Privacy Policy

1. Introduction

AppealCraft AI (“we”, “us”, “our”) operates AppealCraft AI at appealcraft.ai (“the Service”). This Privacy Policy explains how we collect, use, and protect your personal information when you use our Service.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

Account Information

• Full name
• Email address
• Encrypted password (stored by our authentication provider)

Form Data

When you use the Service to generate responses, you provide information about your Amazon seller issues (order details, claim descriptions, violation details, feedback text, etc.). This data is stored to allow you to view your history and track outcomes.

Generated Responses

The AI-generated responses are stored in your account for your reference.

Usage Data

• Number of responses generated per month
• Response types (A-to-Z, Appeal, Feedback)
• Outcome tracking data (if you choose to log outcomes)

3. How We Use Your Information

We use your information to:

• Provide and operate the Service
• Generate AI-powered responses to your Amazon seller issues
• Maintain your response history and outcome tracking
• Enforce usage limits
• Improve the quality of generated responses over time
• Communicate with you about the Service (e.g., important updates)

4. Third-Party Services

We use the following third-party services to operate:

• Supabase — Authentication and database hosting (EU-hosted)
• Anthropic (Claude API) — AI response generation. Your form inputs are sent to Anthropic's API to generate responses. Anthropic's data handling policies apply.
• OpenAI — Text embeddings for policy retrieval. Query text (not your personal information) is sent to OpenAI for embedding generation.
• Vercel — Application hosting

We do not sell your personal information to any third party.

5. Data Security

We implement appropriate technical measures to protect your data:

• All data is transmitted over encrypted HTTPS connections
• Database access is protected by row-level security — you can only access your own data
• Passwords are hashed and never stored in plain text
• API keys and secrets are stored securely as environment variables

6. Data Retention

Your account data and response history are retained for as long as your account is active. If you request account deletion, we will remove your personal data within 30 days. Anonymised, aggregated data may be retained for service improvement.

7. Your Rights

Under UK GDPR, you have the right to:

• Access — Request a copy of your personal data
• Rectification — Request correction of inaccurate data
• Erasure — Request deletion of your data (“right to be forgotten”)
• Portability — Request your data in a machine-readable format
• Object — Object to processing of your data
• Restrict — Request restriction of processing

To exercise any of these rights, please contact us at hello@appealcraft.ai.

8. Cookies

The Service uses essential cookies only — specifically, authentication session cookies required for the Service to function. We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

9. Children

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via the Service or by email. The “Last updated” date at the top of this page indicates when the policy was last revised.

11. Contact

For privacy-related questions or to exercise your data rights, please contact us at hello@appealcraft.ai.