Skip to main content

Privacy Policy

Effective date: April 15, 2026 · ResaleTruth

ResaleTruth ("we," "us," "our") operates resaletruth.com and the ResaleTruth application at app.resaletruth.com. This policy explains what data we collect, how we use it, and your rights. Plain English first; legalese only where it's unavoidable.

1. What we collect

Account data

When you sign up: your email address and a hashed password (we never store your plaintext password). Optionally, a display name. Authentication is handled by Supabase — your credentials are encrypted at rest.

eBay connection data

When you connect your eBay account via OAuth: we receive and store a revocable access token issued by eBay. We use this token to read your sales, fees, and listing data. We do not store your eBay password — ever. The token scope is read-only: we cannot list, relist, cancel, message buyers, or modify your eBay account in any way.

eBay requires us to provide a data deletion endpoint. If eBay sends us a deletion request on your behalf, we process it at: https://resaletruth.com/api/ebay/deletion. This removes your eBay token from our system immediately.

Sales and financial data you provide

Your item records, sourcing data, cost entries, expense logs, and any data you import via CSV. This is the core of the product. We store it to provide the service. We do not sell it, share it with advertisers, or use it to train AI models.

Billing data

Paid subscriptions are processed by Stripe. ResaleTruth does not see or store your full credit card number — Stripe handles all payment data. We receive a Stripe customer ID, your subscription status, and billing history for account management purposes.

Usage data

Standard server logs: page requests, IP addresses, browser type, referrer URLs. We use this to diagnose errors and understand which features are used. We do not run third-party ad tracking or behavioral analytics. We may add privacy-first analytics (e.g., Plausible) in future — we'll update this policy if we do.

2. How we use your data

  • To provide and improve the ResaleTruth service
  • To authenticate you and manage your account
  • To sync your eBay sales and generate profit reports
  • To process subscription payments via Stripe
  • To send transactional emails (receipts, billing alerts, account notices) — no marketing unless you opt in
  • To respond to support requests
  • To comply with legal obligations

3. Who we share data with

We use the following third-party processors. Each is under contract to handle data only as directed by us:

  • Supabase — authentication and database hosting
  • Stripe — payment processing
  • Vercel — hosting and edge delivery (resaletruth.com)
  • eBay — data source (API integration per their developer terms)

We do not sell your data. We do not share it with advertisers. We do not share it with any party not listed above, unless required by law (e.g., a valid legal subpoena, in which case we'll notify you if legally permitted to do so).

4. Data retention

Your data is retained for as long as your account is active. If you cancel and do not delete your account, we retain data for 90 days before permanent deletion. If you request deletion, we process it within one business day.

Stripe billing records are retained per their standard retention policy (typically 7 years) for tax and compliance purposes.

5. Your rights

Regardless of where you're located, you can:

  • Export your data — Settings → Export, available at any time
  • Delete your account — Settings → Account → Delete account
  • Request data deletion — email support@resaletruth.com
  • Disconnect eBay — Settings → Integrations → eBay → Disconnect
  • Opt out of marketing email — unsubscribe link in any email, or email us

GDPR residents (EU/EEA/UK): you additionally have the right to data portability, right to object to processing, and right to lodge a complaint with your supervisory authority. Contact us for a structured data export.

California residents (CCPA): we do not sell personal data. You have the right to know what we collect, request deletion, and opt out of sale (which we don't do anyway).

6. Security

Data is encrypted in transit (TLS) and at rest. eBay tokens are stored encrypted. Passwords are hashed via bcrypt (Supabase default). We do not have access to your eBay password.

No system is perfectly secure. If we discover a breach that affects your data, we'll notify you by email within 72 hours of discovery.

7. Cookies

resaletruth.com (the marketing site) uses only essential session cookies. No tracking cookies, no advertising pixels.

app.resaletruth.com uses session cookies to keep you logged in and preference cookies (e.g., dark mode). No third-party tracking cookies.

8. Children

ResaleTruth is not directed to children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has created an account, contact us and we'll remove it.

9. Changes to this policy

We'll update this page when the policy changes and note the effective date at the top. For material changes, we'll send an email to registered users at least 14 days in advance.

10. Contact

Questions about this policy or your data:
Email: support@resaletruth.com
Mailing address: ResaleTruth, 6421 N Florida Ave, D-732, Tampa, FL 33604, United States