Skip to content
BuyCast

Privacy Policy

Last updated: May 6, 2026 · Effective: May 6, 2026

Legend Software, LLC (“BuyCast,” “we,” “us,” or “our”) operates the BuyCast.aiplatform (the “Service”). This Privacy Policy explains what data we collect, how we use it, who we share it with, how long we keep it, and the rights you have. It applies to the Service, this website, and our APIs.

If you connect your Amazon Selling Partner account to the Service, the Amazon Informationsection below describes the additional protections we apply to data we receive from Amazon's Selling Partner API (“SP-API”).

1. What we collect

  • Account data: name, work email, role, organization, and any profile data Customer provides.
  • Amazon Information (via SP-API):seller catalog, product listings, order summaries, FBA inventory, settlement reports, financial events, and refund/return data — in each case scoped to the Customer's own seller account. We do not request or store buyer Personally Identifiable Information (see Section 4).
  • Authorization credentials: SP-API refresh tokens and related credentials, stored encrypted in AWS Secrets Manager with per-tenant isolation. Credentials are never exported or shared.
  • Product usage: session and event telemetry for product analytics. This is gated behind cookie consent and contains no Amazon Information.
  • Billing data: processed and stored by Stripe; we retain only a customer identifier and subscription state.
  • Support correspondence: emails and form submissions you send us, kept for the life of the support thread plus 24 months.

2. How we use data

  • To operate the Service and deliver Customer's data back to Customer.
  • To build per-tenant retrieval context (RAG) for the Copilot — this context is scoped to the Customer's own data and is never used to train, fine-tune, or otherwise improve any AI/ML model (see Section 7).
  • To improve the Service's reliability and surface area using aggregated, de-identified usage signals only.
  • To comply with legal obligations and respond to lawful requests.

3. Amazon Information

“Amazon Information” means any information we receive, directly or indirectly, from Amazon's Selling Partner API or related services about a Customer's Amazon seller account. We process Amazon Information solely to provide the Service to the seller who authorized the connection.

We do not sell, rent, lease, trade, or otherwise distribute Amazon Information to any third party for that third party's own use.

We do not use Amazon Information to:

  • train, fine-tune, or improve any general-purpose, foundation, or third-party AI/ML model;
  • build advertising, retargeting, or marketing audiences;
  • benchmark one seller's performance against another in a way that exposes either seller's data;
  • derive products or services for sale to anyone other than the seller who authorized the connection.

Amazon Information is stored exclusively in AWS us-east-1 (N. Virginia) and is not replicated outside that region except as required to deliver the Service to the authorizing Customer (for example, transient delivery through a CDN edge for an authenticated browser session).

4. Personally Identifiable Information (PII)

We do not request, collect, store, or process Personally Identifiable Information about Amazon buyers — including buyer name, shipping address, billing address, phone number, or email. Where Amazon SP-API responses include such fields, we either do not request them, do not persist them, or strip them at ingestion before any data reaches durable storage.

We do collect and store work-contact PII for the seller's own employees who use the Service (account holders, team members invited to the workspace), strictly for authentication, support, and billing.

5. Encryption and security

  • At rest: Amazon Information and Customer data are encrypted at rest using AES-256 on AWS RDS, AWS S3, and AWS Secrets Manager, with AWS KMS. Customer-managed KMS keys are available on Enterprise contracts.
  • In transit: all traffic uses TLS 1.2 or higher (TLS 1.3 by default). Database connections require SSL.
  • Tenant isolation: PostgreSQL Row-Level Security is enforced (FORCE) on every tenant-scoped table. Application roles cannot bypass RLS.
  • Access: least-privilege IAM, audit logging on every mutation, and operator-impersonation gated behind a second flag and fully logged.

Additional detail is on our Security overview and Amazon Data Protection page.

6. Subprocessors

We use the following subprocessors. Subprocessors marked “no access to Amazon Information” either do not process such data or receive only de-identified usage signals.

