Privacy Policy
Last updated: June 10, 2026
Who we are
Undercut (undercutpricer.com) is an automated eBay repricing service operated by a solo founder. Questions about this policy: nuvent66@gmail.com.
What we collect
- Account: your email address and password. Passwords are stored only as a salted PBKDF2-SHA256 hash — never in plaintext.
- Store connection: the eBay OAuth tokens you authorize. They are encrypted at rest (Fernet/AES) and used only to read your listings, check competitor prices, and apply the price updates you enable.
- Listing and pricing data: eBay item IDs, titles, current prices, the floors/ceilings you set, competitor low prices, and a log of every price change we make.
- Billing: handled entirely by Stripe. We never see or store card numbers — only your Stripe customer ID and current plan.
- Early-access list: if you join it, your email and a first-touch source tag (e.g. which page or campaign you came from).
- Server logs: basic request logs for security and debugging.
How we use it
To run repricing on your behalf, send transactional and lifecycle email (welcome, trial reminders, account notices), provide support, and prevent abuse. AI disclosure: listing and pricing data (titles, prices, competitor prices — never your credentials) may be processed by Anthropic's Claude models to tune repricing aggressiveness on plans with AI features.
Processors we rely on
- Stripe — payments and subscriptions
- SendGrid — email delivery
- Render — API and database hosting
- Vercel — website hosting
- Anthropic — AI pricing advisor
- eBay — the marketplace APIs you authorize
What we never do
- Sell or rent your data.
- Share your data for advertising.
- Post, message, or change anything on your eBay account beyond the price updates you explicitly enable.
Retention and deletion
We keep your data while your account is active. Email us to delete your account and all associated data. Disconnecting your store revokes our eBay access; you can also revoke it any time from your eBay account settings.
Cookies and local storage
We store a login token and your first-touch source in your browser's localStorage. We do not use third-party advertising trackers.
Security
TLS everywhere, OAuth tokens encrypted at rest, passwords hashed, and every API request scoped to your own account's data.
Your rights
You can request access, correction, export, or deletion of your data at any time by emailing nuvent66@gmail.com.
Children
Undercut is for business use by adults 18 and over.
Changes
If this policy changes materially we'll update this page and the date above, and notify active customers by email.