Privacy Policy

Crystal Magnate is a unified eCommerce operations platform that serves sellers and vendors across multiple marketplaces and sales channels, including Amazon, Shopify, and others. We consolidate order management, inventory control, financial reconciliation, advertising performance, and multi-channel analytics into a single platform — giving sellers enterprise-level operational visibility without the need for multiple disconnected tools.

Where a marketplace or platform authorizes Crystal Magnate to act on a client's behalf through an official solution provider or developer program, we access only the data that client has explicitly authorized, and solely to deliver the services they have requested.

Crystal Magnate accesses client data exclusively to deliver the operational features of our platform. All access requires explicit authorization from the client through the relevant marketplace or platform authorization flow. The categories of data we may access include:

• -Order and sales data — to power real-time revenue dashboards and P&L reporting
• -Inventory data — to monitor stock levels and prevent stockouts across channels
• -Financial and transaction data — for account reconciliation, fee tracking, and profit margin calculations
• -Advertising performance data — to surface spend, ROAS, and campaign metrics within our unified dashboard
• -Catalog and listing data — to display accurate product and inventory information inside the platform
• -Account performance data — to generate operational insights and analytics

Crystal Magnate employees, contractors, and agents directly involved in delivering services to your account may access your data on a strict need-to-know basis. All such personnel are:

• -Registered and verified under our solution provider accounts across relevant marketplaces
• -Required to complete identity verification where mandated by the relevant marketplace or platform
• -Bound by confidentiality obligations consistent with this Privacy Policy
• -Granted access only to the specific data required to perform their assigned function

We do not sell, rent, license, or share your data with any third party for marketing, advertising, competitive analysis, or any purpose unrelated to the direct delivery of our platform services to you.

We do not aggregate your data with data from other client accounts for any purpose.

We implement technical and organizational security measures appropriate to the sensitivity of the data we handle. Our security practices include:

• -Role-based access controls limiting data access to authorized personnel only
• -Encrypted storage and secure transmission of all client data
• -Audit logging of all data access events
• -Regular review of access permissions and security procedures
• -Compliance with the applicable data protection policies of each marketplace we operate within

We comply with all applicable data privacy laws including GDPR where applicable. In the event of a suspected data breach involving your data, we will notify you and the relevant marketplace promptly upon becoming aware of the incident.

Some features of the Crystal Magnate platform involve automated data pipelines, scheduled processing, and analytical models — for example, sales trend analysis, inventory forecasting, or advertising performance scoring.

Where any automated process or analytical model has a material impact on your business data or operational decisions, we will explicitly disclose this within the platform and document it in our service agreement with you.

All automated systems access client data only within the scope of your explicit authorization and only for the purpose of delivering platform features to you.

We retain client data only for as long as is necessary to deliver the services you have authorized, or as required by applicable law — for example, tax and financial record-keeping obligations.

Upon termination of your service engagement with Crystal Magnate, we will delete all associated account data in a timely manner, unless a longer retention period is required to fulfil a statutory obligation. You may request deletion of your data at any time by contacting us at the address below.

Clients may exercise the following rights with respect to their data held by Crystal Magnate:

• -Access — request a copy of the data we hold about your account
• -Correction — request correction of inaccurate or incomplete data
• -Deletion — request deletion of your data
• -Restriction — request that we restrict processing of your data
• -Portability — request transfer of your data in a structured format

To exercise any of these rights, contact us at privacy@crystalmagnate.com. We will respond to all requests without undue delay.

For privacy-related questions, data access requests, or concerns about how we handle your data: