Privacy Policy

Boutiq.ai Privacy Policy
Effective date: 18 June 2025 – Last updated: 18 June 2025

1. Who We Are

Boutiq.ai (“Boutiq.ai,” “we,” “our,” or “us”) is a U.S.-based analytics company that turns Amazon marketplace data into decision-ready competitive intelligence for brand and retail professionals. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit boutiq.ai, interact with our products or marketing, or provide data to us through the Amazon Seller Partner API (SP-API) or other integrations.

2. Scope

This Policy applies globally to all personal information we process—online or offline—and is designed to meet or exceed the requirements of:

  • EU/EEA & UK: General Data Protection Regulation (GDPR) and UK GDPR

  • United States: CCPA/CPRA, Virginia VCDPA, Colorado CPA, Connecticut CTDPA, Utah UCPA, Texas DPSA, Florida FDBR, Oregon OCPA, Iowa ICPA, Delaware DCDPA, Nebraska NCDPA, New Hampshire NHCDPA, New Jersey NJCDPA, Tennessee TCPA, Minnesota MCDPA, Maryland MCDPA, and other state laws taking effect through 2025 (ketch.com, fisherphillips.com)

  • Canada: PIPEDA (and any successor legislation)

  • Brazil: LGPD

  • Australia: Privacy Act 1988 (Cth)

  • Children’s Online Privacy Protection Act (COPPA)

  • Amazon SP-API Data Protection Policy

  • EU-US Data Privacy Framework for trans-Atlantic transfers (ec.europa.eu)

  • EU AI Act transparency duties for general-purpose AI systems (investopedia.com)

Where local law provides stronger protections, we will follow that law.

3. Information We Collect

Category

Examples

Source

Account & Contact Data

Name, company, email, billing address, phone

Directly from you

Marketplace Data

SKUs, ASINs, sales metrics, Buy Box status, reviews (may incidentally contain buyer names)

Amazon SP-API, vendor files

Device & Usage Data

IP, browser type, device ID, pages viewed, click-stream logs, cookie identifiers

Automated collection

Marketing Data

Newsletter preferences, survey responses, conference interactions

You or partners

Sensitive Data

We do not intentionally collect sensitive personal data (e.g., health, biometric, children’s data).


4. Legal Bases (GDPR/UK GDPR)

Purpose

Legal Basis

Provide and secure the service

Contract (Art. 6 (1)(b))

Improve, debug, and train analytics & AI models

Legitimate interests (Art. 6 (1)(f))

Marketing communications

Consent (Art. 6 (1)(a))

Compliance with Amazon SP-API, tax, or legal obligations

Legal obligation (Art. 6 (1)(c))

Where legitimate interest is relied upon, we have balanced those interests against your rights.

5. How We Use Information

  1. Deliver, maintain, and support the Boutiq.ai platform

  2. Generate dashboards, forecasts, and competitive intelligence reports

  3. Train and evaluate AI/ML models in line with the EU AI Act’s transparency and risk-management rules (europarl.europa.eu)

  4. Detect, prevent, and respond to fraud or security incidents

  5. Provide customer service and manage accounts

  6. Send product updates, newsletters, and event invitations (opt-out anytime)

  7. Comply with laws, regulations, subpoenas, or enforce our Terms of Service

6. Automated Decision-Making & AI

We use machine-learning models to surface category shifts, price anomalies, and buy-box risks. These outputs are provided to human users; no decision with legal or similarly significant effects on an individual is made solely by automated means. Consumers may request human review of any profile-based recommendation (see Section 10).

7. Disclosures & Third Parties

We never sell personal information. We share it only with:

  • Service Providers (cloud hosting, analytics, CRM, payment processors) bound by confidentiality and data-processing agreements

  • Integration Partners (Amazon SP-API, Snowflake, Keepa) to fulfill requested analytics

  • Advisors & Auditors (lawyers, accountants) under NDA

  • Authorities or litigants when required by law

  • Successors in a merger, acquisition, or asset sale, provided equivalent safeguards apply

8. International Transfers

We store data principally in the United States. When we transfer personal data from the EU/UK or Switzerland, we rely on:

  • EU-US or Swiss-US Data Privacy Framework certification,

  • Standard Contractual Clauses (“SCCs”), or

  • UK Addendum / International Data Transfer Agreement,

supplemented by transfer impact assessments where required (ec.europa.eu).

9. Data Retention

We retain personal information only as long as needed for the purposes above and to meet Amazon SP-API and legal obligations. Order-level data obtained via SP-API is deleted or de-identified within 30 days unless we have a legal need to keep it longer.

10. Your Rights

Jurisdiction

Key Rights & How to Exercise

EU/EEA & UK

Access, rectify, erase, restrict, object, portability, lodge complaint with an EU supervisory authority; email privacy@boutiq.ai

California (CPRA)

Know, delete, correct, portability, limit use of sensitive data, opt-out of “sale”/“sharing,” automated decision-making transparency; call +1-833-268-8847 or use our “Your Privacy Choices” link

Colorado, Connecticut, Utah, Virginia, Texas, Florida, Oregon, Iowa, Delaware, Nebraska, New Hampshire, New Jersey, Tennessee, Minnesota, Maryland

Access, delete, correct, portability, opt-out of targeted advertising, profiling, or sale; same contact methods as above (duanemorris.com)

Brazil (LGPD)

Confirm, access, correct, anonymize, delete, portability, revoke consent; email privacy@boutiq.ai

Canada (PIPEDA)

Access, rectification; email privacy@boutiq.ai

We will verify your identity before responding and will not discriminate for exercising your rights.

11. Do Not Sell or Share My Personal Information

Boutiq.ai does not sell or share personal information for cross-context behavioural advertising as those terms are defined under CPRA and other state laws.

12. Cookies & Similar Technologies

We use first- and third-party cookies, web beacons, and SDKs to:

  • Authenticate users,

  • Remember preferences,

  • Measure site performance, and

  • Deliver limited remarketing.

You can manage cookies via our cookie banner or your browser settings. See our separate Cookie Notice for details.

13. Security

We follow industry best practices—encryption in transit and at rest, role-based access controls, annual penetration tests, and ISO 27001-aligned policies—to protect information.

14. Children’s Privacy

Our services are not directed to children under 13, and we do not knowingly collect their data. If you believe we have, please contact us for deletion.

15. Links to Other Sites

Our site may link to third-party websites or services. We are not responsible for their privacy practices.

16. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with a new effective date and, where required, we will seek your consent.

17. Contact Us

Role

Contact

Data Protection Officer (DPO)

dpo@boutiq.ai


18. Amazon SP-API Supplemental Notice

We access Amazon marketplace data solely to provide contracted analytics. We store order-level customer data in encrypted form, limit access to least-privilege staff, purge or de-identify it after 30 days, and never use it for independent marketing, consistent with the Amazon SP-API Data Protection Policy.

19. California Notice at Collection

California residents: We collect the categories of information listed in Section 3 for the purposes described in Section 5 and retain them per Section 9. You have the rights set out in Section 10.

20. Accessibility

This Policy is available in alternative formats upon request at accessibility@boutiq.ai.

By using our services, you acknowledge that you have read and understood this Privacy Policy.

Sources for regulatory references:
(ketch.com, fisherphillips.com, duanemorris.com, ec.europa.eu, investopedia.com, europarl.europa.eu)