Sellura

Privacy Policy

Last updated: June 6, 2026

This Privacy Policy explains what personal data Sellura ("Sellura", "we", "us") collects when you use sellura.io, why we collect it, who we share it with, and the choices and rights you have. Sellura is a web app that turns a few product fields into an SEO-optimized Etsy listing using AI. We are not affiliated with, endorsed by, or sponsored by Etsy. If anything here is unclear, email us at support@sellura.io.

Who we are

Sellura operates the website and app at sellura.io. We are the controller responsible for the personal data described in this policy.

Our legal entity and registered address will be confirmed upon incorporation: [legal entity — to be confirmed], [registered address — to be confirmed]. For any privacy question or request, contact us at support@sellura.io.

What we collect and why

We try to collect only what we need to run the service. Here is what we store and the reason for it:

  • Account email: when you sign in with a magic link, we store your email address so we can authenticate you and contact you about your account. Sign-in is passwordless, so we do not store a password.
  • Listings you generate: the product details you enter as input and the AI-generated output (title, tags, materials, description). We store these so you can return to your generated listings and so the service can function.
  • Credits and credit ledger: your credit balance and an append-only ledger of credit changes, so we can correctly track free generations, unlocks, and what you have purchased.
  • Order and subscription metadata: records of your plan, purchases, and subscription status so we can grant the right access and provide support. Payment card details are handled by our payment provider, not by us (see Subprocessors).
  • Landing-page leads: if you submit your email through an email-capture form on our site, we store that email so we can follow up about the product.
  • Payment webhook audit logs: records we receive from our payment provider about purchases and subscription events, kept for accuracy, support, and fraud prevention.
  • IP addresses: used transiently for rate-limiting and abuse prevention. We do not use IP addresses to build advertising profiles.

We do not knowingly collect special-category (sensitive) personal data, and you should not submit any in your listing inputs.

Legal bases for processing

Where data protection law (such as the EU/UK GDPR) applies, we rely on the following legal bases:

  • Performance of a contract: to create and run your account, generate and store your listings, and process your plan and credits.
  • Legitimate interests: to keep the service secure, prevent abuse (for example, rate-limiting by IP), maintain audit logs, and improve the product — balanced against your rights.
  • Consent: where you opt in, such as submitting your email to a landing-page capture form. You can withdraw consent at any time.
  • Legal obligation: where we must retain certain records (for example, in connection with payments and tax handled by our payment provider).

How your inputs are used by AI

To generate a listing, the product details you submit are sent to Anthropic, the provider of the Claude AI model, which produces the title, tags, materials, and description.

Please avoid putting confidential information or personal data about other people into your listing inputs, since that content is processed to create your listing.

Subprocessors and sharing

We do not sell your personal data. We share data only with service providers (subprocessors) that process it on our behalf to deliver the service:

  • Supabase — database and authentication hosting (EU region).
  • Anthropic — the Claude AI model; the product details you submit are sent to Anthropic to generate your listing.
  • Lemon Squeezy — payment processing and merchant of record; they are the seller of record and handle checkout, billing, sales tax/VAT, and invoices.
  • Resend — transactional email delivery (for example, magic-link and account emails).
  • Vercel — application hosting.
  • Cloudflare — DNS and inbound email routing.

We may also disclose data if required by law, to protect our rights or users, or as part of a business transfer such as a merger or acquisition.

International data transfers

Some of our subprocessors are based in the United States, so your personal data may be transferred to and processed outside the EU/EEA and the UK.

Where this happens, we rely on appropriate safeguards for such transfers, such as the standard contractual clauses offered by the relevant provider.

Data retention

We keep personal data only for as long as we need it for the purposes described in this policy, and then delete or anonymize it.

  • Account email and listings: retained while your account is active, and for a reasonable period afterward.
  • Credit ledger, order and subscription metadata, and payment webhook audit logs: retained as long as needed for accuracy, support, fraud prevention, and any legal or accounting requirements.
  • Landing-page leads: retained until you ask us to delete them or we no longer need them.
  • IP addresses used for rate-limiting: kept only transiently and not retained long-term.

You can ask us to delete your data sooner by emailing support@sellura.io (see Your rights).

Your rights

Depending on where you live, you may have rights over your personal data, including the right to access it, correct it, delete it, export a copy (portability), object to or restrict certain processing, and withdraw consent.

To exercise any of these rights, email us at support@sellura.io. We will respond within the time required by applicable law and may need to verify your identity first.

If you are in the EU/EEA or UK and believe we have not handled your data properly, you also have the right to lodge a complaint with your local data protection authority.

U.S. state privacy rights

If you are a resident of California or another U.S. state with a privacy law, you may have additional rights, such as the right to know what personal data we collect, to request its deletion, and not to be discriminated against for exercising your rights.

We do not sell your personal data, and we do not share it for cross-context behavioral advertising. To exercise any rights, email support@sellura.io.

Cookies and tracking

We use only essential cookies needed to sign you in and keep your session active, set through Supabase authentication.

We do not use third-party advertising trackers. We do not currently use web analytics; if we add analytics in the future, we will update this policy to disclose it.

Security

We take reasonable measures to protect your data, including row-level security in our database, keeping secrets and credentials server-side, and encrypting data in transit.

No method of transmission or storage is completely secure, so we cannot guarantee absolute security. We do not hold any security certifications, and payment card data is handled by our payment provider, not by us. If you believe your account has been compromised, contact support@sellura.io.

Children

Sellura is a business tool not directed to children, and we do not knowingly collect personal data from anyone under 18.

If you believe a child has provided us personal data, contact support@sellura.io and we will take appropriate steps to delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice.

Your continued use of Sellura after an update means you accept the revised policy.

Contact

Questions, requests, or concerns about this policy or your data? Email us at support@sellura.io.

Legal entity and address details will be added once finalized: [legal entity — to be confirmed], [registered address — to be confirmed].

This page is provided for transparency and general information. It is not legal advice. Questions? Email support@sellura.io.