Privacy Policy
Last updated: September 2025 - SalesFortuna LLC
1.Introduction
SalesFortuna LLC is a US-based Amazon PPC automation platform. This Policy applies to: website visitors, prospects who submit contact forms, account holders, and customers who connect Amazon accounts to use our Services.
Controller: SalesFortuna LLC, 8 The Green STE B, Dover, DE 19901, United States.
Contact: support@salesfortuna.com2.Information We Collect
Information you provide
- Account and profile: name, email address, company name, role, timezone, and account preferences.
- Contact and support: name, email, company, and message contents when you submit forms or contact us.
- Billing: subscription plan and invoice history. Payment card data is handled directly by Stripe - we do not store full card numbers.
Information collected automatically
- Usage and device: IP address, browser type, operating system, pages visited, click events, session identifiers, referrer URLs, and approximate location derived from IP.
- Cookies and tracking: we use cookies and similar technologies for authentication, analytics, and (where you consent) marketing.See our Cookie Policy for full details.
Information from integrations
- Amazon SP-API and Amazon Ads API: advertising campaign data, keywords, search terms, placements, budgets, bids, and performance metrics - accessed only with your explicit authorization.
- Stripe: payment status, masked card details (last 4 digits), and transaction records.
3.How We Use Information
- Providing the Services: delivering PPC automation, bid optimization, campaign analytics, and reporting. Legal basis: contract.
- Billing and payments: processing subscriptions, invoicing, fraud prevention. Legal basis: contract, legal obligation.
- Security and reliability: logging, debugging, incident response, access controls. Legal basis: legitimate interests.
- Product improvement: usage analytics, A/B testing, performance monitoring. Legal basis: legitimate interests.
- Communications: product updates, feature announcements, support responses. Legal basis: contract and, where required, consent.
- Legal compliance: tax records, regulatory obligations, enforcing our Terms of Use. Legal basis: legal obligation.
Where we rely on consent - such as for non-essential cookies or marketing emails - you can withdraw it at any time via your account settings or by contacting us.4.Amazon Account and Advertising Data
When you connect your Amazon account, we access advertising and seller data solely to deliver the Services you have enabled. This includes campaign entities, keyword and placement data, search term reports, budgets, bids, and performance metrics.
- Your role: you are the controller of your Amazon data.
- Our role: we act as processor, operating only on your documented instructions via product settings and API authorization scopes.
- Buyer PII: we do not intentionally ingest buyer personal information. If buyer PII is incidentally present in Amazon data, we apply masking and access restrictions consistent with Amazon's data policies.
- Access controls: minimum required API scopes, credential vaulting, role-based access, and MFA on administrative systems. You can revoke our access at any time from your Amazon Seller Central or Advertising Console.
- Retention: Amazon data is retained while your integration is active. Upon disconnection or account deletion, we begin deletion within 30-90 days unless legal obligations require otherwise.
5.Cookies and Tracking Technologies
We use cookies, pixels, and similar technologies on our website. These fall into four categories: necessary, functional, performance, and targeting/marketing.
EU and UK visitors will see a consent banner for non-essential cookies. We honor Global Privacy Control (GPC) signals by treating them as an opt-out of applicable tracking.
For full details on what we use, why, and how to manage your preferences, see our Cookie Policy.
6.Payment Processing
Payments are processed by Stripe. When you enter card details, they are submitted directly to Stripe's secure payment infrastructure. SalesFortuna does not store, transmit, or have access to your full card number or CVV.
We receive only masked card information (card brand, last 4 digits) and transaction status from Stripe for billing and support purposes.
7.Data Storage and Security
Data is stored on AWS infrastructure in the United States and Europe. We implement appropriate technical and organizational measures including:
- Encryption in transit (TLS) and at rest where applicable
- Role-based access control and least-privilege principles
- Credential vaulting and MFA on administrative systems
- Regular backups and incident response procedures
- Vendor security due diligence
No method of transmission or storage is completely secure. We continuously improve our security program.
8.International Data Transfers
SalesFortuna is based in the United States. If you are accessing our Services from the EEA, UK, or another jurisdiction with data transfer restrictions, your data may be transferred to and processed in the US.
Where required, we rely on EU Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum as the legal basis for these transfers, together with supplementary technical and organizational safeguards.
9.Data Retention and Deletion
- Account data: retained for the life of your account plus up to 24 months, or shorter if required by law.
- Marketing contacts: until you unsubscribe or 24 months after last interaction.
- Logs and telemetry: typically 90-365 days.
- Billing records: as required by applicable tax and accounting laws (typically 6-10 years).
- Amazon integration data: deleted within 30-90 days of account disconnection or termination, unless legal obligations apply.
To request deletion of your data, contact us at support@salesfortuna.com.
10.Your Rights
EEA, UK, and Switzerland (GDPR / UK GDPR)
You have the right to access, rectify, erase, restrict, or port your personal data, and to object to processing. You may also withdraw consent and lodge a complaint with your local supervisory authority.
United States (CCPA / CPRA and similar state laws)
California residents and residents of other applicable US states have rights to know, access, correct, delete, and opt out of the sale or sharing of personal data. We do not sell or share personal data for cross-context behavioral advertising. If this changes, we will add a "Do Not Sell or Share" link and update this Policy.
How to exercise your rights
Email us at support@salesfortuna.com. We will verify your identity and respond within applicable legal timelines.
11.Third-Party Services
We work with the following categories of third-party service providers:
- Stripe: payment processing.
- Amazon (SP-API / Ads API): advertising data integration, subject to Amazon's own data policies and your authorization.
- AWS: cloud infrastructure and data storage.
- Meta Pixel: website analytics and advertising measurement (used where you consent to targeting cookies).
- Analytics and monitoring tools: product telemetry and performance monitoring.
- Email and CRM tools: transactional and marketing communications.
All processors operate under data processing agreements with confidentiality and security obligations. Our website may also contain links to third-party sites; their privacy practices are governed by their own policies.
12.Changes to This Policy
We may update this Privacy Policy from time to time. The updated version will be posted with a new "Last updated" date. For material changes, we will notify you via email or a prominent in-product notice.
13.Contact Information
Annex A - Regional Disclosures
California (CCPA / CPRA)
Rights to know, access, correct, delete, and opt out of sale or sharing of personal data; right to limit use of sensitive data; non-discrimination. We do not sell or share personal data. Authorized agent requests accepted with written authorization.
Colorado, Connecticut, Virginia, Utah
Rights to access, delete, correct (where applicable), portability, opt out of targeted advertising or sale, and appeal certain decisions.
EEA / UK / Switzerland
Controller/processor roles as described in Section 4. Transfers rely on EU SCCs and UK IDTA. Data subject rights per Section 10.