Privacy Policy

1. Information we collect

We collect only the information necessary to provide our services:

• Account information: name, company name, email, phone number, job title, and login credentials.
• Marketplace authorization data: with your explicit consent, business data accessed through marketplace OpenAPIs (Amazon SP-API, Shopify, TikTok Shop, Taobao/Tmall, JD, Pinduoduo, etc.), including shop information, products, orders, inventory, advertising, customer messages, refunds and reviews.
• End-consumer data: only when strictly required by your workflow (order fulfillment, customer reply, regulatory filings) we process consumer name, shipping address, contact details and order content. We do not actively collect biometric, health or other sensitive data.
• Operational logs and device data: IP, browser and OS, timestamps, operation records, cookie identifiers — used for security audit and troubleshooting.
• Payment and reconciliation data: processed by licensed payment institutions; we retain only order ID, amount and timestamp for reconciliation.

2. Purposes of use

• Provide e-commerce operations, order management, customer-service automation, analytics and ad placement.
• Run your dedicated AI models and agents and generate replies, reports and recommendations from your authorized data.
• Protect account and data security (anomaly detection, risk control, anti-fraud).
• Comply with laws, regulators and marketplace rules.
• Send product updates and event invitations after obtaining your separate consent.

3. Special statement on Amazon Information

We strictly follow the Amazon Services API Developer Agreement and Acceptable Use Policy:

• Amazon Information accessed via Amazon SP-API is used only for features that directly serve the seller who authorized that data.
• We never sell, transfer or share Amazon Information with any third party that has not been authorized by both you and Amazon.
• We do not use Amazon Information to train any general-purpose model serving other customers or released publicly. Any fine-tuning happens only inside your account's isolated data environment.
• You can revoke the TalsAI app at any time in Amazon Seller Central. We will delete the revoked Amazon Information within 30 days, except where retention is required by law.
• Personally Identifiable Information (PII) is encrypted at rest with AES-256 and in transit with TLS 1.2+, with least-privilege access and full-stack audit logging.

4. Sharing with third parties

We share information only in the following limited cases:

• Cloud infrastructure providers (Alibaba Cloud, AWS) for storage, compute and CDN, all under a Data Processing Agreement (DPA).
• AI inference providers (OpenAI, Anthropic, Alibaba Tongyi, ByteDance Doubao, etc.) — we transmit only the minimum data needed for the current task and contractually forbid retention or training use.
• Marketplaces and logistics carriers — only when executing your instructions (placing orders, printing labels, sending review invitations).
• Judicial or regulatory authorities, pursuant to a legally binding request.
• We do not sell your personal information or business data to anyone.

5. Cross-border transfers

Your shops may be located in different countries. To execute your instructions, TalsAI may transfer data between regions including Mainland China, Singapore and the United States. We rely on Standard Contractual Clauses (SCC), security assessments and Privacy Impact Assessments (PIA) to ensure transfers comply with GDPR, PIPL, CCPA and other applicable laws.

6. Cookies and similar technologies

We use strictly necessary cookies to maintain login state and session security, and analytics cookies (with your consent) to improve the product. You may reject or clear cookies in your browser, but some features may be affected.

7. Data retention

We retain data while we provide services to you. After termination, except for data we are required by law to keep (e.g. e-contracts for 5 years, tax records for 10 years), we delete or anonymize your personal information and business data within 60 days. You may request earlier deletion at any time.

8. Data security

• HTTPS enforced sitewide (TLS 1.2+); databases encrypted at rest with AES-256.
• Role-Based Access Control (RBAC); all admin operations are audited.
• Regular penetration tests, vulnerability scans and third-party security assessments.
• Employees sign NDAs and access data on a least-privilege basis.
• In the event of a security incident we will notify affected users and regulators within 72 hours as required by law.

9. Your rights

Under GDPR, PIPL, CCPA and similar laws, you have the following rights regarding your personal information:

• Access, copy, rectify and supplement your personal information.
• Request deletion or withdraw a previously granted authorization.
• Data portability (export in a commonly used format).
• Restrict or object to specific processing; opt out of solely automated decision-making.
• Lodge a complaint with your local data protection authority.

10. Children's privacy

TalsAI is a B2B service for enterprise users and is not directed to individuals under 14. If we discover that we have inadvertently collected information from a minor, we will delete it promptly.

11. Updates to this policy

We may update this Policy as laws, products or security needs evolve. Material changes will be announced in-product and by email in advance; continued use constitutes acceptance. Prior versions are available on request.

12. Contact us