Legal
Privacy policy
How Sellarix Ltd collects, uses, shares and protects personal data under the UK GDPR and the Data Protection Act 2018.
Last updated 9 June 2026
This privacy policy explains how Sellarix Ltd collects, uses, shares and protects personal data when you visit sellarix.ai, join our waitlist, contact us, apply for a role, or use the Sellarix platform (the "Service"). We process personal data in line with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and, where it applies, the EU GDPR.
Please read this policy alongside our Cookie policy and, for personal data we process on your behalf as your processor, our Data Processing Addendum. By using the Service you acknowledge the practices described here.
Who we are
Sellarix Ltd ("Sellarix", "we", "us", "our") is the data controller for the personal data described in this policy. We are a company registered in England and Wales under company number 15102874, with our registered office at 20 Wenlock Road, London, England, N1 7GU.
We have not appointed a statutory Data Protection Officer, as we are not required to. Our data-protection contact is reachable at hello@sellarix.ai. For any data-protection question, or to exercise your rights, contact us at that address or write to us at the registered office above. We aim to respond within one month.
Controller and processor: which hat we wear
For some personal data we are the controller, meaning we decide why and how it is processed: this covers your account, billing, marketing and website data. For the personal data inside the store, catalogue and customer records you connect to the Service (for example your own customers' names, contact details and orders), you are the controller and we act as your processor, processing it only on your instructions under the Data Processing Addendum. This policy concerns the data for which we are the controller.
The personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
- Identity and contact data: your name, business or store name, work email address, role or job title, country, telephone number and store URL.
- Account and profile data: login credentials (held in hashed form), account settings, roles, permissions and preferences.
- Connected store data: data you connect from your storefront, ERP, PIM or marketing tools. This may contain personal data about your own customers, which we process as your processor under the Data Processing Addendum.
- Transaction and billing data: plan, billing contact, billing address, VAT number, payment-method token and invoice history. Card details are handled by our payment processor; we do not store full card numbers.
- Usage and technical data: IP address, device type, operating system, browser type and settings, language, referring pages, pages viewed, features used, and dates and times of access, collected through cookies and similar technologies.
- Communications data: the content of messages, support tickets, survey responses and our correspondence with you.
- Marketing and consent data: your preferences for receiving marketing, and records of the consents you have given or withdrawn.
- Recruitment data: where you apply for a role, the information in your application, CV and any correspondence.
We do not intentionally collect special category data (such as data about health, race, religion, or political or sexual orientation), and we ask you not to provide it to us in free-text fields.
How we collect your personal data
- Directly from you: when you complete a form, join the waitlist, book a demo, create an account, contact support, respond to a survey, or use the Service.
- Automatically: through cookies and similar technologies when you use our website, as described in our Cookie policy.
- From services you connect: from the platforms and tools you authorise us to connect to (for example your ecommerce store), at your direction.
- From third parties: from our analytics, infrastructure and security providers, and from publicly available sources, where lawful.
How and why we use your data, and our lawful bases
We only use personal data where the law allows. The table below sets out our purposes, the data involved and the lawful basis we rely on under Article 6 of the UK GDPR.
| Purpose | Data used | Lawful basis |
|---|---|---|
| Provide, operate and maintain the Service and respond to your requests | Identity, contact, account, connected store, usage | Performance of a contract |
| Manage the waitlist and early-access programme | Identity, contact, marketing | Consent; and our legitimate interest in launching the product |
| Take payment and manage billing | Identity, transaction, billing | Performance of a contract; legal obligation (tax records) |
| Secure, monitor, troubleshoot and improve the Service | Account, usage, technical, communications | Legitimate interests in running a safe, reliable business |
| Send service and transactional messages (for example security or billing notices) | Identity, contact, account | Performance of a contract; legitimate interests |
| Send marketing updates where you have opted in | Identity, contact, marketing | Consent (which you can withdraw at any time) |
| Handle recruitment | Recruitment, identity, contact | Legitimate interests; steps to enter a contract |
| Comply with law and defend legal claims | Any relevant data | Legal obligation; legitimate interests |
Where we rely on legitimate interests, we have balanced those interests against your rights and freedoms. You can ask us about that assessment at any time.
