Privacy Policy
Last updated: April 4, 2026
Cordite Labs Pvt Ltd ("Cordite Labs," "we," "us," or "our") operates the CorditeOS platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.
1. Information We Collect
Account Information
When you create an account, we collect your name, email address, and password. Passwords are hashed and stored securely by our authentication provider (Supabase).
Amazon Seller Data
When you connect your Amazon Seller Central account via the Selling Partner API (SP API), we access and process data including but not limited to: product listings, inventory levels, order history, financial reports (settlements, fees), advertising campaign data, and brand analytics reports. This data is used solely to provide the analytics and automation features of CorditeOS.
Amazon Credentials
SP API tokens (OAuth refresh tokens) are encrypted at rest using AES-256 encryption. We never store your Amazon Seller Central password. If you optionally provide Seller Central login credentials for the automated scraper feature, those are also encrypted at rest and used only for fetching Brand Analytics data not available via the SP API.
Usage Data
We collect standard server logs (IP address, browser type, pages visited, timestamps) to maintain service reliability and security.
2. How We Use Your Information
- To provide, operate, and maintain the CorditeOS platform
- To process and analyze your Amazon seller data for dashboards, reports, and AI-powered recommendations
- To execute automated actions (repricing, restocking, listing updates) that you have approved or configured
- To generate AI-powered insights and strategy recommendations using large language models
- To communicate with you about your account, updates, and support requests
- To detect and prevent fraud, abuse, and security incidents
3. AI and Large Language Model (LLM) Usage
CorditeOS uses artificial intelligence, including third-party large language models (such as Anthropic Claude), to provide features including but not limited to: data analysis, strategy recommendations, listing optimization suggestions, pricing insights, and automated action proposals.
- Data sent to AI providers: We send aggregated and contextual seller data (such as product performance metrics, listing content, and market data) to AI providers for analysis. We do not send your account credentials, passwords, or raw API tokens to AI providers.
- AI provider data policies: Third-party AI providers process your data in accordance with their own privacy policies and data processing agreements. We select providers that do not use customer data for training their models.
- No guarantee of accuracy: AI-generated outputs are probabilistic and may contain inaccuracies. They should be treated as recommendations, not guarantees. You are responsible for reviewing AI-generated recommendations before acting on them.
- Automated actions: When you configure automation settings, AI-driven actions (such as price changes, bid adjustments, or listing updates) may be executed on your Amazon account. These actions are governed by your autopilot configuration and guardrail settings.
4. Third-Party Services
We share your data with the following categories of third-party services, only as necessary to operate CorditeOS:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Authentication & database | Account info, application data |
| Amazon Web Services (AWS) | Cloud hosting, storage, compute | All platform data (encrypted at rest and in transit) |
| Anthropic (Claude AI) | AI-powered analysis & recommendations | Aggregated seller data for generating insights (no raw credentials) |
| Amazon SP API | Seller data ingestion & action execution | API tokens and seller operations |
| Keepa | Product tracking & competitor analysis | ASINs for enrichment |
We do not sell your personal information or Amazon seller data to any third party.
5. Data Storage & Security
- All data is stored on AWS infrastructure in encrypted form (AES-256 at rest, TLS 1.2+ in transit)
- API credentials are encrypted with application-level encryption before database storage
- Database access is restricted via Row-Level Security (RLS) policies ensuring tenant isolation
- We conduct regular security reviews and follow OWASP best practices
6. Data Retention
We retain your account data and seller data for as long as your account is active. If you request account deletion, we will delete your personal data and seller data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., financial records for tax compliance).
7. Your Rights Under GDPR (EU/EEA Users)
If you are located in the European Economic Area, you have the following rights:
- Right of Access — request a copy of the personal data we hold about you
- Right to Rectification — request correction of inaccurate data
- Right to Erasure — request deletion of your personal data
- Right to Restriction — request we limit processing of your data
- Right to Data Portability — receive your data in a structured, machine-readable format
- Right to Object — object to processing based on legitimate interests
- Right to Withdraw Consent — withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at contact@corditelabs.com.
8. Your Rights Under CCPA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell personal information)
- Non-discrimination for exercising your privacy rights
9. Cookies
We use essential cookies for authentication and session management. For details, see our Cookie Policy.
10. Children's Privacy
CorditeOS is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date.
12. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:
- Email: contact@corditelabs.com
- Company: Cordite Labs Pvt Ltd