Back to Home
GDPR & CCPA Compliant

Privacy Policy

At WorkerHub, your privacy isn't an afterthought—it's the foundation of everything we build. Learn how we collect, use, and protect your personal information with strict compliance to GDPR, CCPA, and global data protection standards.

Last updated: October 2025
GDPR & CCPA Certified

Table of Contents

1.Introduction2.Information We Collect3.How We Use Your Information4.Data Sharing and Disclosure5.Data Security6.Data Retention and Deletion7.Your Privacy Rights8.International Data Transfers9.Children's Privacy10.Cookies and Tracking11.Third-Party Links12.AI and Automated Decision-Making13.Marketing Communications14.California Privacy Rights (CCPA)15.Business Changes16.Updates to This Privacy Policy17.Contact Information18.Amazon Specific Disclosures19.Definitions20.Consent

1. Introduction

Welcome to WorkerHub ("we," "our," or "us"). This Privacy Policy explains how WorkerHub AI Automation, operated by SR LOGISTICS, collects, uses, discloses, and protects your information when you use our AI-powered automation platform for Amazon sellers.

Company Information:

  • Legal Entity: SR LOGISTICS
  • Location: Brussels, Belgium
  • Website: https://workerhub.app
  • Contact Email: contact@workerhub.app
  • Contact Address: Avenue de Stalingrad 52, 1000 Brussels, Belgium

By using WorkerHub, you agree to the collection and use of information in accordance with this Privacy Policy. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR) and Belgium's data protection legislation.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Full name
  • Email address
  • Business name
  • Phone number (optional)
  • Billing address
  • Payment information (processed securely through Stripe)

Amazon Seller Account Information:

  • Amazon Seller Central credentials (OAuth tokens only, never passwords)
  • Marketplace IDs
  • Seller ID
  • Amazon Store information

2.2 Information Collected Through Amazon SP-API

When you authorize WorkerHub to access your Amazon Seller account through the Amazon Selling Partner API (SP-API), we collect:

Product Listing Data (for SOPHIA - Listing Optimizer):

  • Product titles, descriptions, bullet points
  • Product images and specifications
  • Keywords and search terms
  • Product categories and attributes
  • ASIN and SKU information
  • Listing performance metrics

Pricing Data (for SOPHIA & MAX):

  • Current product prices
  • Market pricing information (publicly available)
  • Historical pricing data
  • Buy Box information

Campaign Data (for MARCUS - PPC Manager):

  • Advertising campaign performance metrics
  • Keyword bid data
  • ACoS (Advertising Cost of Sale) metrics
  • Campaign budgets and spending
  • Click-through rates and conversion data

Inventory Data (for ETHAN - Inventory Manager):

  • Stock levels and availability
  • Inventory turnover rates
  • FBA (Fulfillment by Amazon) inventory data
  • Reorder recommendations
  • Supplier information (if provided)

Review Data (for SARAH - Review Manager):

  • Product reviews and ratings (publicly available)
  • Review sentiment scores
  • Reviewer usernames (publicly available)
  • Review timestamps and response history

Market Intelligence Data (for MAX):

  • Market product information (publicly available)
  • Market trends and demand patterns
  • Seasonal sales data
  • Niche opportunity insights

Important Note: We do NOT collect: Customer personal information, purchase history, Amazon customer contact information, or any PII of your customers.

