Privacy Policy

This Privacy Policy explains how Sales Fortuna LLC ("Sales Fortuna", "we", "us", "our") collects, uses, discloses, and protects Personal Data when you visit salesfortuna.com (the "Site"), create an account, or use our products and services related to Amazon advertising and brand management (the "Services").

• • Controller: Sales Fortuna LLC, 8 The Green STE B, Dover, DE 19901, USA.
• • Contact: support@salesfortuna.com
• • EU/UK Representative (if appointed): Details will be provided on request.

If you are in the EEA/UK, Sales Fortuna generally acts as controller for website and account data, and as processor for Amazon seller/advertising data processed on your instructions (see §7).

• 1. Scope

  This Policy covers: (a) website visitors; (b) prospects who submit forms; (c) account holders; and (d) customers who connect Amazon accounts for PPC automation/analytics.

• 2. Key Definitions

  • • Personal Data - any information relating to an identified or identifiable person.
  • • Processing - any operation performed on Personal Data.
  • • Amazon Data - data retrieved via Amazon SP API / Amazon Ads API under your authorization (e.g., campaigns, ad groups, keywords/targets, search terms, placements, budgets/bids, performance metrics, and related diagnostics).
  • • Cookies/Similar Tech - browser cookies, SDKs, pixels, local storage, device identifiers.

• 3. Data We Collect

  3.1 Data you provide

  • • Account & Profile: name, email, password (hashed), company, role, timezone, preferences.
  • • Leads & Support: name, email, phone, company, message contents; marketing preferences.
  • • Subscription & Billing: plan, tax/VAT/registration info, invoice history; card data is handled by our payment processor (e.g., Stripe); we do not store full card numbers.
  • • Content/Uploads: optional brand assets, listing info you provide for consulting/services.

  3.2 Data collected automatically

  • • Usage & Device: IP address, device/browser type, OS, pages viewed, events (e.g., clicks), session IDs, referrer/UTM, language, time-zone; approximate location (derived from IP).
  • • Cookies/SDKs: for essential operations, authentication, analytics, preferences, fraud prevention, and (where applicable) marketing. See Cookie Policy Summary (§10) and Cookie settings in the product footer or banner.

  3.3 Data from third parties/integrations

  • • Amazon SP-API / Amazon Ads API (with your authorization): advertising entities and performance/attribution metrics necessary to provide the Services you enable.
  • • Processors/Partners: payment provider returns payment status, masked card details (brand/last4), failure codes; analytics providers return aggregated metrics; email/CRM tools provide delivery/open data.

• 4. Purposes & Legal Bases (GDPR)

  • • Billing & Collections: Managing subscriptions, invoicing, fraud/abuse prevention. Legal Basis: Contract, Legitimate Interests, Legal Obligation.
  • • Product Operation & Security: Logs, debugging, incident management, access controls. Legal Basis: Legitimate Interests (security), Legal Obligation.
  • • Analytics & Improvement: Collecting telemetry, A/B testing, product improvement. Legal Basis: Legitimate Interests (improvement).
  • • Marketing Communications: Product updates, offers, newsletters. Legal Basis: Consent (where required), Legitimate Interests.
  • • Compliance & Enforcement: Tax, accounting, regulatory compliance, and enforcing Terms of Service. Legal Basis: Legal Obligation, Legitimate Interests.

  Where we rely on consent (e.g., for non-essential cookies or marketing), you can withdraw it at any time via settings or links in messages.

• 5. Sharing & Disclosures

  We do not sell Personal Data and we do not share it for cross-context behavioral advertising as defined by the CPRA. If that ever changes, we will (a) update this Policy; and (b) display a "Do Not Sell or Share My Personal Information" link.

  We disclose data only to:

  • • Service Providers/Processors: hosting/cloud, databases, monitoring/logging, analytics/telemetry, email/CRM, support tooling, and payment processing (e.g., Stripe). Processors act under contracts and confidentiality/security obligations.
  • • Professional advisors & compliance recipients: auditors, banks, insurers, legal authorities where required by law.
  • • Corporate events: merger, acquisition, financing, or sale of assets (subject to confidentiality and notice where required).

  A current list of material processors is available upon request.

• 6. International Transfers

  We may process data in countries outside your own (e.g., US). Where required, we rely on safeguards such as EU Standard Contractual Clauses (SCCs) (and UK Addendum) plus supplementary measures.

• 7. Amazon Data: Roles, Access, Retention

  When you connect your Amazon account(s), we process Amazon Data solely to deliver the Services you enable (e.g., generate campaign recommendations, optimize bids/placements, analyze search terms, report performance).

