Privacy Policy

1. Who we are and what this covers

PPC Pilot ("we", "us", "the Service") is an analytics and bulk-operations platform for Amazon third-party sellers, operated by J Weiner Services Inc, United States, at https://ppcpilot.net/. This Privacy Policy explains what information we collect, how we use it, how we protect it, and what rights you have over it.

By creating an account on PPC Pilot or by authorizing PPC Pilot to access your Amazon Selling Partner data, you agree to the practices described in this policy.

2. What information we collect

We collect the minimum information necessary to operate the Service:

• Account information. A username you choose, a password hash (we never store the plaintext password), an MFA secret if you enroll, and recovery-code hashes. Email address: new accounts provide an email, which we use to confirm the account at signup, to enable self-service password reset, and to send essential transactional messages (security and account notices). We verify the address by sending a confirmation link before the account is activated. Email is delivered via Resend. We do not require your name, mailing address, or other personally identifying information, and we do not use your email for marketing. Phone number is optional: if you choose to enable SMS as a backup two-factor sign-in method from your Security settings, you provide a US mobile number, which we store solely to send you sign-in verification codes (delivered via Twilio). You can remove SMS and delete your stored phone number at any time from the same Security settings page.
• Billing information. If you purchase AI Copilot credits, Stripe processes the payment on our behalf. We receive a Stripe customer identifier and the credit-pack purchased; we never see or store your card number. See Stripe's privacy policy for how they handle payment data.
• Files you upload. Amazon advertising bulk-operation exports, profit-and-loss spreadsheets, and similar files you upload for processing. These are stored on a per-account persistent volume and are never visible to other PPC Pilot users.
• Amazon Information (future). Once you authorize the Selling Partner API connection (Phase 2 of the product), PPC Pilot will retrieve advertising-performance data, sales-and-traffic reports, and similar non-PII commerce data from Amazon on your behalf. See Section 3.
• Operational logs. Standard web-server logs (timestamp, IP address, user agent, requested URL, response status) for security monitoring and abuse detection. Logs are retained for 30 days and are not used for marketing.

3. Handling of Amazon Information

When you authorize PPC Pilot to access your Selling Partner account, you grant us permission to retrieve and process the following categories of Amazon Information:

• Advertising reports (Sponsored Products, Sponsored Brands, Sponsored Display) for accounts you authorize
• Sales-and-traffic data, return-rate data, and inventory data necessary to compute the metrics PPC Pilot is designed to surface (TACoS, break-even ACoS, wasted spend, etc.)
• Account-level identifiers required by Amazon to scope each API call to the correct seller

We use Amazon Information only to provide the features you are using PPC Pilot for. We do not:

• Sell Amazon Information to any third party
• Use Amazon Information to advertise products or services to you or anyone else
• Combine Amazon Information across sellers to produce competitive benchmarks visible to other sellers
• Train any machine-learning model on Amazon Information without your explicit consent

If you revoke PPC Pilot's authorization on the Amazon side (either through the Amazon Seller Central authorization manager, or by contacting us), we will stop fetching new Amazon Information immediately and delete any cached Amazon Information from our systems within 30 days of the revocation.

4. Retention and deletion

We retain different categories of data for different periods:

• Account credentials and MFA secrets: for the lifetime of your account. Deleted within 30 days of account deletion.
• Amazon Information: deleted within 30 days of seller authorization revocation, or within 30 days of you closing your PPC Pilot account, whichever comes first.
• Uploaded files (P&L exports, bulk files): retained as long as you keep them visible in the in-app Saved Runs / Sessions list, or until you explicitly delete them. Bulk deletion of older runs is available on request.
• Billing records: retained for as long as required by US tax and accounting law (typically 7 years), then deleted.
• Operational logs: 30 days, then automatically rotated out.
• Database backups: stored encrypted on Cloudflare R2 with a 90-day rotation window. Backup contents follow the same deletion timelines as the source data above; the next scheduled backup picks up the deletion.

You can request immediate deletion of all your data — including Amazon Information, uploaded files, and account credentials — by emailing us at the address in Section 11.

