Opsius Privacy Policy

1. Introduction

Opsius ("we", "our", or "us") provides an AI-powered commerce operating system that helps Amazon sellers eliminate operational waste. We respect your privacy and are committed to protecting it through our compliance with this policy.

2. Scope

This policy applies to information we collect on opsius.ai, through our platform, and via any related services. It applies to seller data accessed through the Amazon Selling Partner API (SP-API) and Amazon Advertising API as well as any data you voluntarily provide.

3. Information We Collect

• Amazon SP-API Data — Orders, order items, returns, refunds, inventory levels, listings, pricing, fulfillment details, fees, settlements, financial transactions, business reports, seller analytics, and notification events.
• Amazon Advertising API Data — Campaigns, ad groups, keywords, targeting settings, bidding data, impressions, clicks, conversions, sales performance, attribution metrics, portfolio management, and creative assets.
• Third-Party Market Intelligence — Product pricing history, sales rankings, stock availability, competitor analysis, review data, and Buy Box information from the Keepa API.
• Cross-Customer Analytics — Anonymized, aggregated insights and benchmarks derived from our customer base to provide industry context and performance comparisons.
• Contact & Account Information — Name, email address, phone number, company details, billing information, and account preferences.
• Usage & System Data — Application logs, API usage patterns, performance metrics, error reports, IP addresses, and device/browser information.
• Buyer PII (Restricted) — Limited personally identifiable information (name, shipping address) accessed via SP-API Restricted Data Tokens solely for label generation and audit workflows; never stored at rest.

4. How We Use Information

We use collected data to:

• Generate forensics, root-cause analyses, and performance recommendations.
• Provide, maintain, and improve our services.
• Authenticate users and secure accounts.
• Comply with Amazon's SP-API and Advertising API Data Protection Policies and Acceptable Use Policies.
• Bill for usage via Stripe.
• Monitor system performance and reliability through Sentry and Datadog.
• Send transactional emails and notifications via Postmark.
• Store and archive historical data in AWS S3 for long-term analysis.
• Manage user authentication and session security through Clerk.

5. Sharing & Disclosure

We do not sell or rent your data. We share it only with:

• Amazon APIs (SP-API & Advertising API) to retrieve, refresh, and synchronize your authorized data.
• Keepa API to obtain competitive market intelligence and pricing data.
• Service Providers under strict confidentiality: AWS (infrastructure & storage), Stripe (billing), Postmark (email), Sentry (error tracking), Datadog (monitoring), and Clerk (authentication).
• Anonymized Insights may be aggregated across our customer base to provide industry benchmarks; no individual customer data is shared.
• Law Enforcement when legally required by valid court orders or government requests.

6. Data Retention

Amazon API data is retained for the duration of your subscription or until you request deletion. Third-party market intelligence (Keepa) is cached for 24 hours and refreshed as needed. Cross-customer analytics use only anonymized, aggregated data with no individual customer identification. Historical data archives may be retained for up to 7 years for analytical purposes, subject to your data-deletion rights. Buyer PII retrieved through Restricted Data Tokens is processed in-memory and discarded once the operation completes; it is never written to disk.

7. Security

Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). Access is limited by role-based controls. We follow the security controls mandated by Amazon's SP-API DPP. Opsius maintains an incident-response plan aligned with NIST 800-61 and will notify impacted customers within 72 hours of any confirmed security incident. A SOC 2 Type II audit is in progress; the latest report is available under NDA upon request.

8. Your Rights

You may request access, correction, export, or deletion of your personal data at any time by emailing privacy@opsius.ai. GDPR and CCPA requests are honored within 30 days.

9. Updates

We may update this policy. Material changes will be notified via email or dashboard.

10. Contact

Questions? Email privacy@opsius.ai or write to Dexium Labs LLC, 3000 View Drive, Woodstock, GA 30189, USA.