  • • Your Role: Controller of Amazon Data.
  • • Our Role: Processor (we act on your documented instructions through the product settings, API scopes, and ToS).
  • • PII Minimization: we do not intentionally ingest buyer PII; if PII is incidentally present, we apply masking, least-privilege access, and retention minimization in line with Amazon policies.
  • • Access Controls: minimum scopes, credential vaulting, role-based access, MFA on admin systems; you can revoke access in your Amazon console at any time.
  • • Retention: we retain Amazon Data while the integration is active; upon disconnection/termination we start deletion or archival within 30-90 days, unless lawful obligations or legitimate interests require longer retention (e.g., billing disputes, fraud prevention).

• 8. Security

  We employ administrative, technical, and organizational measures appropriate to the risk (encryption in transit/at rest where applicable; role-based access; least privilege; credential vaulting; MFA on admin systems; backup/recovery; vendor due diligence; incident response). No method is 100% secure; we continuously improve our program.

• 9. Data Retention (general)

  • • Account data: life of account + up to 24 months (or shorter if required by law).
  • • Leads/marketing: until you unsubscribe or 24 months after last interaction.
  • • Logs/telemetry: typically 90-365 days.
  • • Billing records: as required by tax/accounting laws (often 6-10 years).
  • • Amazon Data: see §7.

• 10. Cookie Policy Summary

  We use the following categories of cookies/tech:

  • • Strictly Necessary: auth sessions, load balancing, security.
  • • Functional: preferences, product features.
  • • Analytics/Performance: product telemetry, page/app performance.
  • • (Optional) Marketing: remarketing, audience measurement (used only with consent in jurisdictions that require it).

  EU/UK visitors will see a consent banner controlling non-essential cookies. We respect Global Privacy Control (GPC) signals by treating them as an opt-out for applicable tracking/“sharing.”

• 11. Your Privacy Rights

  11.1 EEA/UK/Swiss (GDPR/UK GDPR)

  You may have rights to access, rectify, erase, restrict, port, or object to processing, and to withdraw consent at any time. You may also lodge a complaint with your local supervisory authority. To exercise rights, email support@salesfortuna.com.

  11.2 United States (CCPA/CPRA & similar laws)

  Residents of California (and, as applicable, CO/CT/VA/UT and other states) may have rights to know/access, correct, delete, opt-out of sale/sharing, limit use/disclosure of sensitive data, and appeal certain decisions. We do not sell or share Personal Data for cross-context behavioral advertising. If this changes, we will provide a “Do Not Sell or Share” link and update this Policy. Submit requests at support@salesfortuna.com. We will verify your request and respond within applicable timelines.

  11.3 Do Not Track (DNT) & GPC

  Industry standards for DNT are not uniform; we currently do not respond to DNT signals. We do honor GPC as described in §10.

• 12. Third-Party Links

  Our Site may link to third-party sites/services. Their privacy practices are governed by their own policies.

• 13. Children

  Our Services are not directed to children. We do not knowingly collect Personal Data from anyone under 16 (or under 13 in the U.S. COPPA context). If you believe a child provided data, contact us for deletion.

• 14. Changes to This Policy

  We may update this Policy. We will post the updated version with a new “Last Updated” date and, where required, provide additional notice. Material changes will also be highlighted in-product or via email.

• 15. Contact

  • Sales Fortuna LLC
  • 8 The Green STE B, Dover, DE 19901, USA
  • Email: support@salesfortuna.com

• Annex A - Regional Disclosures (Summary)

  • • California (CCPA/CPRA): rights to know, access, correct, delete, portability, opt-out of sale/sharing, limit sensitive data use; non-discrimination; authorized agent process. We do not sell/share Personal Data.
  • • Colorado/Connecticut/Virginia/Utah: rights to access, delete, correct (where applicable), portability, opt-out of targeted advertising/sale, and profiling with significant effects; right to appeal.
  • • EEA/UK/Swiss: controller/processor roles (§7), SCCs for transfers (§6), DSRs per §11.1.

• Annex B - Cookie Categories (Examples)

  • • Strictly Necessary: session_id, auth_token, load balancer cookies.
  • • Functional: locale, theme, product feature toggles.
  • • Analytics: app telemetry IDs, page performance timers.
  • • Marketing (where enabled): ad reach/remarketing pixels.

  A detailed cookie table with names, providers, purposes, and lifetimes is available upon request and will be linked from the banner.