Legal

Privacy Policy

We keep this readable. Here is exactly what we collect, why, and what you can do about it.

Effective date: 1 March 2026Last updated: 1 March 2026Controller: Tactova, Inc.privacy@tactova.com

1. Who we are

Tactova (“we”, “us”, “our”) is a competitive intelligence platform for Amazon sellers. We operate the website at tactova.com and the application at app.tactova.com. When you use these services, you trust us with your data. We take that seriously.

2. Data we collect

2.1 Account data

When you create an account we collect:

  • Email address (required for authentication)
  • Display name (optional, set during onboarding)
  • Password (stored as a salted hash — we never see your plain-text password)
  • Marketplace preference and onboarding selections

2.2 Usage data

As you use Tactova we record:

  • ASINs you analyse and the marketplaces selected
  • Credits consumed and analysis job status
  • Feature usage (which sections of a result you interact with)
  • Timestamps and session metadata

2.3 Payment data

We use Stripe to process payments. We never see or store your full card number. Stripe stores payment instrument details on our behalf under PCI-DSS compliance. We retain a Stripe customer ID and subscription status on our servers.

2.4 Technical data

  • IP address and general geolocation (country/region)
  • Browser type, operating system, device type
  • Referrer URL and UTM parameters
  • Error logs and performance metrics

2.5 Data we do NOT collect

  • Your Amazon seller account credentials or Seller Central access
  • Inventory, revenue, or order data from your Amazon account
  • Any data from private or non-public Amazon sources

3. How we use your data

  • Provide and operate the Tactova service
  • Authenticate you and secure your account
  • Process payments and manage your subscription
  • Cache analysis results (30 days) to avoid duplicate credit charges
  • Send transactional emails (analysis complete, billing receipts, password reset)
  • Improve the product using aggregated, anonymised usage patterns
  • Comply with legal obligations

We do not sell your data. We do not use your data to train AI models without explicit consent. We do not send marketing emails unless you opt in.

4. Legal basis (GDPR)

For users in the European Economic Area, our legal bases are:

  • Contract performance — processing necessary to provide the service you signed up for
  • Legitimate interests — fraud prevention, security, product improvement
  • Legal obligation — compliance with applicable law
  • Consent — marketing communications (you can withdraw at any time)

5. Third-party services

ServicePurposeData shared
SupabaseAuthentication & database hostingAccount data
StripePayment processingEmail, billing details
Anthropic / xAIAI recommendation generationAnonymised product data
Rainforest / EasyparserAmazon data retrievalASINs only

6. Cookies

We use only essential cookies required for authentication (session token) and security (CSRF protection). We do not use advertising cookies or third-party tracking pixels. You can clear cookies via your browser settings; doing so will log you out.

7. Data retention

  • Account data: retained while your account is active, deleted within 30 days of account deletion request
  • Analysis results: cached for 30 days from the run date, then purged
  • Payment records: retained for 7 years per financial regulations
  • Logs: retained for 90 days for security and debugging purposes

8. Your rights

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — correct inaccurate or incomplete data
  • Erasure — request deletion of your account and associated data
  • Portability — receive your data in a machine-readable format
  • Restriction — ask us to limit how we process your data
  • Objection — object to processing based on legitimate interests
  • Withdraw consent — for any processing you have consented to

To exercise any of these rights, email privacy@tactova.com. We will respond within 30 days.

9. Data security

We use TLS encryption in transit, AES-256 encryption at rest, row-level security in our database, and least-privilege access controls for all staff. We conduct periodic security reviews and immediately notify affected users of any confirmed data breach.

10. International transfers

Tactova is operated from the United States. If you are located in the EEA or UK, your data is transferred to the US under Standard Contractual Clauses (SCCs) adopted by the European Commission.

11. Changes to this policy

We will notify registered users by email at least 14 days before any material changes take effect. Continued use of the service after the effective date constitutes acceptance. The current version is always available at this URL.

12. Contact

For privacy-related questions or requests: privacy@tactova.com
For general enquiries: hello@tactova.com