5. Security and storage

We take the following technical measures to protect your data:

• Encryption in transit. All traffic to ppcpilot.net uses HTTPS with TLS 1.2 or above. HSTS is enabled to prevent protocol downgrade.
• Authentication. Passwords are stored as werkzeug PBKDF2 hashes (never plaintext). Mandatory two-factor authentication via Time-based One-Time Passwords (TOTP), with optional SMS as an additional user-selected backup factor (TOTP remains required and is never replaced). Annual password rotation enforced.
• Per-user tenant isolation. Every query against stored data filters by the requesting user's identity. One PPC Pilot user cannot read, list, or delete another user's data; admin overrides are logged.
• Encrypted-at-rest token storage (Phase 2). When PPC Pilot begins storing Amazon Selling Partner refresh tokens (Phase 2 of the product), those tokens will be encrypted at the application layer using a symmetric key stored in a Railway environment variable, separately from the database itself.
• Application-layer rate limiting on credential-sensitive routes (sign-in, signup, payment initiation) to deter credential-stuffing and abuse.
• Hosting. PPC Pilot runs on Railway's managed-container platform with a persistent volume for the SQLite database. We do not run our own servers or data centers. See Railway's security documentation for the platform-level controls.
• Off-platform backups. Daily database backups are uploaded to Cloudflare R2 (S3-compatible storage) with server-side encryption and a 90-day rotation window.
• Incident response. We follow a documented Incident Response Plan, including a commitment to report to security@amazon.com within 24 hours of detection of any security incident involving Amazon Information.

6. Sharing and disclosure

We do not sell, trade, or rent your personal information or Amazon Information to anyone. We share data only with:

• Stripe — to process credit-pack purchases. Only billing-relevant data is shared.
• Anthropic — to run the optional AI Copilot feature. When you submit a prompt to the AI Copilot, the prompt text and the snippets of your data you choose to include are sent to Anthropic's Claude API to generate a response. Anthropic's privacy policy governs that data on their side. The AI Copilot is opt-in; if you do not use it, no data leaves PPC Pilot for Anthropic.
• Resend — to deliver transactional email (signup confirmation and password-reset links). Only your email address and the message content are shared. See Resend's privacy policy.
• Twilio — only if you opt into SMS as a backup two-factor method. Your phone number is shared with Twilio solely to deliver sign-in verification codes. See Twilio's privacy policy.
• Cloudflare R2 — encrypted database backups, as described above.
• Law enforcement — only when compelled by a valid legal request and limited to the data identified in that request.

7. Your rights (GDPR, CCPA, and similar)

Depending on where you are located, you may have one or more of the following rights over your data:

• Right to access — request a copy of the data we hold about you
• Right to rectify — correct inaccurate data
• Right to delete (right to be forgotten) — request deletion of your account and associated data
• Right to data portability — receive your data in a machine-readable format
• Right to object — object to specific processing activities
• Right to withdraw consent — withdraw any consent you previously gave

To exercise any of these rights, contact us using the information in Section 11. We will respond within 30 days. We may need to verify your identity before fulfilling certain requests.

If you are in the European Economic Area or the United Kingdom, you have the right to lodge a complaint with a supervisory authority if you believe we have not handled your data correctly.

8. Cookies and analytics

PPC Pilot uses a single first-party session cookie for authentication. It is marked HttpOnly, Secure (in production), and SameSite=Lax. We do not use third-party analytics or advertising cookies on the application. The marketing landing page (the page you see before signing in) does not load third-party trackers.

9. Children

PPC Pilot is a B2B tool designed for adult professional sellers operating Amazon storefronts. We do not knowingly collect data from anyone under the age of 16. If you believe a child has signed up, please contact us and we will delete the account.

10. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top, and we will use a reasonable channel (in-app notice and/or email) to notify active users at least 14 days before material changes take effect. Continued use of PPC Pilot after the effective date constitutes acceptance of the updated policy.

11. How to contact us

Privacy questions, deletion requests, and data-access requests:

For security incidents involving Amazon Information, see also the Incident Response Plan referenced in Section 5.

This policy is governed by the laws of the United States. Where applicable, EU and UK data-subject rights apply to data received from those jurisdictions.