SellerBooksSellerBooks
Start free
Privacy

Privacy Policy

Last Modified: May 7, 2026

How SellerBooks collects, uses, shares, retains, and protects personal information, including data from email, banking, marketplace, payment, document, and AI integrations.

This Privacy Policy describes how SellerBooks (operated by JPS Alliance Inc., “we,” “us,” or “our”) collects, uses, shares, retains, and protects personal information when you visit sellerbooks.ca, sign in to app.sellerbooks.ca, or otherwise use the SellerBooks platform (collectively, the “Services”).

We provide a bookkeeping and accounting platform built for e-commerce sellers. Our customers connect their email inboxes, bank and credit-card accounts, marketplaces (such as Amazon), and payment processors so the Services can extract receipts and invoices, classify transactions, reconcile bank activity, and generate financial records. This Privacy Policy explains what that means for your data.

By using the Services, you agree to this Privacy Policy. If you do not agree, do not use the Services. For questions about this Policy, contact our Privacy Officer at privacy@sellerbooks.ca.

1. Who We Are

SellerBooks is operated by JPS Alliance Inc., a corporation incorporated under the laws of Canada. We are the controller of personal information processed in connection with the Services, except where we act as a processor on behalf of a business customer (for example, when handling that customer’s end-user contact data).

Privacy questions, requests to access, correct, or delete personal information, and complaints can be sent to:

  • Email: privacy@sellerbooks.ca
  • Mailing address: JPS Alliance Inc., Privacy Officer, [REGISTERED OFFICE ADDRESS — fill before publishing]

2. Information We Collect

We collect three categories of personal information.

2.1 Information you provide directly

  • Account information: name, email address, password (stored as a salted hash), phone number, and time-zone preferences.
  • Business profile: business legal name, display name, business address, fiscal-year settings, and tax registration numbers (such as GST/HST/QST/PST/VAT IDs) you choose to enter.
  • Billing information: Stripe customer identifier, subscription plan, invoice history. Card numbers, expiry dates, and CVC codes are entered into Stripe-hosted fields and never touch our servers — we receive only Stripe-issued tokens.
  • Documents and content: receipts, invoices, bank statements, and other documents you upload or that we ingest from your connected services.
  • Communications: messages you send to support, sales, or security; survey or feedback responses.

2.2 Information we receive from connected services

With your authorization, the Services retrieve information from third parties on your behalf. Each integration is described in detail in Section 5; in summary:

  • Email providers (Gmail, Microsoft Outlook, IMAP): email message headers, bodies, and attachments matching the receipt-import workflow.
  • Banking providers (Plaid, Basiq): account metadata, balances, and transaction history for accounts you link.
  • Marketplaces (Amazon SP-API, Amazon Ads): orders, settlements, fees, refunds, returns, reimbursements, FBA inventory snapshots, inbound shipments, advertising spend, and tax reports for stores you connect.
  • Payment processors (Stripe): subscription, payment, and invoice events relating to your SellerBooks account.

2.3 Information collected automatically

  • Device and connection data: IP address, user-agent string, operating system, browser type, language, and approximate location derived from IP.
  • Usage data: pages and screens viewed, features used, click events, error and crash reports, request timestamps, and session identifiers.
  • Authentication cookies: see Section 11.

3. How We Use Personal Information

We use personal information to:

  • Provide, operate, and maintain the Services, including data ingestion, document processing, transaction matching, journal posting, reporting, and tax preparation features.
  • Authenticate users, enforce session security, and detect abuse, fraud, and abusive automation.
  • Process payments, manage subscriptions, and send billing-related communications.
  • Provide customer support and respond to inquiries.
  • Send transactional emails (account verification, password resets, invitations, security alerts) and, with consent, product or marketing emails you can unsubscribe from at any time.
  • Improve and develop the Services using aggregated, de-identified usage data and customer-specific data with appropriate restrictions described in Section 6.
  • Comply with legal obligations, including tax, accounting, anti-money-laundering, and information-request requirements.

4. Legal Bases for Processing (EEA, UK, Switzerland)

Where the EU/UK/Swiss General Data Protection Regulation applies, we process personal information on the basis of contract performance, legitimate interests, consent, and legal obligations as appropriate to each processing activity.

5. Connected Services

5.1 Gmail and Microsoft Outlook integrations

When you connect a Gmail or Microsoft Outlook inbox to import receipts and invoices, you authorize us, through Google’s OAuth 2.0 or Microsoft Graph, to access the message headers, bodies, attachments, and labels needed to import receipts, invoices, statements, and order confirmations into your SellerBooks workspace. We restrict the import window to your tracked fiscal year. Gmail access is read-only; we do not modify your Gmail inbox in any way. For Microsoft Outlook and IMAP we apply a tag — an Outlook category or the IMAP keyword $CoreAppImported— so we can avoid re-importing the same message.

You can disconnect your email provider at any time from the Integrations page in SellerBooks, which revokes our access token; you can also revoke access directly at myaccount.google.com/permissions (Google) or myaccount.microsoft.com (Microsoft).