2.3 Automatically Collected Information

Usage Data:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Pages visited and time spent
  • Features used within WorkerHub
  • Actions taken within the platform

Cookies and Tracking Technologies:

  • Session cookies (essential for platform functionality)
  • Analytics cookies (Google Analytics, with anonymized IP)
  • Preference cookies (to remember your settings)

3. How We Use Your Information

3.1 Primary Uses

To Provide Our Services:

  • Analyze and optimize your product listings (SOPHIA)
  • Manage and optimize PPC campaigns (MARCUS)
  • Monitor market trends and opportunities (MAX)
  • Forecast demand and manage inventory (ETHAN)
  • Track and analyze reviews (SARAH)
  • Generate performance reports and analytics
  • Provide AI-powered recommendations

To Improve Our Platform:

  • Develop new features and AI capabilities
  • Train and improve our AI models (using aggregated, anonymized data only)
  • Identify and fix technical issues
  • Conduct research and analytics

For Communication:

  • Send service-related notifications
  • Respond to your support requests
  • Send important platform updates
  • Provide customer support

For Billing and Account Management:

  • Process subscription payments
  • Send invoices and payment confirmations
  • Manage your account and subscription
  • Prevent fraud and unauthorized access

3.2 Legal Bases for Processing (GDPR)

  • Contract Performance: To provide the services you've subscribed to
  • Legitimate Interest: To improve our services, prevent fraud, and ensure platform security
  • Consent: For marketing communications (you can opt-out anytime)
  • Legal Obligation: To comply with applicable laws and regulations

4. Data Sharing and Disclosure

4.1 We DO NOT:

Sell your data to third parties

Share your data with advertisers

Aggregate your data with other sellers' data

Use your data to compete with you

Share your business insights with competitors

Access Amazon customer PII

4.2 We MAY Share Data With:

Supabase (PostgreSQL)

Database hosting (encrypted storage)

Groq AI

AI processing for recommendations (no data retention)

Stripe

Payment processing (PCI-DSS compliant)

Google Analytics

Usage analytics (anonymized data)

Amazon Web Services (AWS)

Infrastructure hosting (if applicable)

Legal Requirements:

  • Comply with legal processes
  • Protect our rights and property
  • Prevent fraud or security threats
  • Protect the safety of users or the public

Business Transfers:

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the new entity, with the same privacy protections.

4.3 Amazon Data Sharing Compliance

  • We share data ONLY with service providers that have data security standards at least as strict as ours
  • We conduct due diligence on all data partners
  • We maintain written agreements with all data processors
  • We do NOT share Amazon Information with parties we know or suspect will violate Amazon's policies

5. Data Security

5.1 Security Measures

We implement industry-standard security measures to protect your data:

Encryption:

  • Data in Transit: TLS 1.3 encryption for all data transmission
  • Data at Rest: AES-256 encryption for stored data
  • Database Encryption: PostgreSQL encryption enabled via Supabase
  • API Keys: Stored in secure secrets management (AWS Secrets Manager or equivalent)

Access Controls:

  • Multi-Factor Authentication (MFA) required for all team members
  • Role-Based Access Control (RBAC) with least privilege principle
  • Regular access audits and reviews
  • Automatic session timeouts

Network Security:

  • Firewall protection and network segmentation
  • Intrusion detection and prevention systems
  • DDoS protection (AWS Shield or equivalent)
  • Regular security vulnerability scans

Monitoring and Response:

  • 24/7 security monitoring
  • Automated threat detection
  • Incident response plan in place
  • Regular security audits and penetration testing

Compliance:

  • Amazon Data Protection Policy (DPP) compliant
  • Amazon Acceptable Use Policy (AUP) compliant
  • GDPR compliant
  • SOC 2 Type II roadmap (in progress)

5.2 Data Breach Notification

  • We will notify affected users within 72 hours
  • We will notify Amazon within 24 hours if Amazon data is affected
  • We will notify relevant supervisory authorities as required by GDPR
  • We will provide details of the breach and remediation steps

6. Data Retention and Deletion

6.1 Retention Period

Active Accounts:

  • Account data: Retained while your account is active
  • Amazon data: Retained while you maintain an active subscription
  • Usage logs: 12 months for security and analytics purposes
  • Financial records: 7 years for tax and legal compliance

Inactive Accounts:

  • After account cancellation: Data retained for 30 days (to allow reactivation)
  • After 30 days: All personal data permanently deleted

