Privacy Policy

Effective date: March 19, 2026

FBA Prep Checker ("we," "us," or "our") respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data when you use our website, API, and Chrome extension (collectively, the "Service").

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address and encrypted password when you create an account.
  • Payment Information: When you subscribe to a paid plan, payment details (credit card number, billing address) are collected and processed directly by our payment processor, Stripe, Inc. We do not store your full credit card number, CVV, or other sensitive payment data on our servers. We only retain a Stripe customer ID and subscription ID for billing management.
  • Feedback and Support: Any information you voluntarily provide when you submit a feedback report, issue report, or contact us for support.

1.2 Information Collected Automatically

  • Lookup Data: ASINs you look up, the product category detected, and the prep requirements returned. This data is stored to provide your lookup history feature and improve our prep rules database.
  • Usage Data: Monthly lookup count per account, used to enforce plan limits.
  • Analytics: We use Vercel Analytics to collect anonymized, aggregate page-view and performance data. This does not include personal identifiers or cookies.

1.3 Chrome Extension Data

The Chrome extension stores the following data locally in your browser via chrome.storage.local:

  • Your session token (for authentication with our API).
  • A 24-hour cache of recent lookup results (keyed by ASIN).
  • The currently detected product on the active tab.

This locally stored data never leaves your browser unless you initiate a lookup or sign in.

2. What We Do NOT Collect

We believe in minimal data collection. We do not collect:

  • Your Amazon Seller Central credentials or MWS/SP-API keys.
  • Your sales data, inventory levels, or financial performance.
  • Your browsing history outside of Amazon product pages — the Chrome extension only activates on amazon.com domains.
  • Personally identifiable information beyond your email address.
  • Tracking cookies or cross-site advertising identifiers.

3. How We Use Your Information

We use your information solely to:

  • Provide, operate, and maintain the Service.
  • Authenticate your identity and manage your account.
  • Process payments and manage your subscription.
  • Enforce plan limits and prevent abuse.
  • Improve the accuracy of prep requirement rules by analyzing aggregate, anonymized lookup patterns.
  • Send important service communications, such as security alerts, billing confirmations, changes to terms, or planned downtime.
  • Respond to your support requests and feedback reports.

We do not sell, rent, or share your personal data with third parties for advertising or marketing purposes. We do not send promotional emails or newsletters unless you explicitly opt in.

4. Third-Party Service Providers

We use the following third-party services to operate the Service. Each processes data only as necessary to perform its function and is bound by its own privacy policies:

ProviderPurposeData Shared
SupabaseDatabase hosting, authenticationEmail, hashed password, lookup records
StripePayment processingEmail, payment method, billing address
VercelWebsite and API hosting, analyticsAnonymized page views, server logs

5. Chrome Extension Permissions

The FBA Prep Checker Chrome extension requests the following browser permissions:

  • storage — Save your session token and lookup cache locally in the browser. No data is sent externally without your action.
  • activeTab — Detect when you are viewing an Amazon product page and extract the ASIN, category, and product attributes for lookup.
  • host_permissions (amazon.com, API server) — The extension only operates on Amazon domains and communicates with our API server. It does not access or monitor any other websites.

6. Data Security

We implement industry-standard security measures to protect your data:

  • All data in transit is encrypted via TLS 1.2 or higher (HTTPS).
  • All data at rest is encrypted in our database (Supabase uses AES-256 encryption).
  • Passwords are hashed using bcrypt; we never store plaintext passwords.
  • Row-Level Security (RLS) is enabled on all database tables — users can only access their own data.
  • API authentication uses short-lived JWT tokens.
  • Payment data is handled entirely by Stripe, which is PCI DSS Level 1 certified.

While we take reasonable precautions to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

  • Account data (email, profile, subscription status) is retained for as long as your account is active.
  • Lookup history is retained per your plan tier (last 3 for Free, 30 days for Starter, all history for Pro).
  • Feedback reports are retained indefinitely to improve the Service.
  • After account deletion: We will delete your personal data within 30 days of your request. Aggregated, anonymized data (such as lookup volume statistics) may be retained indefinitely for service improvement purposes.
  • Billing records: We may retain billing records for up to 7 years as required by applicable tax and accounting laws.

8. Cookies and Tracking

We use minimal cookies strictly necessary for the functioning of the Service:

  • Authentication cookies: Supabase sets secure, HTTP-only session cookies to maintain your login state on the web application.

We do not use third-party tracking cookies, advertising cookies, or cross-site tracking pixels. We do not participate in any ad networks or retargeting programs.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

9.1 All Users

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal data.
  • Deletion: Request deletion of your account and all associated personal data.
  • Export: Request a machine-readable export of your data (lookup history, account information).

9.2 European Economic Area (GDPR)

If you are located in the EEA, UK, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your data based on: (a) your consent (account creation); (b) performance of a contract (providing the Service); and (c) legitimate interests (improving the Service, preventing abuse).
  • Data Portability: Right to receive your personal data in a structured, commonly used, machine-readable format.
  • Restriction: Right to request restriction of processing in certain circumstances.
  • Objection: Right to object to processing based on legitimate interests.
  • Supervisory Authority: Right to lodge a complaint with a data protection authority in your country of residence.

9.3 California Residents (CCPA/CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

  • Right to Know: You can request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • No Sale of Data: We do not sell or share your personal information for cross-context behavioral advertising as defined by the CCPA/CPRA.

10. International Data Transfers

Your data may be processed and stored in the United States, where our servers and those of our service providers are located. If you are accessing the Service from outside the United States, please be aware that your data may be transferred to, stored, and processed in a country with different data protection laws than your country of residence. By using the Service, you consent to the transfer of your data to the United States. Where required by applicable law, we rely on Standard Contractual Clauses or other approved transfer mechanisms.

11. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe that a child under 16 has provided us with personal data, please contact us at the address below.

12. Data Breach Notification

In the event of a data breach that affects your personal information, we will notify you via the email address associated with your account within 72 hours of becoming aware of the breach, as required by applicable law. We will also notify relevant supervisory authorities where legally required.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" at the top of this page and notify you by email or by posting a prominent notice on the Service at least 14 days before the changes take effect. Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the changes.

14. Contact Us

If you have questions about this Privacy Policy, want to exercise your data rights, or have a privacy concern, please contact us:

Email: yu@anyu.dev

General Support: yu@anyu.dev

We will respond to all privacy-related requests within 30 days.