Listori

Privacy Policy

Last updated: 3 March 2026

1. Who We Are

Listori ("we", "us", "our") operates the website www.listori.app and provides AI-powered tools for Etsy print-on-demand sellers. This Privacy Policy explains how we collect, use, and protect your personal data in accordance with the UK GDPR and the Data Protection Act 2018.

For data protection queries, contact us at support@listori.app.

2. Data We Collect

Account data: Your name, email address, and password when you register.

Billing data: Payment information is processed by Stripe. We store your Stripe customer ID and subscription status but never your full card details.

Usage data: AI prompts you submit, listings and designs you generate, and trend searches you perform. This is stored to provide the Service and display your history.

Etsy data: If you connect your Etsy shop, we store your shop name, shop ID, and encrypted OAuth tokens. We retrieve order and listing data to display analytics.

Technical data: IP address, browser type, pages visited, and referring URLs, collected automatically via Vercel Analytics.

3. How We Use Your Data

  • To provide and operate the Service
  • To process payments and manage your subscription
  • To generate AI content on your behalf
  • To sync and display your Etsy shop analytics
  • To send transactional emails (account verification, billing receipts)
  • To improve the Service through aggregated, anonymised analytics
  • To comply with legal obligations

4. Legal Basis for Processing

Contract: Processing necessary to provide the Service you have subscribed to.

Legitimate interests: Security monitoring, fraud prevention, and improving the Service.

Legal obligation: Retaining financial records as required by law.

5. Data Sharing

We do not sell your personal data. We share data only with the following third-party processors:

  • Supabase — database and authentication (EU servers)
  • Stripe — payment processing
  • OpenAI — AI listing and trend generation
  • Replicate — AI image generation
  • Vercel — hosting and analytics

All processors are contractually required to handle your data in accordance with applicable data protection law.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or financial compliance purposes (typically 7 years for financial records).

7. Your Rights

Under UK GDPR, you have the right to:

  • Access — request a copy of your personal data
  • Rectification — correct inaccurate data
  • Erasure — request deletion of your data
  • Portability — receive your data in a machine-readable format
  • Restriction — limit how we process your data
  • Objection — object to processing based on legitimate interests

To exercise any of these rights, contact us at support@listori.app. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO).

8. Security

We implement appropriate technical and organisational measures to protect your data, including encrypted database connections, AES-256 encryption for sensitive tokens, and access controls. However, no system is completely secure and we cannot guarantee absolute security.

9. Cookies

We use cookies for authentication and analytics. See our Cookie Policy for full details.

10. Changes to This Policy

We may update this policy from time to time. We will notify you of material changes by email. Continued use of the Service after changes take effect constitutes acceptance of the updated policy.