ProfitWire Privacy Policy
Version v1.1 · Effective Date: July 9, 2026
ProfitWire LLC ("ProfitWire," "we," "our," or "us") operates ProfitWire, ProfitScan, RipTracker, and related services (collectively, the "Services") at www.getprofitwire.com. This Privacy Policy explains what information we collect, why we collect it, how we use and protect it, and the choices and rights you have.
Our core commitments. You own your data. We never sell your personal information. We use your data only to provide the Services you have requested. Marketplace access can be revoked by you at any time. Access tokens and other credentials are encrypted at rest.
1. Information We Collect
1.1 Account Information
- Name and email address
- Password (stored only as a salted hash)
- Business or store name (optional)
- Subscription plan, billing status, and Stripe customer identifiers
- Authentication metadata (sign-in timestamps, IP, user agent)
1.2 Inventory and Business Data You Provide
- Inventory records, SKUs, quantities, cost basis and notes
- Card images uploaded for ProfitScan / RipTracker identification
- Purchase records, expenses, break sessions, and cost allocations
- Manual sales, adjustments, and reconciliation notes
1.3 Marketplace Integration Data
When you connect an eBay account (or another supported marketplace) we receive the following via that marketplace's official APIs, using the scopes you authorize:
- Active, sold, and ended listings
- Orders, transactions, fees, and refunds
- Marketplace account identifiers and shop metadata
- OAuth access and refresh tokens
You can revoke this access at any time from the Integrations screen in your account, or directly from the marketplace. Revoking access stops further sync and invalidates the stored tokens.
1.4 Financial Information
Subscription payments are processed by Stripe. We do not store or have access to full card numbers, CVCs, or bank account numbers. We receive limited billing metadata (last four digits, card brand, country, subscription status) from Stripe to display your billing state and enforce plan entitlements.
1.5 AI Processing Inputs
Features such as ProfitScan card identification, OCR, and AI-powered business insights process the images, text, and structured business data you submit. This processing is performed to return a result to you and to improve accuracy for your own account. We do not use your business data or uploaded content to train third-party foundation models.
1.6 Technical and Usage Information
- Device type, operating system, and browser
- IP address and approximate location derived from it
- Pages viewed, features used, and error diagnostics
- Cookies and similar technologies (see our Cookie Policy)
2. How We Use Information
- Operate, maintain, and secure the Services
- Authenticate you and protect your account
- Sync marketplace listings, orders, and inventory
- Run OCR, card identification, valuations, and analytics
- Generate reports, dashboards, and business insights for you
- Process subscriptions, invoices, refunds, and taxes
- Provide customer support and respond to your requests
- Detect, prevent, and investigate fraud, abuse, and security incidents
- Comply with legal obligations and enforce our Terms of Service and Acceptable Use Policy
3. Legal Bases for Processing (GDPR / UK GDPR)
If you are located in the European Economic Area, the United Kingdom, or Switzerland, we process your personal data on the following legal bases:
- Contract. To deliver the Services you have signed up for.
- Legitimate interests. To secure the Services, prevent abuse, and improve reliability and accuracy.
- Consent. For optional cookies, marketing communications, and marketplace connections you initiate.
- Legal obligation. To meet tax, accounting, and regulatory requirements.
4. Sharing of Information
We do not sell your personal information and we do not share it for cross-context behavioral advertising. We share information only in the following limited situations:
- With sub-processors that host, secure, or operate the Services (see Section 5).
- With marketplaces you have connected, to carry out actions you initiate.
- When required by law, subpoena, court order, or lawful government request.
- To protect the rights, safety, or property of ProfitWire, our users, or the public.
- In connection with a merger, acquisition, financing, or sale of assets — subject to the confidentiality commitments of this Policy (see Section 12).
5. Third-Party Processors
We rely on a small number of vetted service providers who act as data processors on our behalf:
- Supabase — managed Postgres database, authentication, storage, and edge functions.
- Stripe — subscription billing and payment processing.
- eBay APIs — marketplace listing, order, and inventory sync (with your authorization).
- Cloudflare — content delivery, DDoS protection, and edge hosting.
- Transactional email provider — sign-in, verification, receipts, and support communications.
- Product analytics provider — first-party usage analytics for product improvement.
- AI providers — inference for OCR, card identification, and AI-powered insights.
Each sub-processor is bound by a data processing agreement and confidentiality obligations. We continually review this list and will update this Policy when it changes materially.
6. International Data Transfers
Our infrastructure is primarily hosted in the United States. If you access the Services from outside the U.S., your information will be transferred to, stored in, and processed in the U.S. or other jurisdictions where our sub-processors operate. Where required, we rely on Standard Contractual Clauses and equivalent safeguards to protect international transfers.
7. Data Retention
We retain personal information for as long as your account is active and for a reasonable period afterward for the following purposes:
- To comply with tax, accounting, and legal record-keeping obligations (typically up to 7 years for financial records).
- To resolve disputes, prevent fraud, and enforce our agreements.
- To restore accounts in the event of accidental deletion.
Backups are rotated on a rolling schedule and residual data in backups is deleted within 90 days of the corresponding production deletion.
8. Security
We implement administrative, technical, and organizational safeguards appropriate to the sensitivity of your data, including:
- TLS 1.2+ for all data in transit
- AES-256 encryption of data at rest, including marketplace OAuth tokens
- Row-level security policies on every user-owned table
- Role-based access control and least-privilege service credentials
- Continuous logging, monitoring, and dependency scanning
See our Security page for the full program. No system is perfectly secure — if you believe your account has been compromised, contact us immediately at support@getprofitwire.com.
9. Your Rights
9.1 Rights of all users
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Export your data in a portable format
- Delete your account and associated personal data
- Object to or restrict certain processing
- Withdraw consent for optional processing at any time
You can exercise these rights from the Data Request page or the Privacy & Security section of your account settings.
9.2 GDPR / UK GDPR
Residents of the EEA, UK, and Switzerland have the additional right to lodge a complaint with their local supervisory authority. Where you are the data subject, our lawful basis for each processing activity is listed in Section 3.
9.3 California (CCPA / CPRA)
California residents have the right to know what personal information we collect, use, disclose, and (if applicable) sell or share; the right to delete personal information; the right to correct inaccurate information; the right to limit use of sensitive personal information; the right to portability; and the right to be free from retaliation for exercising these rights. We do not sell personal information and we do not share it for cross-context behavioral advertising.You may exercise your CCPA/CPRA rights via /data-request or by emailing support@getprofitwire.com. Authorized agents may submit requests with written proof of authorization.
10. Children's Privacy
The Services are not directed to children under 16 and we do not knowingly collect personal information from anyone under 16. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Cookies and Analytics
We use strictly necessary cookies for authentication and session management, plus limited first-party analytics to understand aggregate product usage. Details are available in our Cookie Policy.
12. Business Transfers
If ProfitWire is involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity. Any successor will remain bound by the commitments in this Privacy Policy or will provide you with notice and, where required, the opportunity to object before your data is subject to a materially different policy.
13. Changes to this Policy
We may update this Policy from time to time. When we make material changes we will update the effective date at the top of this page and, where appropriate, notify you by email or in-app notice.
14. Contact
Questions or requests regarding this Policy can be sent to support@getprofitwire.com. Our mailing address and additional contact channels are available on the ProfitWire website.