Privacy Policy

Last updated: July 1, 2026

Who we are

Clawback (“we”, “us”) provides recovery-audit software for Amazon marketplace sellers. This policy explains what we collect, why, and the choices you have. It applies to clawback.app and the Clawback application.

What we collect

Account data. Your name, email address, and a salted hash of your password. We never store passwords in plain text.

Amazon seller data.When you connect your account through Amazon's Selling Partner API, we receive read-only report data: inventory ledger events, reimbursement reports, customer return reports, fee previews, and listing details (SKU, ASIN, title, price). We store the OAuth refresh token encrypted at rest. We do not receive and cannot access your customers' personal information, your bank details, or the ability to modify your listings.

Cost data. Unit costs you upload are used solely to compute claim values on your behalf.

Billing data. Payments are processed by Stripe. Your card number never touches our servers; we store only your Stripe customer reference and subscription status.

How we use it

To run the audits you asked for, generate claim packets, alert you about deadlines and fee changes, bill your subscription, and provide support. We do not sell or rent your data, and we do not use one seller's data to benefit another account.

Data sharing

We share data only with the processors needed to run the service: our hosting provider, our database provider, Stripe (billing), and Resend (transactional email). Each processes data solely on our instructions. We will disclose data if legally compelled, and we'll tell you unless prohibited.

Amazon's requirements

Our use of Selling Partner API data follows Amazon's Data Protection Policy: data is encrypted in transit and at rest, retained only as long as needed to provide the service, and never used for any purpose other than the audits you authorized.

Retention & deletion

Disconnecting your Amazon account deletes all synced report data and findings immediately. Deleting your Clawback account removes all remaining personal data within 30 days, except invoices we must retain for tax law.

Your rights

You can access, correct, export, or delete your data at any time from Settings or by emailing privacy@clawback.app. EU/UK residents have the rights described in the GDPR, including complaint to a supervisory authority; California residents have the rights in the CCPA.

Changes

If we make material changes to this policy we'll email you at least 14 days before they take effect.