6.2 Data Deletion Rights

You have the right to request deletion of your data at any time:

How to Request Deletion:

  • Email us at data-security@workerhub.app
  • Use the "Delete Account" feature in your dashboard
  • Contact our support team

Deletion Timeline:

  • Personal data: Deleted within 30 days of request
  • Amazon data: Deleted immediately upon request or account cancellation
  • Backup data: Permanently deleted within 90 days

Exceptions:

  • Legal obligations (e.g., tax records)
  • Pending legal disputes
  • Fraud prevention and security investigations

6.3 Amazon Data Deletion Compliance

  • Amazon Information is deleted within 30 days of Amazon's request
  • Data is securely deleted following industry standards (NIST guidelines)
  • Data is not recoverable after deletion
  • We maintain audit logs of deletion activities

7. Your Privacy Rights

7.1 GDPR Rights (for EU/EEA Users)

You have the following rights under GDPR:

Right to Access:

  • Request a copy of all personal data we hold about you
  • Receive data in a structured, machine-readable format (data portability)

Right to Rectification:

  • Correct inaccurate or incomplete personal data

Right to Erasure ("Right to be Forgotten"):

  • Request deletion of your personal data

Right to Restriction:

  • Request restriction of processing your data

Right to Object:

  • Object to processing based on legitimate interests
  • Object to direct marketing (opt-out)

Right to Data Portability:

  • Receive your data in a portable format
  • Transfer data to another service provider

Right to Withdraw Consent:

  • Withdraw consent for data processing at any time

Right to Lodge a Complaint:

  • File a complaint with the Belgian Data Protection Authority (APD/GBA)

7.2 How to Exercise Your Rights

Contact Methods:

  • Email: data-security@workerhub.app
  • In-app: "Privacy Settings" in your dashboard
  • Mail: SR LOGISTICS, Avenue de Stalingrad 52, 1000 Brussels, Belgium

Response Time:

  • We will respond within 30 days (GDPR requirement)
  • We may request identity verification for security purposes

8. International Data Transfers

Primary Data Location:

  • Data is primarily stored in EU/EEA data centers (via Supabase EU region)

Third-Party Services:

Some service providers may process data outside the EU/EEA. We ensure adequate safeguards through:

  • Standard Contractual Clauses (SCCs)
  • Privacy Shield certification (where applicable)
  • GDPR-compliant data processing agreements

9. Children's Privacy

WorkerHub is a B2B service intended for business users only. We do not knowingly collect information from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will delete it immediately.

10. Cookies and Tracking

10.1 Types of Cookies We Use

Essential Cookies:

  • Session management
  • Authentication
  • Security features
  • Cannot be disabled

Analytics Cookies:

  • Google Analytics (anonymized IP)
  • Usage statistics
  • Feature performance
  • Can be disabled in settings

Preference Cookies:

  • Language preferences
  • Dashboard settings
  • Theme preferences
  • Can be disabled in settings

10.2 Cookie Management

  • Your browser settings
  • Our Cookie Consent Manager (on first visit)
  • Privacy settings in your WorkerHub dashboard

12. AI and Automated Decision-Making

12.1 AI Processing Transparency

WorkerHub uses AI (Groq LLM) to provide:

  • Listing optimization suggestions (SOPHIA)
  • PPC bid recommendations (MARCUS)
  • Market trend insights (MAX)
  • Inventory forecasts (ETHAN)
  • Review sentiment analysis (SARAH)

Important Notes: All AI recommendations are suggestions only. You maintain full control and must approve all actions. No automated decisions are made without your explicit approval. AI models do NOT use your data to train on other sellers' behalf.

