Privacy Policy
Last updated 2026-05-26
Who we are
CritFlip is a web-based arbitrage tool for eBay resellers, operated by West Michigan 3PL Inc, a Michigan corporation with a principal place of business at 1291 Lincoln Rd, Ste 16, Allegan, MI 49010. References to “CritFlip,” “we,” “us,” or “our” in this policy refer to that entity.
This policy describes what information we collect from visitors and customers of critflip.app, how we use it, and the choices you have. It also describes how we handle data accessed through the eBay developer APIs on behalf of our customers.
Information we collect
We collect three categories of information:
- Account information you provide. Name, email address, business name, and billing information you submit when creating an account, starting a free trial, or contacting us.
- eBay account data you authorize.When you connect your eBay account via OAuth, CritFlip receives an access token that allows the app to query eBay's Buy and Trading APIs on your behalf. We do not receive your eBay password.
- Automatically collected technical data.IP address, browser type, pages requested, timestamps, and similar data captured by our hosting provider's server logs and analytics.
How we use your information
- To operate CritFlip and provide the features you sign up for.
- To call the eBay APIs you authorize us to call, on your behalf, with the access token you supplied through OAuth.
- To bill you and prevent fraud or abuse.
- To respond to support requests sent to support@critflip.app.
- To send transactional messages (receipts, account-status notices, policy updates). You will not receive marketing email from us unless you opt in separately.
Third parties we share data with
We rely on a small number of infrastructure and service providers to run CritFlip. Each receives only the data necessary to perform its function and operates under standard commercial data-processing terms. Current sub-processors include:
- Vercel — hosting and request serving (United States).
- eBay— when you authorize an eBay connection, your access token is used to call eBay's APIs and is stored at rest so it can be refreshed automatically.
- Payment processor — Stripe or a comparable provider for subscription billing. We do not store full card numbers on our own servers.
- Email delivery — Resend or a comparable provider for transactional email (receipts, password resets).
- Error and uptime monitoring — a provider such as Sentry receives stack traces and request metadata when CritFlip encounters an error.
We do not sell your personal information. We do not share eBay user data we receive on your behalf with anyone other than you and the sub-processors above.
eBay data, specifically
CritFlip queries eBay's public listing surface (Browse, Finding, and Trading APIs) on your behalf. We retain copies of listing metadata — titles, descriptions, photos, prices, condition codes, shipping options, and seller usernames — for as long as those listings are relevant to your active arbitrage decisions and historical reporting.
We do not access buyer accounts, payment instruments, addresses, or private messages, except where you have explicitly authorized a transaction through the CritFlip in-app checkout flow.
eBay Marketplace Account Deletion / Closure
CritFlip complies with eBay's Marketplace Account Deletion / Closure notification program. eBay notifies our endpoint at critflip.app/ebay/account-deletion/<tenant> when an eBay user requests deletion of their marketplace account. We acknowledge the notification within seconds and remove or anonymize the associated public seller identifiers from our retained listing records within a reasonable period thereafter.
Third-party AI providers
Some CritFlip features (e.g. listing scoring, summarization) may be powered by third-party AI providers. When you use those features, listing content or your prompts may be sent to providers including:
- OpenAI — privacy policy
- Anthropic — privacy policy
- Google AI — privacy policy
Where we use these providers under their API agreements, we have configured the integration so that your inputs are not used to train their public models. You can disable AI-powered features in your account settings if you prefer.
Cookies and tracking
CritFlip sets a small number of strictly necessary cookies — for example, to keep you signed in. See the Cookie Notice for the full list and purpose of each cookie.
Security
All traffic between you, CritFlip, and our sub-processors is transmitted over TLS 1.2 or higher. Database access is restricted to authorized service accounts. Per-customer data isolation is enforced by application logic and database-level policy.
Data retention and deletion
You can request export or deletion of your CritFlip account data at any time by emailing privacy@critflip.app. We will respond within 30 days. We may retain anonymized billing records and similar logs as required by applicable accounting and tax law.
Children
CritFlip is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, email privacy@critflip.app.
Your rights (GDPR / CCPA)
Depending on your jurisdiction, you may have the right to access, correct, port, or delete your personal information; to object to or restrict certain processing; and to opt out of the sale of personal information. CritFlip does not sell personal information. To exercise any of these rights, email privacy@critflip.app.
Changes to this policy
We may update this policy from time to time. The “last updated” date at the top of the page reflects the most recent change. Material changes will additionally be communicated by email to active account holders.
Contact
West Michigan 3PL Inc
1291 Lincoln Rd, Ste 16
Allegan, MI 49010
privacy@critflip.app
This document is a plain-language statement of policy and does not constitute legal advice.