Privacy Policy
Last updated: 20 June 2026
1. Introduction
Olysto ("we", "our", "us") is a multi-platform seller tool for eBay sellers operating at olysto.app. This Privacy Policy explains what data we collect, how we use it, and what rights you have.
By creating an account and using Olysto you agree to this policy.
2. Data We Collect
2a. Account data
- Email address and hashed password (for Olysto accounts)
- Connected eBay account OAuth tokens (access + refresh tokens)
- Connected Gmail account OAuth tokens (access + refresh tokens) — only if you choose to connect Gmail
2b. eBay seller data
- Active listings, inventory quantities and pricing
- Orders, buyer names, shipping addresses and tracking numbers
- Inbox messages and Best Offer notifications
2c. Gmail data (optional — read-only)
If you connect your Gmail account, Olysto requests the gmail.readonly scope. We use this access only to search for eBay shipping notification emails (sent by ebay@ebay.co.uk) and extract shipping tracking numbers and label attachments from them. We do not read, index or store any other emails.
3. Google API Limited Use Disclosure
Olysto's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:
- Gmail data is used only to provide the shipping-label sync feature described above
- We do not use Gmail data to serve advertisements
- We do not allow humans to read your Gmail data unless you have given us explicit permission or it is required by law
- We do not share Gmail data with any third parties, except as necessary to provide the service (e.g. our hosting provider)
- We do not use Gmail data for any purpose other than extracting eBay shipping tracking numbers on your behalf
✓ Olysto's use of Google user data complies with the Google API Services User Data Policy, including the Limited Use requirements.
4. How We Use Your Data
- To display and manage your eBay listings, orders and shipments inside Olysto
- To auto-sync shipping tracking numbers from eBay label emails in your Gmail inbox
- To match courier tracking updates (DPD, Evri) to your orders
- To send you transactional emails (e.g. password reset) — no marketing without opt-in
5. Data Storage & Security
- All data is stored on servers in the EU (Frankfurt, Germany) via Render.com
- eBay and Google OAuth tokens are stored in an encrypted PostgreSQL database
- Passwords are hashed using bcrypt — we never store plaintext passwords
- HTTPS is enforced on all connections
- We apply rate-limiting on login endpoints to prevent brute-force attacks
6. Data Sharing
We do not sell, rent or share your data with third parties for marketing or advertising purposes. Data may be shared only:
- With our infrastructure provider (Render.com) as data processor, under a data processing agreement
- If required by law or court order
7. Your Rights
- Access: you can request a copy of the personal data we hold about you
- Deletion: you can request deletion of your account and all associated data
- Revoke Google access: visit myaccount.google.com/permissions and remove Olysto at any time
- Revoke eBay access: disconnect your eBay account from within Olysto or from eBay's authorised applications page
8. Data Retention
We retain your data for as long as your account is active. If you delete your account, all personal data (including OAuth tokens, orders and listings snapshots) is deleted within 30 days.
9. Cookies
Olysto uses a single session cookie to keep you logged in. We do not use tracking cookies or third-party analytics cookies.
10. Children
Olysto is not directed at children under 16. We do not knowingly collect data from anyone under 16.
11. Changes to This Policy
We may update this policy. Material changes will be communicated via email or an in-app notice. Continued use after the effective date constitutes acceptance.
12. Contact
For questions about this policy or data requests, contact us at: support@olysto.app