Privacy Policy.
The short version
- We collect only what we need to run Consigner for you — your email, your application details, your account, and (when you connect them) your marketplace data.
- We never sell your data. Not to advertisers, not to data brokers, not to anyone. Ever.
- Your card details go directly to Stripe — they never touch our servers.
- Passwords are stored hashed with a modern algorithm — we cannot read them, and neither can anyone else.
- Your business data is yours. Export it and walk away whenever you want; email us and we'll delete everything.
- Questions, requests, complaints: team@consigner.ai — a human reads every message.
- Who we are
- Information we collect
- How we use your information
- Legal bases for processing
- When we share information
- Connected marketplace data
- Cookies & tracking
- How we protect your information
- How long we keep it
- Your rights & choices
- Regional disclosures (GDPR / CCPA)
- Children
- International transfers
- Changes to this policy
- Contact us
1.Who we are
Consigner (“Consigner,” “we,” “us,” or “our”) operates the website consigner.ai and the Consigner application — an AI-assisted operations platform for professional resellers that connects marketplace accounts (such as StockX, eBay, Alias, Grailed, Poizon, Mercari, Poshmark, Whatnot, and Shopify) into a single dashboard.
This Privacy Policy explains what information we collect, why we collect it, how we protect it, and the choices you have. It applies to our website, waitlist and application forms, checkout, customer accounts, and the Consigner application itself (together, the “Service”).
We are based in the United States. For anything privacy-related, contact us at team@consigner.ai.
2.Information we collect
Information you give us directly
- Waitlist signups: your email address and the page you signed up from.
- Early-access applications: your name, email, the platforms you sell on, approximate monthly sales volume, inventory on hand, how you keep your books today, your store / Instagram / website link, an optional phone or Telegram handle, and anything you tell us about your workflow. We ask for this so we can onboard you properly — nothing more.
- Account registration: your email address and a password. The password is immediately hashed (see Section 8) — we never store or see it in readable form.
- Billing: your selected plan and billing cycle. Your payment card details are collected and processed directly by Stripe, our payment processor — they are never transmitted to, stored on, or readable by our servers. We receive only non-card metadata from Stripe (e.g., a customer reference, subscription status, and the email on the payment).
- Correspondence: anything you send us by email or through the Service.
Information collected automatically
- Log data: IP address, request timestamps, pages requested, and basic device/browser information — standard web-server logs used for security, rate-limiting, and debugging.
- Session cookie: when you log in, we set a single essential cookie so you stay logged in. See our Cookie Policy.
Information from your connected platforms
When you connect a marketplace or store to Consigner, we access the data needed to operate the Service for you — such as your listings, inventory, orders, sales, fees, and payouts on those platforms. This is described in Section 6.
What we do not collect: we do not collect government IDs, precise geolocation, biometric data, or health data, and we do not scrape or purchase personal data about you from data brokers.
3.How we use your information
- To provide the Service — run your dashboard, sync your marketplaces, keep your books, and carry out the actions you approve.
- To manage your account — authentication, sessions, plan management, and billing through Stripe.
- To respond to you — waitlist notifications, application review, onboarding, and support. When you apply, your application is emailed to our team so a human can read it.
- To keep the Service safe — rate-limiting, abuse and spam prevention (including honeypot fields on our forms), fraud detection, and debugging.
- To improve the Service — understanding aggregate usage so we can fix what's broken and build what's missing. Where we analyze usage, we prefer aggregated or de-identified data.
- To comply with the law — tax, accounting, and lawful requests from authorities.
We do not sell your personal information and we do not share it with third parties for their own marketing. We do not use the contents of your business data (your sales, margins, suppliers) for anything other than operating the Service for you.
4.Legal bases for processing
Where laws such as the EU/UK GDPR apply, we process your information on these bases:
- Contract — to provide the Service you signed up for (account, sync, billing, support).
- Legitimate interests — securing the Service, preventing abuse, improving features, and communicating with applicants — balanced against your rights.
- Consent — where required, e.g., optional marketing communications. You can withdraw consent at any time.
- Legal obligation — where we must retain or disclose information under applicable law.
