing counts by status (active, sold, draft, ended, etc.)
• Pricing statistics (averages, distributions)
• Performance metrics (sell-through rate, conversion rate, average days to sell)
• Activity trends over time and category breakdowns

1.7 Misidentification Reports

If you submit a report about an AI misidentification, we collect:

• Your email address (from your account)
• Your description of the issue
• The AI's analysis data and associated image

Reports are sent via email to our team and used to improve AI accuracy.

1.8 Demo Usage Data

If you use the anonymous demo on our landing page (no account required), the image you upload is sent to our servers for AI analysis. Demo results are cached in your browser's local storage. We apply rate limiting to demo usage. No personal information is collected during demo use unless you subsequently create an account.

1.9 Camera Access

The Service may request access to your device's camera to capture product photos directly. Camera access requires your browser's explicit permission. The video feed is processed locally on your device — only captured photos you choose to upload are sent to our servers.

1.10 Automatically Collected Information

When you use the Service, we automatically collect:

• IP address: used for rate limiting and security (detected via standard HTTP headers)
• Web analytics: page views and performance metrics collected by Vercel Analytics (our hosting provider)

2. Cookies & Browser Storage

2.1 Cookies

The Service uses cookies set by our authentication provider (Clerk) to manage your login session. These are essential cookies required for the Service to function. We do not set advertising or third-party tracking cookies.

2.2 Local Storage

We use your browser's local storage to remember:

• Whether you've completed the onboarding tour
• Whether you've dismissed the welcome modal
• Demo results (for unauthenticated demo usage)
• Demo rate-limiting state

This data stays on your device and is not transmitted to our servers.

2.3 Session Storage

We use session storage (cleared when your browser tab closes) for:

• Security tokens during the eBay OAuth connection flow
• Session-level flags to prevent redundant data syncing

3. How We Use Your Information

We use collected information to:

• Provide the Service: Authenticate you, generate AI-powered listings, publish to eBay, manage inventory, display analytics, and process schedules
• Process images: Compress, analyze via AI, and transmit to eBay when you publish listings
• Manage your subscription: Track plan status and usage quotas
• Display eBay data: Show your orders, engagement metrics, and business policies within the dashboard
• Improve AI accuracy: Use misidentification reports to identify and correct AI errors
• Maintain security: Rate-limit API requests, validate inputs, and detect abuse
• Communicate: Send transactional emails related to your reports or account
• Analyze usage: Understand how the Service is used via aggregated, anonymized analytics to improve it

4. Third-Party Services & Data Sharing

We do not sell, rent, or trade your personal information. We share data with third parties only as necessary to provide the Service:

We may also disclose information if required by law, legal process, or to protect the rights, property, or safety of AIAL, our users, or the public.

5. Data Storage & Security

• User data is stored on our backend servers with encryption at rest
• All API communication is authenticated and encrypted in transit (HTTPS)
• eBay OAuth tokens are stored server-side and never exposed to the browser
• Request bodies are validated with type guards before processing
• User-generated content is sanitized to prevent injection attacks
• API endpoints are rate-limited to prevent abuse
• Webhook events are cryptographically verified before processing

While we implement industry-standard security measures, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

6. Data Retention

• Account data: Retained while your account is active. When you delete your account (through Clerk), we process account deletion on our backend.
• Listing data & images: Retained while your account is active to provide the Service. Images are accessible via time-limited signed URLs.
• eBay credentials: Retained while your eBay account is connected. Deleted when you disconnect your eBay account or delete your AIAL account.
• Subscription data: Retained for the duration of your subscription and as needed for billing records.
• Analytics data: Retained while your account is active.
• Misidentification reports: Retained for service improvement purposes.

7. Your Rights

You have the right to:

• Access the personal data we hold about you
• Correct inaccurate information in your account
• Delete your account and associated data
• Disconnect your eBay account at any time, which removes your stored eBay credentials
• Withdraw consent for camera access through your browser settings
• Clear local storage through your browser settings to remove locally stored preferences and demo data

To exercise these rights, contact us at sean@aial.app. We will respond to requests within a reasonable timeframe.

California Residents

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

8. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete it promptly.

9. International Users

The Service is hosted in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We process data in accordance with applicable privacy laws.

10. What We Do Not Collect

For clarity, AIAL does not collect:

• Credit card numbers or payment method details (handled entirely by Clerk)
• Government-issued identification
• Social Security numbers
• Demographic data (age, gender, ethnicity)
• Location data from your device (GPS)
• Contact lists or address books

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will indicate the date of the most recent revision at the top of this page. Material changes will be communicated through the Service or via email. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

12. Contact

If you have questions about this Privacy Policy or our data practices, contact us at sean@aial.app.