OmniHubX
Back to home

Privacy Policy

Effective date: June 15, 2026

OmniHubX ("OmniHubX", "we", "us") is the data controller and operator of the OmniHubX platform, a multi-channel commerce service that helps sellers manage products, orders and inventory across Amazon, Etsy, TikTok Shop and Shopee. This Privacy Policy explains what information we collect, how we use and protect it, how long we keep it, and the choices you have.

By creating an account or connecting a marketplace, you agree to the practices described in this policy.

1. Information we collect

  • Account information — your name, email address and password. Passwords are hashed with bcrypt and never stored in plain text.
  • Marketplace connection credentials — OAuth access and refresh tokens issued by Amazon, Etsy, TikTok Shop and Shopee when you authorize a connection, plus shop/store identifiers and shop profile information. These tokens are encrypted at rest with AES-256-GCM.
  • Seller shop data — within the scope you authorize: products, listings, orders, inventory, buyer messages, finance statements and payout records, retrieved through the marketplaces' official APIs.
  • Buyer personal information (buyer PII) — to fulfill orders we process the buyer information contained in each order, such as recipient name, shipping address, phone number and order details, so that shipments and shipping labels can be produced. We process this information on your behalf and use it only to fulfill the order it belongs to.
  • Usage and log data — technical information such as IP address, browser type and actions performed, used for security and troubleshooting.

2. How we use your information

We use your information solely to provide and improve the service:

  • Synchronize and display your products, orders, inventory and finances across connected marketplaces.
  • Perform actions you request, such as publishing listings, updating stock, arranging shipments, generating shipping labels and replying to buyers.
  • Authenticate you, secure your account, prevent abuse and provide customer support.
  • Send essential service notifications, for example when a marketplace connection needs re-authorization.

We never use buyer PII for advertising, profiling or any purpose other than fulfilling the order it belongs to.

3. We do not sell your data

We do not sell, rent or trade your personal data, your shop data or buyer PII to any third party.

We share data only in these limited cases:

  • Marketplace APIs — we transmit data to the official Amazon, Etsy, TikTok Shop and Shopee APIs to carry out the actions you request.
  • Shipping and fulfillment — where you use direct-to-consumer (DTC) shipping or print-on-demand, we share the minimum buyer PII required to produce shipping labels and complete delivery.
  • Infrastructure providers — trusted hosting and database providers that process data on our behalf under confidentiality obligations.
  • Legal requirements — when required by applicable law, regulation or valid legal process.

4. Data security

We apply technical and organizational safeguards to protect your data:

  • Marketplace tokens and other secrets are encrypted at rest using AES-256-GCM (keys derived with Argon2id).
  • Passwords are hashed with bcrypt.
  • Each customer's data is isolated using database row-level security (RLS), so tenants can never access each other's data.
  • Traffic between your browser, our servers and marketplace APIs is encrypted in transit with TLS.

5. Data retention

We retain your account and shop data while your account remains active. When you disconnect a marketplace, we stop syncing and delete the connection credentials. When your account is deleted, all associated personal and shop data is removed from our production systems within 30 days, except where retention is required by law (for example tax records).

Buyer PII processed for fulfillment is retained for no longer than 30 days after the related order is completed, after which it is deleted or anonymized, unless a longer period is required by law or tax obligations. This aligns with Amazon's Acceptable Use Policy (AUP) and Data Protection Policy (DPP).

6. Platform-specific compliance

We handle each marketplace's data in accordance with that platform's developer and data policies:

  • Amazon — we comply with the Amazon Selling Partner API Acceptable Use Policy (AUP) and Data Protection Policy (DPP). Amazon buyer Personally Identifiable Information is used only to fulfill orders (including DTC shipping and shipping labels), is encrypted in transit and at rest, is never used for advertising, and is retained for no more than 30 days after order completion unless required by law.
  • Etsy — we access Etsy data only within the scopes you authorize and use it solely to operate your shop on your behalf.
  • TikTok Shop — we handle TikTok Shop data in accordance with TikTok's developer policies; data is accessed only within authorized scopes and is never sold or used for advertising.
  • Shopee — we access Shopee Open Platform data only within authorized scopes and use it solely to provide the service to you.

For every marketplace, when you disconnect a shop we revoke and delete the associated access tokens and stop syncing new data; previously synced data is deleted on your request or when your account is deleted.

7. Your rights and choices

  • Access, correct, export or delete your personal data — contact us using the details below; we respond to verified requests within 30 days.
  • Revoke a connection at any time from the Connections page in the app — tokens are deleted and syncing stops immediately. You can also revoke access from the seller center of each marketplace.
  • Delete your account and data — see our Data Deletion page or email [email protected].

8. Cookies

We use only cookies that are necessary to operate the service: httpOnly session cookies that keep you signed in securely, and preference cookies that remember your language and theme. We do not use third-party advertising or tracking cookies.

9. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you through the service or by email before the changes take effect. The effective date above always reflects the latest version.

10. Contact us

For questions or requests regarding this Privacy Policy or your data, email [email protected]. OmniHubX is the data controller; this policy is governed by the laws of Vietnam.