6.Connected marketplace data
Consigner works by connecting to the platforms you already sell on. When you connect an account:
- We access only the data needed to operate the features you use — listings, inventory, orders, fees, payouts, and related records.
- Credentials and tokens for connected platforms are stored encrypted, and are used solely to act on your behalf within the Service.
- Consigner takes actions on your connected accounts under your configuration and approval. You remain the owner and controller of those accounts.
- Disconnecting a platform stops our access to it. You can ask us to delete previously synced data at any time.
8.How we protect your information
Protecting your information is a core design requirement of the Service, not an afterthought:
- Encryption in transit: all connections to consigner.ai are forced over HTTPS/TLS.
- Password protection: passwords are hashed with scrypt — a modern, deliberately slow, salted hashing algorithm. We cannot recover your password; we can only reset it.
- Hardened sessions: login cookies are HttpOnly (inaccessible to page scripts), Secure (HTTPS-only), and cryptographically signed so they can't be forged or tampered with.
- Payment isolation: card data goes straight from your browser to Stripe, a PCI-DSS Level 1 certified processor. It never passes through our infrastructure.
- Abuse controls: rate-limiting, request-size limits, input validation, and spam honeypots on all public forms.
- Least access: access to production data is limited to what is strictly needed to operate and support the Service.
No method of transmission or storage is 100% secure, and we cannot guarantee absolute security — but if we ever learn of a breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law, without undue delay.
9.How long we keep it
- Waitlist & application data: kept while we evaluate and onboard applicants; deleted on request at any time.
- Account data: kept while your account is active. After cancellation, we retain account records for a reasonable period in case you return, then delete or de-identify them. You may request immediate deletion.
- Synced marketplace data: kept while the platform is connected and for the operation of your historical books; deleted on request or on account deletion.
- Billing records: retained as required for tax and accounting law.
- Server logs: retained briefly for security and debugging, then rotated out.
10.Your rights & choices
Wherever you are, we extend these rights to you. You can ask us to:
- Access — get a copy of the personal information we hold about you.
- Correct — fix anything that's inaccurate.
- Delete — erase your personal information (“right to be forgotten”), subject to records we're legally required to keep.
- Export — receive your data in a portable format.
- Restrict or object — limit how we process your information.
- Withdraw consent — for anything based on consent, at any time.
To exercise any of these, email team@consigner.ai from the address on your account. We respond to every verified request, normally within 30 days, and we will never discriminate against you for exercising your rights.
11.Regional disclosures
European Economic Area & United Kingdom (GDPR)
If you are in the EEA or UK, the rights in Section 10 apply as legal rights under the GDPR/UK GDPR, alongside the legal bases in Section 4. You also have the right to lodge a complaint with your local supervisory authority — though we'd appreciate the chance to resolve any concern directly first.
California (CCPA/CPRA)
If you are a California resident: we do not sell or “share” (as defined by the CPRA) your personal information, and we have not done so in the preceding 12 months. The categories we collect are described in Section 2; the business purposes in Section 3; the service providers in Section 5. You have the rights to know, delete, correct, and port your information, and the right not to be discriminated against for exercising them. Submit requests to team@consigner.ai.
Other US states
Residents of states with comparable privacy laws (Virginia, Colorado, Connecticut, Utah, and others) have equivalent rights, which we honor through the same contact.
12.Children
The Service is a business tool intended for adults. It is not directed at anyone under 18, and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.
13.International transfers
We are US-based and our infrastructure is hosted in the United States. If you access the Service from outside the US, your information will be transferred to and processed in the US, where privacy laws may differ from those in your jurisdiction. Where required, we rely on appropriate safeguards (such as standard contractual clauses with our processors) for such transfers.
14.Changes to this policy
We may update this policy as the Service evolves. When we do, we'll change the “Last updated” date at the top — and for material changes, we'll notify you by email or a prominent notice on the site before they take effect. Continued use of the Service after changes take effect means you accept the updated policy.
15.Contact us
For anything in this policy — questions, requests, complaints, or just to check we're doing what we say:
Email: team@consigner.ai
A human reads and answers every message.