This Privacy Policy describes how Sellium ("we", "us", "our") collects, uses, and shares personal information when you use the Sellium platform, website, and related services (the "Service"). We are committed to protecting your privacy and complying with applicable data protection laws including the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
Sellium is a software-as-a-service (SaaS) platform providing e-commerce, marketing, and AI tools to direct-to-consumer brands. For the purposes of data protection law, Sellium acts as:
We use the following third-party service providers ("subprocessors") to operate the Service. They are contractually bound to protect your data:
| Provider | Purpose | Location |
|---|---|---|
| Supabase | Database hosting | United States |
| Vercel | Web hosting & serverless functions | United States |
| Cloudflare | DNS, CDN, DDoS protection | Global |
| Stripe | Payment processing | United States, Ireland |
| Anthropic (Claude) | AI text generation | United States |
| Creatify | AI video generation | United States |
| Resend | Transactional email | United States |
| Google Workspace | Business email hosting (support/contact inboxes) | United States |
| Meta (Facebook/Instagram) | Ad platform & CAPI integration | United States |
| Google (Ads) | Ad platform integration | United States |
| TikTok | Ad platform integration | United States, Singapore |
We do not sell your personal information to third parties.
Some of our subprocessors are located outside the European Economic Area (EEA) or the United Kingdom. When we transfer personal data outside of these regions, we rely on Standard Contractual Clauses (SCCs), adequacy decisions, or other legal transfer mechanisms as required by GDPR.
Subject to applicable law, you have the following rights regarding your personal information:
California residents (CCPA/CPRA): You have the right to know what personal information we collect; the right to delete personal information; the right to correct inaccurate personal information; the right to limit the use of sensitive personal information; and the right to opt out of the sale or sharing of your personal information. Sellium does not sell or share your personal information as those terms are defined under CCPA/CPRA. We do not process your data for cross-context behavioral advertising purposes without your explicit consent.
To exercise any of these rights, email us at [email protected] with the subject line "Data Subject Request" and include enough information for us to verify your identity. We will respond within 30 days (GDPR) or 45 days (CCPA, with possible 45-day extension). You also have the right to not be retaliated against for exercising your privacy rights.
Business customers: if you need a signed Data Processing Addendum (DPA), see our DPA page or email [email protected].
We use cookies and similar technologies for:
You can manage cookie preferences anytime using the Cookie preferences link in our footer, or via your browser settings. Essential cookies cannot be disabled because they are required for the Service to function. Optional analytics and marketing cookies are off by default until you explicitly consent.
We implement reasonable technical and organizational measures to protect your data, including:
No system is 100% secure. We will notify you of data breaches affecting your personal information without undue delay as required by applicable law.
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from minors. If we learn we have collected such data, we will delete it.
The Service uses AI (Anthropic Claude, Creatify, and similar providers) to generate content at your request. AI-generated outputs may contain errors or reflect biases in training data. We do not use your private data to train third-party AI models. Your prompts and generated content are processed by our AI subprocessors subject to their privacy terms.
Sellium lets you connect third-party platforms (Meta/Facebook/Instagram, Google Ads, TikTok, Cloudflare, Stripe, and similar) to the Service so we can manage campaigns and infrastructure on your behalf from your Sellium dashboard.
When you authorize Sellium to connect your Meta account, we request the following permissions and use them strictly to provide the Service:
ads_management — to create, update, pause, and resume advertising campaigns, ad sets, and ads that you explicitly configure in Sellium's Ad Manager module. We only act on campaigns you have created or selected in our dashboard.ads_read — to read campaign insights (spend, impressions, clicks, conversions, reach) and populate the performance dashboards and daily digest email you subscribed to. Strictly read-only.pages_manage_ads — to associate your ads with the Facebook Page you selected as the placement. We never post content to your Page feed without your explicit action.business_management — to identify the Business Manager account you connected so we scope ad operations to the correct ad accounts. We never modify business-level settings.Data retrieved from Meta is stored in our database only as long as your subscription is active and strictly to power features you use in the Service. It is never sold, shared with data brokers, or used for purposes beyond what you authorized. You can revoke Sellium's access at any time from your Facebook account at Settings → Business Integrations, or by disconnecting the integration in your Sellium dashboard. Revoking access causes Sellium to stop pulling new data; previously-retrieved data is deleted as described in the "Data Deletion" section below.
Comparable handling applies to Google Ads, TikTok, Cloudflare, and Stripe connections — see the subprocessor table in Section 5 for a full list.
You can request deletion of your personal data — including data Sellium has obtained from connected third-party platforms (Meta/Facebook/Instagram, Google, TikTok, etc.) — at any time.
How to request deletion: email [email protected] with the subject line "Data Deletion Request". Include the email address associated with your Sellium account and, if applicable, the tenant or store name. We will verify your identity and complete the deletion within 14 days, then send you a confirmation email.
What gets deleted:
Retention exceptions: We retain billing records for 7 years as required by tax and financial regulations. Anonymized aggregate analytics may be retained indefinitely as they no longer identify you. Security logs may be retained for up to 90 days for abuse-prevention purposes.
Automatic deletion on account closure: If you cancel your Sellium subscription, your uploaded content and third-party platform data are exportable for 30 days, then automatically deleted within 90 days.
Sellium offers an optional browser extension named "Sellium Cookie Sync" that synchronises your Outbrain dashboard session to your Sellium account so that Sellium's Ad Manager can publish and manage your Outbrain advertising campaigns on your behalf without requiring you to manually copy and paste cookies from your browser's developer tools every 12 hours.
Data the extension handles. When you have paired the extension to your Sellium account and you are logged in to my.outbrain.com in your browser, the extension reads only two cookies from my.outbrain.com — ob-session-token and ob-ajax-csrf-token — and transmits their values to your Sellium account over HTTPS to sellium.app. These cookies authenticate your existing Outbrain dashboard session; the extension does not read passwords, payment details, or any other credentials, and does not read cookies from any host other than my.outbrain.com. The cookies are stored encrypted at rest in Sellium's database (AES-256-GCM, scoped to your tenant and Outbrain marketer) and are only used to make authenticated calls to my.outbrain.com on your behalf as part of Sellium's Ad Manager features.
Data stored locally by the extension. The extension stores in chrome.storage.local on your device only: your Sellium pairing token (a random, account-specific bearer issued by Sellium when you redeem a pairing code), a stable install identifier, and sync metadata (timestamps and success/error status used to render the extension's popup). The extension does not store your browsing history, personal data, or any third-party data.
Telemetry, analytics, advertising. The extension contains no third-party analytics, no telemetry, and no advertising. It makes network requests only to Sellium's pairing and sync endpoints — no other hosts.
Your controls.
Limited Use disclosure. The Sellium Cookie Sync extension's use of information received from Google APIs (where applicable for Chrome Web Store distribution) adheres to the Chrome Web Store Limited Use Policy. The data described above is used only to provide the user-facing feature of cookie syncing; it is not transferred to third parties (other than to provide or improve the feature), not used or transferred for serving advertisements, and not read by humans except as required for support, legal compliance, or to perform privileged operations in aggregate with the user's consent.
Source code and security disclosures. Sellium Cookie Sync is built and maintained by Sellium. For security disclosures regarding the extension, contact [email protected].
We may update this Privacy Policy. Material changes will be communicated by email or in-product notice at least 30 days before taking effect. The "Last updated" date at the top reflects the most recent version.
Questions or requests regarding your privacy: