← Back to home

Privacy Policy

Last updated: 14 May 2026

1. Who we are

ResellerHub is operated as a sole trader business based in the United Kingdom by Toby Harris (the “data controller” for the purposes of UK GDPR).

This Privacy Policy applies to:

For any questions about this policy or how we handle your data, contact support@resellerhub.app.

2. What information we collect

Account information

Marketplace credentials

Product and inventory data

Payment information

Usage data

Technical data

3. Why we use your data — lawful basis under UK GDPR Article 6

PurposeLawful basis
Providing the ResellerHub service to youContract — Art. 6(1)(b)
Processing your subscription paymentContract — Art. 6(1)(b)
Sending service-related communications (billing, security, account events)Contract — Art. 6(1)(b)
Privacy-friendly aggregate analyticsLegitimate Interest — Art. 6(1)(f)
Fraud prevention (trial-abuse fingerprinting, rate-limiting, breach-check on signup)Legitimate Interest — Art. 6(1)(f)
Legal obligations (e.g. HMRC tax records, GDPR data subject requests, fraud reporting)Legal Obligation — Art. 6(1)(c)

We do not engage in automated decision-making or profiling that produces legal or similarly significant effects on you.

4. Who we share your data with

We share data with these third-party processors only as necessary to provide the service. We do not sell your personal data to any third party, ever.

ProcessorPurposeLocation
StripePayment processing. Card details entered directly on Stripe-hosted forms.US (under UK/EU SCCs)
GoogleOptional sign-in via Google OAuth. Only if you choose this option.US (under UK/EU SCCs)
eBayListing data you ask us to sync to eBay on your behalf.Varies per eBay
VintedListing data you ask us to sync to Vinted on your behalf.EU
CloudflareEdge network, DDoS protection, WAF. TLS-terminates traffic to *.resellerhub.app.Global
Backblaze B2GPG-encrypted off-site database backups. Backblaze receives only encrypted blobs and cannot read them.EU (Amsterdam)
NamecheapDomain registration and email forwarding for @resellerhub.app.US
IONOSPrimary VPS hosting. Application database stored here (encrypted at rest in our database).UK (London)

5. International data transfers

Some of our processors (Stripe, Google, Cloudflare, Namecheap) are based in or process data in the United States. These transfers rely on the EU/UK Standard Contractual Clauses (SCCs) and the EU–US Data Privacy Framework where applicable.

6. How long we keep your data

If you delete your account, we will delete your personal data within 30 days, except where retention is required by law.

7. How we secure your data

We take data security seriously and implement multiple layers of protection:

For security vulnerability disclosure, see our security.txt.

8. Cookies and tracking

We use the minimum cookies needed to run the service:

No analytics cookies. No advertising trackers. Our analytics provider (self-hosted Plausible) is cookieless by design and does not collect personally identifiable information. There is no Google Analytics, no Facebook Pixel, and no third-party tracking on our pages.

9. Browser Extension (ResellerHub Connector)

Our optional browser extension, ResellerHub Connector, is required to keep your Vinted account connected to ResellerHub. It is available for Chrome, Edge, Brave and other Chromium-based browsers.

What the extension reads

The extension does not read any cookies on non-Vinted domains. It does not collect your browsing history, your location, your keystrokes, or any data outside what is described above. It makes no automated requests to Vinted on your behalf.

Where the data goes

The captured tokens and display profile are sent over HTTPS to our servers (go.resellerhub.app) where they are encrypted at rest (AES-256-GCM). They are used solely to make API calls to Vinted on your behalf — posting listings, syncing prices and stock, and marking items sold — exactly as you would do manually on Vinted’s website.

Cookie sync-back

When our server refreshes your Vinted session token (a normal part of token rotation), the extension writes the new token back into your browser’s Vinted cookie jar. This keeps your existing vinted.co.uk browser session alive across server-side refreshes. The extension only writes cookies to Vinted domains the user has previously visited.

Periodic checks

The extension runs a 15-minute background check to ensure your Vinted session cookies stay in sync with the latest server-side token. This is the only background activity. No browsing data, page content, or other tab information is read or transmitted.

User control

You can disconnect at any time from your ResellerHub Settings page. Disconnecting:

You can also uninstall the extension via your browser’s extension management page (e.g. chrome://extensions). Uninstalling removes all locally stored extension data.

10. Your rights under UK GDPR

Under UK GDPR, you have the right to:

To exercise any of these rights, email support@resellerhub.app. We will respond within 30 days.

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) at ico.org.uk if you believe we are not handling your data correctly.

11. Children’s data

ResellerHub is not intended for use by anyone under 18. We do not knowingly collect personal data from children. If you believe we hold data about a child, contact us and we will delete it.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email and/or through the app. The “Last updated” date at the top of this page tells you when the policy was most recently revised. Your continued use of ResellerHub after changes are posted constitutes acceptance of the updated policy.

13. Contact

For questions about this Privacy Policy or to exercise your rights, contact us at support@resellerhub.app.