Google API Services User Data Policy — Limited Use

SellerBooks’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

  • We only use Google user data to provide and improve user-facing features that are prominent in the SellerBooks user interface (receipt and invoice import, document classification, and reconciliation).
  • We do not transfer Google user data to third parties except as necessary to provide or improve those user-facing features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with explicit user consent.
  • We do not allow humans to read Google user data except (a) with the user’s explicit consent, (b) where necessary for security purposes (such as investigating abuse), (c) to comply with applicable law, or (d) where the data has been aggregated and is used for internal operations.
  • We do not use Google user data, including Gmail data, to develop, improve, or train generalized or non-personalized artificial intelligence or machine learning models. Data obtained through Google Workspace APIs is used only to power the per-user features in your SellerBooks workspace.
  • We do not use Google user data to serve advertisements, including retargeting or interest-based advertising.

The same restrictions are applied to data we receive from Microsoft Graph (Outlook) under our agreement with Microsoft.

5.2 Banking integrations (Plaid and Basiq)

We use Plaid Inc. (primarily for North American institutions) and Basiq Pty Ltd (primarily for Australian and New Zealand institutions) to securely connect your bank, credit-card, and brokerage accounts so we can retrieve transactions, balances, and account metadata for bookkeeping. The provider used for a given connection depends on your institution.

By connecting an account, you also agree to Plaid’s End User Privacy Policy or Basiq’s Privacy Policy, as applicable. Plaid and Basiq are responsible for retrieving your account credentials and transaction data and delivering them to us; we receive only the account-level identifiers and transactions needed to operate the Services. You can revoke access at my.plaid.com, connect.basiq.io, or from the Integrations page in SellerBooks.

5.3 Amazon SP-API and Amazon Ads

When you connect an Amazon Selling Partner account, we use the Selling Partner API and the Amazon Advertising API to retrieve order, settlement, finance event, fee, return, reimbursement, FBA inventory, inbound shipment, ad spend, and tax-report data for the marketplaces you authorize. We use this data exclusively to provide the Services described in our agreement with you and in compliance with the Amazon Services API Developer Agreement and Acceptable Use Policy.

Personally identifying information retrieved through the Amazon SP-API (where applicable, via Restricted Data Tokens) is retained for no longer than 30 days after the related order is shipped, except where retention beyond that period is required by law (for example, to issue legally required tax invoices). We do not, and will not, sell, rent, or trade Amazon Information to any third party. In the event of a security incident affecting Amazon Information, we will notify Amazon within 24 hours of confirmation, in addition to any other notifications required under Section 12.

5.4 Payment processing (Stripe)

We use Stripe for subscription billing, payments, analytics, and other business services. Stripe may collect personal data, including via cookies and similar technologies. The personal data Stripe collects may include transactional data and identifying information about devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud prevention and detection, authentication, and analytics related to the performance of its services. You can learn more about Stripe and read its privacy policy at stripe.com/privacy.

5.5 Documents and AI extraction

When you upload or import a receipt, invoice, statement, or other document, we use third-party AI service providers and optical character recognition to extract structured fields (vendor, date, amount, line items, taxes, totals) and to suggest classifications. We send these providers only the document content and the instructions necessary to perform the task on your behalf. We operate under terms that prohibit these providers from using your data to train or fine-tune general-purpose AI or ML models, and we do not permit humans at these providers to read your data except as necessary for security investigations, abuse prevention, or to comply with law.

6. How We Share Personal Information

We share personal information only as described below. We do not sell, rent, trade, or otherwise transfer personal information for monetary or other valuable consideration. We do not “sell” personal information under the California Consumer Privacy Act (CCPA), and we do not disclose personal information for cross-context behavioral advertising.

6.1 Service providers

We use third-party service providers for cloud hosting, payment processing, banking aggregation, marketplace and email-provider connectivity, AI document extraction, and transactional email delivery. Service providers are contractually required to protect your information and to use it only for the services we have engaged them to perform. We update our service providers from time to time and will provide reasonable notice through the Services of material changes.

6.2 Other disclosures

  • With your direction or consent: when you ask us to share information with another service or person.
  • Legal compliance and protection of rights: to comply with applicable law, lawful requests from public authorities, or legal process; to enforce our Terms; or to protect the rights, property, or safety of SellerBooks, our customers, or others.
  • Business transfers: if SellerBooks is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction. We will notify affected users and post a notice on this page before personal information becomes subject to a different privacy policy.
  • Aggregated or de-identified data: we may share aggregated or de-identified information that cannot reasonably be used to identify you.

7. International Data Transfers

Customer data is stored at rest in Canada. Limited operational data may be processed transiently outside Canada by our service providers in the course of delivering the Services. Where personal information is transferred from the EEA, the UK, or Switzerland to a country that has not received an adequacy decision, we rely on the European Commission’s Standard Contractual Clauses and equivalent safeguards.

