Legal

Privacy Policy

Last updated 3 June 2026

Seller Oracle is operated by WhiteKnight Software Design - FZCO, registered in the IFZA free zone, Dubai Silicon Oasis, Dubai, United Arab Emirates (licence 87386). We are the data controller for the personal data described in this policy ("we", "us", "our"). If you have any questions, email support@selleroracle.com or write to us at IFZA, Dubai Silicon Oasis, Dubai, UAE.

What we collect

  • Account details. Your name, email address, and business name when you create an account.
  • Email data. When you connect your Google or Microsoft account or forward emails to your Seller Oracle address, we read your retailer and business emails (order confirmations, dispatch notices, delivery updates, verification codes, and expense receipts) to extract order and expense data.
  • Extracted data. The order, purchase, and expense records we build from those emails, including retailers, amounts, quantities, statuses, and attachments such as receipts and invoices.
  • Authentication tokens. If you connect Google, Microsoft, or Amazon, we store OAuth access and refresh tokens, encrypted at rest, so we can act on your behalf (reading emails or creating listings). We never see or store your account password.
  • Marketplace data. If you connect your Amazon seller account, we send listing data (ASIN, SKU, price, fulfilment method) to Amazon on your behalf to create offers on existing products. We do not access or store buyer personal information.
  • Payment information. When you subscribe, your payment is processed by Stripe. We do not store your card number or bank details. Stripe acts as an independent controller for its own fraud-prevention and compliance purposes, and as our processor for billing. See Stripe's privacy policy for details.
  • Usage and diagnostics. Basic technical logs needed to run the service and diagnose errors. We scrub personal data, email content, and tokens from these logs.
  • Feedback and support messages. When you contact us through the in-app feedback or support form, we collect your message, an optional subject, and the page you were on, together with your account email, so we can respond and improve the service.

Lawful basis for processing

Under UK GDPR, we must have a lawful basis for each type of processing we carry out. Here is how we rely on those bases:

  • Contract. Processing your account details, email data, extracted records, and authentication tokens is necessary to provide the service you signed up for. Without this processing, Seller Oracle cannot function.
  • Contract. Processing your payment through Stripe is necessary to perform the subscription agreement between us.
  • Legitimate interests. We process usage and diagnostic logs to keep the service running, detect and fix errors, and improve reliability. We have assessed that this does not override your rights, given that we scrub personal data and email content from these logs.
  • Legitimate interests. When you send feedback or a support request, we process your message and contact details to respond to you and to improve the service. We have assessed that this does not override your rights.
  • Legitimate interests. To keep the AI that powers the service accurate and cost-effective, we keep a record of the information we send to our AI provider and the results it returns, so we can evaluate and compare AI models over time and choose the best one to process your emails. We have assessed that this does not override your rights: these records are encrypted, isolated to your account, used only to evaluate and improve model quality, kept only while your account is active, and erased when you delete your account. You can object to this processing at any time.
  • Legal obligation. We retain certain billing and transaction records as required by applicable tax and accounting law.
  • Consent. If we send you marketing communications in future, we will ask for your consent first. You can withdraw consent at any time.

How we use AI to process your emails

Seller Oracle uses artificial intelligence to classify your emails and extract structured data such as order details, quantities, prices, and expense records. This is a core part of the service and is necessary to deliver the features you signed up for.

When an email arrives, its content is sent to a third-party AI provider for classification and data extraction. The AI determines whether an email is a retailer order, dispatch notice, delivery update, expense receipt, or something else, and extracts the relevant fields. The AI does not make decisions that produce legal or similarly significant effects on you. It extracts data for your review, and you remain responsible for verifying the accuracy of extracted records.

To keep this accurate and cost-effective, we also keep a record of the information we send to the AI and the results it returns, so we can test and compare AI models over time and choose the best option to process your emails. These records are encrypted, kept only while your account is active, and deleted when you delete your account. We do not use them for advertising and we do not sell them.

You have the right to query how a specific email was classified or how data was extracted. Contact support@selleroracle.com if you believe something has been processed incorrectly.

How we use Google user data

Seller Oracle requests access to your Gmail to read and label the retailer and business emails relevant to your purchase and expense tracking. We use this access only to provide and improve the features you see in the product: extracting your orders and expenses, surfacing verification codes, and organising your backend.

Seller Oracle's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. We do not use your Google data for advertising, we do not sell it, and we do not transfer it to others except as needed to provide the service, comply with the law, or as part of a merger or acquisition. Human access to Google data is restricted to what is necessary for security, to comply with the law, or where you have given consent.

How we use Microsoft user data

If you connect a Microsoft account, Seller Oracle accesses your Outlook mailbox through the Microsoft Graph API solely to read and label the retailer and business emails relevant to your purchase and expense tracking, and to provide the same user-facing features described above: extracting your orders and expenses, surfacing verification codes, and organising your backend. We do not use your Microsoft data for advertising, we do not sell it, and we do not transfer it to others except as needed to provide the service, comply with the law, or as part of a merger or acquisition.

