Back

Privacy Policy

Effective April 17, 2025

1. Who We Are

Snakk Industries, LLC operates GrailBot. This policy explains what data we collect, how we use it, and your rights. Contact us at admin@grailbot.ai with any questions.

2. Data We Collect

Account data

Email address and password (hashed) when you sign up. Managed by Supabase Auth.

eBay OAuth tokens

When you connect your eBay account, we store your eBay OAuth refresh token, encrypted at rest (AES-256-GCM), to perform searches and watchlist additions on your behalf. We never store your eBay username or password.

eBay Data

This application accesses eBay data through the eBay Developer APIs. Your use of eBay-related features is also subject to eBay's User Privacy Notice and eBay's User Agreement. eBay listing data displayed in this application is sourced from eBay's APIs and is shown only to the authenticated user whose account retrieved it.

Search configuration

The saved searches, signals, filter rules, and preferences you create.

Listing data

eBay listing metadata (title, price, seller, URL, images) retrieved during scheduled runs. Retained for 90 days, then automatically purged.

Usage data

Aggregate usage counters (AI calls, search runs, listings processed). No individual browsing or session tracking beyond what Supabase Auth requires.

Billing data

Payment is processed by Stripe. We store your Stripe customer ID and subscription status. We do not store full card numbers or CVVs.

3. How We Use Your Data

  • To run scheduled eBay searches and add listings to your watchlist
  • To evaluate listings using AI against your custom signals
  • To manage your subscription and billing
  • To send transactional emails (account, billing, optional run summaries)
  • To enforce tier limits and prevent abuse

We do not sell your data, use it for advertising, or share it with third parties except the subprocessors necessary to operate the Service (Supabase, Stripe, Anthropic, Inngest, Vercel).

4. AI Processing

Listing titles and metadata are sent to Anthropic's Claude API for AI analysis. Your prompts and AI Search Builder inputs are also processed by Anthropic. Please review Anthropic's Privacy Policy for how they handle API data.

5. Data Retention

  • Listing data: 90 days, then automatically purged
  • Run logs: 90 days
  • Search configuration and signals: retained until you delete them or your account
  • eBay tokens: deleted immediately when you disconnect eBay or delete your account
  • Billing records: retained as required by law (typically 7 years)

6. Your Rights

Depending on your jurisdiction, you may have rights to access, correct, delete, or export your data. To exercise these rights:

  • Delete your account and all associated data from your account settings
  • Disconnect eBay at any time from Settings → eBay, which revokes our OAuth access
  • Email us at admin@grailbot.ai for data export or other requests

7. Security

eBay tokens are encrypted at rest using AES-256-GCM. All data is stored in Supabase with row-level security ensuring users can only access their own data. Connections are TLS-encrypted in transit.

8. Cookies

We use only essential cookies required for authentication (Supabase Auth session). No tracking, advertising, or analytics cookies.

9. Children

The Service is not directed at children under 13. We do not knowingly collect data from children.

10. Changes

We'll notify you by email before material changes to this policy take effect.

11. Contact

Privacy questions or requests: admin@grailbot.ai

Terms of ServiceHome