12.2 AI Data Usage

  • Your data is processed in real-time for recommendations
  • Data is NOT retained by Groq AI after processing
  • We use aggregated, anonymized data to improve AI models
  • Individual seller data is never shared with AI training datasets

13. Marketing Communications

13.1 Types of Communications

Transactional (Cannot Opt-Out):

  • Account notifications
  • Security alerts
  • Billing and payment confirmations
  • Service updates affecting your account

Marketing (Can Opt-Out):

  • Product updates and new features
  • Educational content and tips
  • Promotional offers
  • Newsletters

13.2 Opt-Out Options

How to Unsubscribe:

  • Click "Unsubscribe" in any marketing email
  • Adjust preferences in your dashboard
  • Email us at data-security@workerhub.app

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to Know:

  • Categories of personal information collected
  • Sources of information
  • Business purposes for collection
  • Categories of third parties with whom we share data

Right to Delete:

  • Request deletion of personal information

Right to Opt-Out:

  • Opt-out of sale of personal information (Note: We do NOT sell personal information)

Right to Non-Discrimination:

  • We will not discriminate against you for exercising your CCPA rights

How to Exercise CCPA Rights:

  • Email: data-security@workerhub.app
  • Phone: Available upon request via email
  • Response time: 45 days

15. Business Changes

In the event of:

  • Merger or acquisition
  • Sale of assets
  • Bankruptcy or restructuring

Your data may be transferred to the successor entity, subject to:

  • The same privacy protections
  • Notice to affected users
  • Option to delete your data before transfer

16. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices
  • Legal or regulatory requirements
  • New features or services

Notification of Changes:

  • Email notification for material changes
  • In-app notification banner
  • Updated "Last Updated" date at the top of this policy

Your Continued Use: Continued use of WorkerHub after changes constitutes acceptance of the updated Privacy Policy.

17. Contact Information

17.1 Privacy Questions or Concerns

  • Email: data-security@workerhub.app
  • Mail: SR LOGISTICS
  • Avenue de Stalingrad 52
  • Brussels, Belgium
  • Response Time: Within 48 hours for urgent matters, 5 business days for general inquiries

17.2 Data Protection Officer (if applicable)

  • DPO Name: To be appointed
  • DPO Email: data-security@workerhub.app

17.3 Supervisory Authority

For EU/EEA users, you can contact:

  • Belgian Data Protection Authority (APD/GBA)
  • Rue de la Presse 35, 1000 Brussels, Belgium
  • Phone: +32 (0)2 274 48 00
  • Email: contact@apd-gba.be
  • Website: www.dataprotectionauthority.be

18. Amazon Specific Disclosures

18.1 Amazon Services API Compliance

WorkerHub is built using the Amazon Selling Partner API (SP-API) and complies with:

  • Amazon Services API Developer Agreement
  • Amazon Data Protection Policy (DPP)
  • Amazon Acceptable Use Policy (AUP)

18.2 Amazon Information Usage

We use Amazon Information solely to:

  • Provide the WorkerHub services you subscribed to
  • Help you manage and grow your Amazon business
  • Generate insights and recommendations for your business

We do NOT:

  • Access Amazon customer PII without proper authorization
  • Share Amazon Information with unauthorized parties
  • Use Amazon Information to compete with you
  • Aggregate your Amazon data with other sellers' data

18.3 Amazon Authorization

  • You authorize WorkerHub through Amazon's OAuth 2.0 workflow
  • You can revoke authorization at any time via Amazon Seller Central
  • We store only refresh tokens (not passwords)
  • Tokens are encrypted and secured

18.4 Restricted Data Access

If you grant us access to Restricted Data (PII):

  • We access it ONLY for authorized purposes (e.g., order fulfillment assistance)
  • We delete it within the retention period specified by Amazon
  • We comply with all Amazon security requirements

19. Definitions

  • Amazon Information: Data received through Amazon Services API
  • Personal Data: Information relating to an identified or identifiable person
  • Processing: Any operation performed on personal data
  • Controller: Entity that determines purposes and means of processing
  • Processor: Entity that processes data on behalf of the controller
  • PII (Personally Identifiable Information): Data that can identify a specific individual