  • Amazon Web Services— hosting, RDS, S3, Secrets Manager. Region: us-east-1. Processes Amazon Information.
  • Stripe— billing. No access to Amazon Information.
  • Anthropic— Copilot LLM provider. Configured to use the lowest available data-retention setting and to opt out of training, abuse-monitoring data collection, and human review where the API supports it. May process Amazon Information transiently as prompt context. Provider terms prohibit using Amazon Information to train, fine-tune, or improve any AI/ML model.
  • OpenAI— alternate Copilot LLM provider, with the same retention, training-opt-out, and provider-terms constraints as above.
  • Amazon SES / Resend— transactional email. No access to Amazon Information.
  • Vercel— marketing site hosting, edge analytics. No access to Amazon Information.
  • PostHog— product analytics, gated on consent. No access to Amazon Information.
  • Sentry— error monitoring with PII scrubbing enabled. No access to Amazon Information beyond opaque error context which is sanitized on capture.
  • Slack— outbound notification webhook used only when Customer configures a Slack integration. Receives short notification messages (e.g., “Draft PO ready for review”) that do not contain buyer PII and are scoped to the Customer's own data.
  • Cal.com— demo scheduling on the marketing site. Receives prospect contact details only (name, email, optional notes); never connected to SP-API; no Amazon Information.
  • Third-party market-data provider— supplies competitor buy-box and pricing context for the Copilot and purchasing agent. Receives only public ASINs from a Customer's active catalog; receives no settlement, financial, inventory, or buyer data.

We notify Customers at least 30 days prior to any new subprocessor addition that processes Amazon Information, and Customers may object in writing.

7. AI providers and model training

The Service's AI Copilot uses third-party LLM providers (Anthropic and OpenAI). We configure each provider to the lowest available data-retention setting and opt out of training, abuse-monitoring data collection, and human review where the API supports it. Amazon Information is not used to train, fine-tune, or otherwise improve any general-purpose, foundation, or third-party AI/ML model — not by us, and not by our LLM providers, who are contractually prohibited from doing so.

We may build per-tenant retrieval indexes (RAG) over a Customer's own data to ground Copilot answers. These indexes are scoped to the single Customer, are stored in the same security boundary as the rest of that Customer's data, and are deleted on the same schedule described in Section 8.

8. Retention and deletion

Active accounts: Customer data and Amazon Information are retained while the account is active.

Cancellation or revocation:Sellers may revoke our access at any time from Amazon Seller Central → Apps and Services → Manage Your Apps. Upon revocation, account cancellation, or a written request to privacy@buycast.ai, we delete all Amazon Information and Customer data within 30 days, including from primary databases, indexes, caches, and the next backup-rotation window.

Deletion verification: on request we will provide a written confirmation of deletion identifying the date, the systems purged, and any narrowly-scoped exceptions (for example, billing records retained for tax compliance, which contain no Amazon Information).

See /legal/data-deletion for the request flow.

Aggregated analytics: aggregated usage analytics that contain no Customer-identifiable, PII, or Amazon Information may be retained longer for product improvement.

9. Your rights

You may access, correct, export, or delete your data via the app, or by emailing privacy@buycast.ai. We honor data-subject access requests (DSARs) under GDPR (Articles 15-22) and CCPA/CPRA in full. We respond to verifiable requests within 30 days.

EU/UK personal data is currently processed in AWS us-east-1 (N. Virginia). For international transfers we rely on the EU Standard Contractual Clauses (2021/914) and the UK IDTA. An EU region is on our roadmap; contact us if your procurement requires it today.

10. Security incident notification

We will notify affected Customers without undue delay and in any event within 72 hours of becoming aware of a confirmed security incident affecting Customer Personal Data or Amazon Information, including the nature of the incident, categories of data affected, and remediation steps.

11. Children's privacy

The Service is not intended for anyone under 18. We do not knowingly collect data from children.

12. Cookies and tracking

See our Cookie Policy for details. We do not set non-essential cookies until you opt in via the consent banner.

13. Changes to this policy

We will update this page when our practices change. Material changes will be announced via email to account administrators at least 30 days before they take effect.

Changelog

  • May 6, 2026: Restructured for Amazon Selling Partner API Data Protection Policy attestations. Added explicit Amazon Information section, PII statement, encryption details, AI training prohibition, 30-day deletion SLA, subprocessor access classification, and DSAR contact.
  • April 1, 2026: Initial public version.

14. Contact

Questions, DSARs, or deletion requests: privacy@buycast.ai. Security: security@buycast.ai. General support: support@buycast.ai.

Postal: Legend Software, LLC, c/o Legalinc Corporate Services Inc., 131 Continental Dr, Suite 305, Newark, DE 19713, USA.