Legal

Privacy Policy

Effective June 26, 2026

MarketMonster.co ("MarketMonster", "we", "us"), operated by Frakle, LLC, provides software-as-a-service tools that help sellers manage inbound shipments, inventory, listings, and related logistics across the marketplaces and sales channels they connect. We currently support Amazon, via the Selling Partner API (SP-API). This Privacy Policy explains what information we collect when you use the service, why we collect it, who we share it with, and the rights you have over your information.

1. Who this policy applies to

This policy applies to anyone who creates an account on MarketMonster.co, anyone whose information is processed by MarketMonster on behalf of a seller customer (for example, members of a customer's organization), and anyone who visits our marketing website.

2. Information we collect

2.1 Account information

When you sign up, we collect your name, email address, and authentication identifiers from our authentication provider (Clerk). If you create or join an organization, we also store your role within that organization and any roles or permissions assigned to you by an organization administrator.

2.2 Connected platform data

When you connect a sales channel or marketplace account (currently Amazon, via the Selling Partner API (SP-API)), MarketMonster receives access tokens issued by that platform and uses them, on your behalf and only while authorized, to retrieve data that includes:

  • Listing and catalog information (ASINs, SKUs, titles, prices, dimensions);
  • Inventory levels, shipment status, and shipment events;
  • Order metadata and fulfillment status (where required by an enabled feature);
  • Seller account metadata, including the marketplaces you operate in and the fulfillment centers used by your shipments.

We do not request or use marketplace buyer Personally Identifiable Information (PII). Where any incidental buyer-adjacent fields are returned by a platform (for example, shipment recipient names embedded in Amazon label responses), we treat them as confidential, do not display them outside the originating organization, and do not retain them beyond what the feature requires.

We currently support Amazon. As we add support for additional platforms (such as Walmart and direct-to-consumer sales channels), we will update this policy, the sub-processor list in section 4, and the retention details in section 5 before we begin collecting data from them.

2.3 Payment information

Subscriptions and credit purchases are processed by Stripe. MarketMonster does not store full card numbers; we receive only the limited tokens, last-four digits, and subscription metadata necessary to operate billing.

2.4 Operational logs and error monitoring

We retain server logs, audit events, and error traces to operate and secure the service. Logs may include IP addresses, request paths, timestamps, and the identifier of the authenticated user making each request. When an error occurs, our error-monitoring processor (Sentry) receives a diagnostic event; on our server and edge runtimes that event includes the authenticated user's id, email, and IP address so we can reproduce and fix the problem.

3. How we use information

We use the information described above to:

  • Provide, operate, and improve the service you contracted for;
  • Make authorized API calls against the platform accounts you connect (currently the Amazon SP-API) to retrieve and update the data shown to you in the application;
  • Authenticate you, enforce role and permission boundaries inside your organization, and prevent abuse;
  • Bill for usage and process subscriptions through Stripe;
  • Send transactional email related to your account, billing, or security;
  • Comply with legal obligations and respond to lawful requests.

We do not sell your data. We do not use connected-platform data to train general-purpose machine learning models. We do not use connected-platform data for advertising.

4. How we share information

MarketMonster shares information only with the third-party processors required to run the service:

  • Clerk: authentication, session management, and organization membership;
  • Stripe: payment processing and subscription management;
  • Supabase: database hosting and realtime infrastructure;
  • Netlify: web application hosting;
  • Railway: hosting for our background worker, which makes authorized SP-API calls on your behalf and processes shipment and inventory data;
  • Sentry: error monitoring and diagnostics, which may receive the information described in section 2.4 (including user id, email, and IP address on server-side errors);
  • Amazon: calls we make to SP-API on your authorized behalf, scoped to the roles you authorized at connection time.

Each processor is bound by its own data processing agreement and contractual obligations. We do not share connected-platform data with any party other than the processors listed above without your prior consent or a legal obligation to do so.

5. Data retention

We retain connected-platform data only while your authorization is active. When you disconnect a connected platform account, revoke MarketMonster's access from that platform (for Amazon, from Seller Central), or close your account:

  • we delete the stored platform access and refresh tokens within 24 hours; and
  • we purge the cached platform data we synced (currently from Amazon: inventory levels, order and finance records, and shipment status) within 30 days.

Some records are retained beyond these windows where we have an ongoing need or a legal obligation: billing and payment records held by us and by Stripe; the permission audit log described below; and any data required to resolve an active dispute or comply with the law. You can request deletion of other account data you created (for example, shipment manifests) by emailing us under section 8; we honor those requests manually.

Audit log retention. We keep a permission audit log that records role and permission changes inside your organization. It stores only opaque user identifiers, not names or email addresses, and is retained for the life of your organization as a security and forensic record. It is deliberately excluded from the deletion process above so that the record of who changed access cannot be erased, and it is removed only when the organization itself is deleted.

6. Security

SP-API access and refresh tokens, and other third-party credentials, are encrypted at rest in our application database using AES-256-GCM authenticated encryption, with the encryption key held outside the database. Access is further restricted to the MarketMonster service role, and every connection uses encryption in transit (HTTPS / TLS). We describe our security posture in more detail at /security.

7. Cookies and local storage

MarketMonster uses a small number of strictly necessary cookies, set by our authentication provider (Clerk), to keep you signed in and to secure your session. We use your browser's local storage only to remember interface preferences, such as your selected theme. We do not use advertising cookies, third-party tracking cookies, or cross-site trackers, and we do not sell or share information for behavioral advertising.

8. Your rights

You can request access to, correction of, export of, or deletion of your information at any time by emailing privacy@marketmonster.co. Where you act as the administrator of an organization, you may exercise these rights on behalf of the organization. Where you are a member of an organization, your administrator may also exercise these rights on your behalf within the bounds of the organization's own data.

You can also disconnect a connected platform account at any time from that platform. For Amazon, do this from Seller Central under Apps & Services → Manage Your Apps. Doing so revokes MarketMonster's access to that platform immediately and triggers the deletion process described in section 5.

9. California privacy rights

If you are a California resident, you have the right to know what personal information we collect and how we use it, to request access to or deletion of that information, to request correction of inaccurate information, and to not be treated differently for exercising these rights. We do not sell or share your personal information as those terms are defined under California law. To exercise any of these rights, email privacy@marketmonster.co; we verify each request against your account before acting on it.

This section will be extended with additional regional privacy rights, including those for the European Union and United Kingdom, before MarketMonster is offered to customers in those regions.

10. International transfers

MarketMonster operates from the United States and our processors may store and process data in the United States or other jurisdictions. By using the service you consent to the transfer of your information to the United States.

11. Children

MarketMonster is intended for use by businesses. We do not knowingly collect information from anyone under 16. If you believe we have done so, contact us and we will delete the information.

12. Changes to this policy

If we make material changes to this policy we will update the effective date above and notify active organization administrators by email at least 14 days before the change takes effect.

13. Contact

This service is operated by Frakle, LLC. Questions about this policy or about how your information is handled can be sent to privacy@marketmonster.co. Our mailing address is available on request.