Service providers (sub-processors)

We use a small number of trusted third-party providers to run Seller Oracle. Each receives only the data needed to perform its function, and only to provide the service to you:

  • Email access — we connect to your mailbox through your email provider's API (Google Gmail or Microsoft Outlook) to read your retailer and business emails.
  • Marketplace integration — if you connect your Amazon seller account, we send listing data to Amazon through their Selling Partner API to create offers on your behalf.
  • AI processing — a third-party AI provider classifies your emails and extracts your order and expense data.
  • Notifications — when you send feedback, a support request, or report a problem, a third-party communications provider receives that message so our team can respond.
  • Payment processing — Stripe processes your subscription payments and handles card data on our behalf.
  • Hosting and storage — cloud infrastructure providers host the application, database, and your stored attachments.
  • Email delivery — an email provider sends transactional and account emails on our behalf.
  • Error monitoring — a monitoring provider helps us detect and fix errors, with personal data and tokens scrubbed.

We do not sell your data, and we do not share it with anyone except as needed to provide the service, comply with the law, or in connection with a merger or acquisition. A current list of the specific providers we use is available on request.

International data transfers

Our company is based in the United Arab Emirates, and some of our sub-processors operate in the United States and other countries outside the United Kingdom. This means your personal data may be transferred to, stored, and processed in countries that may not have the same level of data protection as the UK.

Where we transfer personal data outside the UK, we rely on appropriate safeguards recognised under UK GDPR, including standard contractual clauses and the data protection frameworks of our sub-processors. Stripe, for example, incorporates a Data Processing Agreement and Data Transfers Addendum into its standard terms. If you would like more detail about the safeguards in place for a specific transfer, contact support@selleroracle.com.

How we protect your data

Authentication tokens and other sensitive credentials are encrypted at rest. Access to production data is restricted and your data is isolated from other accounts. We never display tokens or passwords, and we never include email content, personal data, or credentials in our logs.

Data retention

We keep different types of data for different periods:

  • Account and extracted data (orders, expenses, email logs, retailers, credentials, users) — retained while your account is active. If you delete your account, all data is permanently erased after a 14-day grace period during which you can change your mind.
  • AI evaluation records (the information sent to our AI and the results returned, used to evaluate and improve the models we use) — encrypted, retained while your account is active, and permanently erased when you delete your account.
  • OAuth tokens — disabled immediately when you disconnect your email or delete your account. Permanently deleted with your account at purge.
  • Feedback and support messages — erased from our application database with your account at purge. Because we notify our team when you submit, a copy is also delivered at that time to our support inbox and to a third-party communications provider; those notification copies are retained by those channels and are not retroactively deleted.
  • Billing records — retained for up to 7 years after your last transaction, as required by applicable tax and accounting law.
  • Usage and diagnostic logs — scrubbed of personal data and retained for up to 90 days for debugging and service reliability.

Your rights

Under UK GDPR you have the following rights over your personal data. You can exercise any of them by emailing support@selleroracle.com:

  • Access. Request a copy of the personal data we hold about you.
  • Rectification. Ask us to correct inaccurate data.
  • Erasure. Ask us to delete your data. You can also delete your account directly from your settings.
  • Restriction. Ask us to restrict processing in certain circumstances.
  • Data portability. Request your data in a structured, machine-readable format where processing is based on consent or contract.
  • Object. Object to processing based on legitimate interests.
  • Withdraw consent. Where processing is based on consent, withdraw it at any time without affecting the lawfulness of processing before withdrawal.

We aim to respond to all requests within one month.

For Google accounts, you can also revoke Seller Oracle's access directly from your Google account permissions. For Microsoft accounts, you can revoke access from your Microsoft account app permissions (personal accounts) or, for work or school accounts, from Microsoft "My Apps".

Complaints

If you are unhappy with how we handle your personal data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk/make-a-complaint or by calling 0303 123 1113. We would appreciate the chance to address your concerns first, so please contact us at support@selleroracle.com before escalating.

Cookies

Seller Oracle uses a small number of cookies that are strictly necessary to run the service:

  • Session cookie. Keeps you signed in while you use the app. This is deleted when you close your browser or when your session expires.
  • CSRF token. Protects your account against cross-site request forgery attacks. This is a security measure required by the application framework.

We do not use any analytics, advertising, or tracking cookies. Because our cookies are strictly necessary for the service to function, no consent is required under UK PECR (Privacy and Electronic Communications Regulations). If this changes in future, we will update this policy and implement a consent mechanism before setting any non-essential cookies.

Children

Seller Oracle is a business tool for Amazon sellers. It is not directed at anyone under the age of 18, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

Changes to this policy

We may update this policy as the product evolves. When we make material changes, we will update the date at the top of this page and, where appropriate, notify you by email.

Contact

For any privacy questions or requests, email support@selleroracle.com or write to: WhiteKnight Software Design - FZCO, IFZA, Dubai Silicon Oasis, Dubai, United Arab Emirates.