Privacy Policy

Last updated: 27 April 2026

This policy explains, in plain English, what data clearpence collects, how we store it, who we share it with, and what rights you have. If anything in here is unclear, email privacy@clearpence.com and we’ll explain it properly.

Who we are

clearpence is operated by Harrison K., a sole trader based in the United Kingdom. We are the data controller for the data described in this policy. Throughout this document “we”, “us”, and “our” mean clearpence; “you” means the eBay seller using the extension or web dashboard.

For any privacy or data-protection questions: privacy@clearpence.com.

What data we collect

eBay seller data (you authorise us via OAuth)

When you connect your eBay seller account, we use eBay’s official Sell APIs with the read-only sell.finances and sell.fulfillment scopes. The data we read and store is:

Transactions — sales, refunds, credits, shipping label charges. For each transaction: amount, date, type, status, order ID, payout ID, item title, SKU, quantity, fee amounts, and the buyer’s eBay username.
Payouts — the deposits eBay sends to your bank: amount, date, status, transaction count, and bank reference.
Orders and order items — fulfilment-side metadata used to enrich transaction reports.
Account identifier — your eBay username and the eBay account ID, so we can keep your data scoped to you.

We don’t collect buyer addresses, phone numbers, payment details, or anything beyond the buyer username that eBay returns in transaction records. We don’t access your listings, messages, or store settings.

Account and billing data

Email address — provided by ExtensionPay if you upgrade to Pro. Used for billing notifications and, occasionally, important service messages.
Subscription status and plan — whether you’re on Free or Pro, and your subscription state.

Authentication tokens

eBay access and refresh tokens — issued by eBay during OAuth, stored encrypted (see “How data is stored” below). Used only to call eBay’s API on your behalf.
A bearer-token hash for the extension — the extension generates a random token on first launch and registers it with us. We store only its SHA-256 hash, never the token itself.

Usage data

Per-month export counts (used to enforce Free-plan limits).
Last active timestamp.
Basic application logs for debugging — these may include request IDs, error messages, and your user ID, but not your eBay data or authentication secrets.

What we do not collect

Your eBay password. OAuth means you log in on eBay’s own site. We never see, receive, or store your password.
Buyer personal data beyond the eBay usernames that appear in transaction records. No addresses, no phone numbers, no payment details.
Payment card details. All payments are handled by ExtensionPay using Stripe. We never see card numbers, CVCs, or expiry dates.
Browsing history, screen activity, or anything outside your eBay seller data. The Chrome extension only requests the storage permission and a content script for extensionpay.com — it has no access to other sites you visit.
Analytics or advertising trackers. The marketing website does not run third-party analytics. We do not use your data for advertising. We do not sell your data.

How data is stored

Your data lives in a managed Postgres database hosted by Supabase, in the EU (Ireland, eu-west-1). eBay OAuth tokens and signing keys are encrypted at rest using AES-256-GCM with a per-record initialisation vector and a master key held only on our backend (not in the database). All traffic between your browser, our backend, and Supabase is encrypted in transit using HTTPS.

Database access uses a service-role key held only on our backend. Row-level security is enabled on every table as a defence-in-depth measure against accidental anonymous access.

How long we keep data

Active accounts: we retain your data while your account is active so you can run reports and exports against it.
Cancelled or disconnected accounts: we delete your personal data and eBay-derived data within 30 days of cancellation or disconnection. You can request immediate deletion at any time.
Raw API responses: the unprocessed JSON pages we fetch from eBay during a sync are pruned automatically after 14 days. The normalised tables are the long-term source of truth.
Export job records: kept for 90 days so you can re-download a recent export, then removed.
Application logs: retained for up to 7 days, in line with our hosting provider’s free-tier log retention.

Third parties we rely on

We use a small number of providers to run the service. Each one only receives the minimum data it needs.

eBay — the source of all your seller data. You authorise the connection via OAuth and can revoke it at any time from your eBay account settings. eBay privacy notice.
ExtensionPay — billing layer for the Chrome extension. Receives your email address and subscription state. ExtensionPay privacy.
Stripe — payment processor used by ExtensionPay. Handles all card data; we never see it. Stripe privacy.
Supabase — managed Postgres host where your eBay data and account record are stored. Supabase privacy.
Vercel — hosts the backend API and dashboard. Vercel privacy.
Cloudflare — DNS and CDN for clearpence.com. Cloudflare privacy.

International transfers

Your eBay data and account record are stored in the EU (Ireland, eu-west-1). Some of our providers (notably Stripe and Cloudflare) are US-based and rely on standard contractual clauses and other legally recognised transfer mechanisms to handle data outside the UK/EU. We don’t transfer your eBay seller data to those providers — only the minimum needed for billing and connectivity.

Legal basis for processing

Under UK GDPR we process your data on these legal bases:

Performance of a contract. The bulk of what we do — syncing your eBay data, generating exports, running the dashboard — is necessary to deliver the service you signed up for.
Legitimate interests. Application logs, rate limiting, and abuse prevention are processed on the basis of our legitimate interest in keeping the service secure and operational. We’ve balanced this against your rights and only collect the minimum needed.
Consent. You consent to the eBay OAuth connection on eBay’s own consent screen. You can withdraw consent by revoking access in your eBay account settings.

Your rights under UK GDPR

You have the right to:

Access — request a copy of the personal data we hold about you.
Rectification — ask us to correct inaccurate data.
Erasure — ask us to delete your data.
Restriction — ask us to stop processing your data while a question is being resolved.
Object — object to processing based on legitimate interests.
Portability — receive your data in a common, machine-readable format.

Email privacy@clearpence.com to exercise any of these. We aim to respond within 30 days. If you are not satisfied, you have the right to complain to the UK Information Commissioner’s Office at ico.org.uk.

Children

The service is not intended for anyone under 18. We don’t knowingly collect data from children. If you believe a minor has used the service, email us and we’ll delete the relevant data.

Cookies

The marketing site (this website) does not set tracking cookies or load analytics scripts. The web dashboard uses a single httpOnly session cookie to keep you signed in after you arrive from the extension. There are no third-party advertising cookies anywhere in the product.

Changes to this policy

If we change anything material in this policy, we’ll update the “Last updated” date and, where we have your email address, notify you. Continued use of the service after a material change means you accept the updated policy.