8. Data Retention

We retain personal information only for as long as necessary to provide the Services and to meet our legal, accounting, and reporting obligations. Account and bookkeeping records are retained for the life of your account and, after termination, for up to seven (7) years, consistent with applicable record-keeping requirements for financial records. Amazon buyer personal information is retained for no more than 30 days after order shipment, except where retention beyond that period is required by law. Operational logs and backups are retained for periods consistent with operational and legal requirements and are then deleted on a routine basis.

On verified deletion request (Section 13), we will delete personal information within 30 days, except where retention is required by law, for ongoing legal claims, or for legitimate business purposes such as fraud prevention.

9. Security

We use industry-standard encryption in transit and at rest, access controls, and authentication safeguards to protect personal information. Additional detail is published on our Security page. No system is completely secure; you are responsible for keeping your account credentials confidential.

10. Artificial Intelligence and Automated Processing

We use artificial intelligence to extract structured fields from documents, classify transactions, suggest categories, and detect anomalies. The Services do not make legal or contractual decisions about you; AI suggestions are advisory and subject to your review and approval before they are posted to your books.

We do not use Google Workspace data, Microsoft Outlook data, banking data, or marketplace data to develop, improve, or train generalized or non-personalized AI or ML models. Our AI sub-processors (Anthropic, OpenAI, Nanonets) operate under contracts that prohibit them from training their models on your data.

11. Cookies and Similar Technologies

We use authentication and security cookies on the application to keep you signed in and to protect against cross-site request forgery. The marketing site at sellerbooks.ca does not set analytics, advertising, or tracking cookies. We may add limited first-party analytics in the future. If we do, we will update this Policy and, where required by law, request your consent.

12. Breach Notification

If we confirm a breach of security safeguards involving your personal information that creates a real risk of significant harm, we will notify you and the relevant supervisory authorities without undue delay and, in any event, within 72 hoursof confirmation, as required by Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec’s Act respecting the protection of personal information in the private sector (Law 25), the EU/UK GDPR (where applicable), and other applicable laws. For incidents affecting Amazon SP-API data, we will additionally notify Amazon within 24 hours of confirmation.

13. Your Privacy Rights

13.1 Rights available to all users

You can access, update, or download most of your personal information directly in SellerBooks. To request access, correction, deletion, portability, or to withdraw any consent you have given, email privacy@sellerbooks.ca. We will verify your request and respond within the time frame required by applicable law (generally 30 days). Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal.

13.2 Canada (PIPEDA and Quebec Law 25)

We comply with PIPEDA’s ten Fair Information Principles (accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance). Quebec residents have additional rights under Law 25, including the right to be informed of any automated decision-making that produces legal effects, the right to request a copy of personal information in a structured, commonly used technological format, and the right to have personal information de-indexed in certain circumstances. You may file a complaint with our Privacy Officer or, if unresolved, with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or the Commission d’accès à l’information du Québec (cai.gouv.qc.ca).

13.3 California (CCPA / CPRA)

California residents have the right to know what personal information we collect and how we use and share it; to request access to specific pieces of personal information; to request deletion or correction; to request portability; and to opt out of any sale or sharing of personal information. We do not sell personal information and do not share personal information for cross-context behavioral advertising.

Some of the financial information we process is also subject to the Gramm-Leach-Bliley Act (GLBA), which carves certain financial-account data out of the CCPA. Where GLBA applies, GLBA controls; for everything else, the CCPA rights above apply.

13.4 EEA, UK, and Switzerland (GDPR)

Residents of the European Economic Area, United Kingdom, and Switzerland have the rights of access, rectification, erasure, restriction, portability, and objection, and the right not to be subject to a decision based solely on automated processing that produces legal effects. You may also lodge a complaint with your local supervisory authority.

13.5 Verifying your request

To protect your information, we may ask you to verify your identity before responding to a privacy request — typically by replying from the email address on file or by completing a verification step in SellerBooks.

14. Children

SellerBooks is intended for business use by adults and is not directed to children. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18 without verification of parental consent, we will delete it.

15. Third-Party Links

The Services may contain links to third-party websites and services that we do not operate. We are not responsible for their privacy practices, and we encourage you to read their privacy notices.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice through the Services or by email and update the “Last Modified” date at the top. Changes become effective seven days after posting unless stated otherwise. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.

17. Contact Us

Questions, requests, or complaints can be sent to:

  • Privacy Officer, JPS Alliance Inc.
  • Email: privacy@sellerbooks.ca
  • Mailing address: [REGISTERED OFFICE ADDRESS — fill before publishing]

For security vulnerabilities, please email security@sellerbooks.ca. For general support, support@sellerbooks.ca.

© 2026 SellerBooks. All rights reserved.

SellerBooks is operated by JPS Alliance Inc.

SellerBooks
SellerBooks™
AI-powered finance automation
PrivacyTermsSecurityHome
© 2026 SellerBooks. All rights reserved.SellerBooks™ is a product of JPS Alliance Inc.
Proudly CanadianAI-guided finance operations