Privacy Policy

Last updated: February 28, 2026

Our Commitment: BidFlow was built to help Amazon sellers, not to harvest data. We collect the minimum information needed to run the service and we never sell your data to third parties.

What We Collect

When you use BidFlow, we collect the following to provide the service:

  • Account Information: Your email address for account creation, login, and service communications.
  • Amazon Ads Credentials: OAuth refresh tokens used to fetch your advertising data from the Amazon Ads API. These are encrypted at rest with AES-256 and your Amazon password is never stored.
  • Advertising Performance Data: Placement-level campaign metrics pulled from your Amazon Ads account (spend, clicks, ACOS, ROAS, etc.) for display in your dashboard.
  • Billing Information: Payment details are handled entirely by Stripe — BidFlow never stores card numbers.
  • Technical Data: IP addresses and browser metadata for security and fraud prevention only.

How We Use It

Your data is used exclusively to:

  • Fetch and display your Amazon Ads placement performance data in your dashboard.
  • Generate and store weekly reports tied to your account.
  • Process subscription payments securely via Stripe.
  • Send transactional emails (data ready notifications, billing receipts).
  • Identify and resolve technical issues with the service.

We do not sell, rent, or share your data with advertisers or third-party marketing services.

Security

Amazon Ads credentials (OAuth refresh tokens) are encrypted with AES-256 before being stored in our database. All data in transit is protected with SSL/TLS encryption. Our database is hosted on Supabase, which uses enterprise-grade security protocols.

We use OAuth for Amazon authentication — BidFlow never sees or stores your Amazon Seller Central or Amazon Advertising console password.

Data Retention & Deletion

Advertising performance data is retained for up to 90 days to power historical trend analysis. After 90 days, older data is automatically removed.

You may delete your account and all associated data at any time from the Dashboard under Settings. Account deletion permanently removes your credentials, advertising data, and notes.

Third-Party Services

BidFlow uses the following third-party services to operate:

  • Supabase — database and authentication hosting.
  • Stripe — subscription billing and payment processing.
  • Amazon Advertising API — to retrieve your campaign data on your behalf.
  • Vercel — application hosting and delivery.

Each of these services has its own privacy policy. We only share the minimum data necessary with each provider to deliver the service.

Cookies

BidFlow uses essential cookies only — specifically for maintaining your authentication session. We do not use advertising or tracking cookies. See our Cookie Policy for full details.

Contact

Questions about how your data is handled? Contact us at:

support@bidflow.app