AI and automated processing
Sellarix uses AI to power features such as conversational search, recommendations, content generation, customer service and forecasting. When we process the store data you connect with AI, we do so on your documented instructions as your processor, under the Data Processing Addendum. All AI-generated media we produce carries machine-readable synthetic-media marking, and our AI assistants disclose that they are AI, in line with Article 50 of the EU AI Act.
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing without a lawful basis and appropriate safeguards. Where any such decision is made, you have the right to obtain human review, to express your point of view, and to contest the decision.
Marketing and your choices
Where you have opted in, or where we are otherwise permitted, we may send you product updates and marketing by email. Every marketing email contains an unsubscribe link, and you can opt out at any time by using that link or by emailing us. Opting out of marketing does not stop service or transactional messages that we need to send you.
Who we share your data with
We share personal data only where necessary, and only with recipients who are bound to protect it:
- Service providers and sub-processors who help us operate, including hosting and infrastructure, database, email delivery, payment processing, analytics, customer support and security providers, under contracts that require them to protect your data and process it only on our instructions.
- The platforms and integrations you choose to connect, at your direction.
- Professional advisers such as lawyers, accountants and auditors, where needed.
- Authorities, regulators or law-enforcement bodies, where we are required to by law or to protect our rights.
- A buyer or successor, and their advisers, in connection with a merger, acquisition, financing or business transfer, subject to this policy.
We maintain a list of our sub-processors and can provide it on request. We do not sell your personal data, and we do not share it for third-party advertising.
International transfers
Where we offer UK or EU data residency for platform data, we keep that data in the chosen region. Where personal data is transferred outside the UK or the European Economic Area (EEA), we make sure it is protected by an adequacy decision, or by appropriate safeguards such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses, together with any supplementary measures needed. You can ask us for a copy of the safeguards we use.
How long we keep your data
We keep personal data only for as long as necessary for the purposes set out above, then delete or anonymise it. Our general retention periods are:
| Data | Retention period |
|---|---|
| Account and platform data | While your account is active, then up to 12 months after closure |
| Connected store data (as processor) | For the term of the Service, then deleted or returned per the DPA |
| Billing and tax records | 6 years, as required by UK tax law |
| Waitlist and marketing data | Until you opt out or it is no longer relevant, then deleted |
| Support and correspondence | Up to 3 years after the matter is closed |
| Website and analytics data | Up to 26 months |
| Unsuccessful job applications | Up to 12 months |
How we protect your data
We use technical and organisational measures appropriate to the risk, including encryption in transit and at rest, access controls and least privilege, tenant isolation, network protection, logging and monitoring, secure software-development practices, staff training, and supplier due diligence. No system is perfectly secure, but we work to protect your data and to detect, contain and respond to any incident promptly. Where the law requires, we will notify you and the regulator of a personal data breach.
Your rights
Under the UK GDPR you have the following rights, which you can exercise free of charge in most cases:
- The right to be informed about how we use your data (this policy).
- The right of access to a copy of the personal data we hold about you.
- The right to rectification of inaccurate or incomplete data.
- The right to erasure (the right to be forgotten) in certain circumstances.
- The right to restrict processing in certain circumstances.
- The right to data portability, to receive your data in a structured, commonly used, machine-readable format.
- The right to object to processing based on legitimate interests, and to object to direct marketing at any time.
- Rights in relation to automated decision-making and profiling.
- The right to withdraw consent at any time, where we rely on consent, without affecting earlier processing.
To exercise any right, email hello@sellarix.ai. We may need to verify your identity. We will respond within one month, which we can extend by two further months for complex requests, telling you if we do.
Cookies
We use cookies and similar technologies as described in our Cookie policy. You can manage your preferences at any time through our cookie controls.
Children
Sellarix is a business tool and is not directed at children. We do not knowingly collect personal data from children under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
Third-party websites
Our website and the Service may link to third-party sites and services. We are not responsible for their content or privacy practices, and we encourage you to read their policies.
Changes to this policy
We may update this policy from time to time. The current version is dated 9 June 2026. We will post any changes on this page and, where the changes are significant, tell you directly.
How to complain
If you have a concern about how we handle your personal data, please contact us first so we can try to resolve it. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority, at ico.org.uk, or with your local supervisory authority in the EEA.
Contact us
For any privacy question, or to exercise your rights, contact us:
Sellarix Ltd, 20 Wenlock Road, London, England, N1 7GU. Email: hello@sellarix.ai.