Privacy policy
Last updated, April 13, 2026. Effective immediately.
Stallscore is an independent tool for Etsy sellers, run by one person. We do not sell your data, we do not train AI on your listings, we do not run tracking pixels. This page explains exactly what we touch and what we keep.
What we read from your shop
When you connect your Etsy shop, we use Etsy's official OAuth API to read the fields on your active listings only, title, description, tags, materials, photo count, video presence, shipping cost, and section assignment. We run those fields through our scoring rules and hand the report back to your browser.
What we actually store
- A hashed Etsy user ID. We never store your raw ID, name, or email address.
- Your shop ID, so we know which shop to audit on the next request.
- The number of audits you have run this month, so the free tier can count correctly.
- Your subscription status, free, Pro, or Lifetime.
- Your Etsy OAuth tokens, encrypted in Cloudflare KV, auto-expired after 30 days of no use.
We do not store listing titles, descriptions, tags, photos, sales data, buyer information, or any shop content. The audit runs in memory each time you click "Re-run audit" and the results go straight to your browser.
Sub-processors
| Service | What it does | What it sees |
|---|---|---|
| Etsy | Official listing API | OAuth token with your consent |
| Cloudflare | Hosting, Workers, KV, D1 | Hashed user ID, audit counts, OAuth tokens |
| Stripe | Payment processing | Card details. We never see them. |
What we do not do
- We do not auto-apply changes to your listings. Every fix requires your explicit click.
- We do not share or sell your shop data to any third party.
- We do not use your listings, photos, or descriptions to train AI models.
- We do not use tracking cookies, analytics pixels, or advertising tags.
Your rights
- Access. Email us and we will send back every row we hold on your account.
- Deletion. Delete your account at any time and every D1 row plus KV token is cleared within 48 hours. User records auto-delete after 12 months of inactivity regardless.
- Portability. We will send all data we hold on you as JSON.
- Revoke Etsy access. Visit etsy.com/your/apps and revoke Stallscore at any time. You do not need to tell us first.
- Objection and restriction. You may object to processing or ask us to restrict it while a complaint is being investigated.
- Complaint to a supervisory authority. EU and UK users can lodge a complaint with their national data protection authority (list at edpb.europa.eu/members).
Data controller
The data controller for Stallscore is Povilas Konopackas, a sole trader based in Lithuania, EU. Contact: povkonop@gmail.com. This is also the address for any GDPR request.
Contact
Questions, complaints, or data requests, email povkonop@gmail.com. A human answers, usually within one working day.