DropXRay← Back to home

Last updated: 2026-05-06

Privacy Policy

DropXRay is a research tool for eBay dropshippers. This page explains what data we collect, why we collect it, and what we will never do with it. We wrote this in plain English because legal boilerplate is useless for anyone trying to understand how their data is handled.

1. What we collect and why

DropXRay collects the minimum data required to run the service. Specifically:

  • Account identity. Your name and email, managed through Clerk (our authentication provider). We use this to log you in and send occasional service-related emails.
  • Linked eBay usernames. When you link an eBay account to DropXRay, we store the username so we can associate scraped data and orders with the right seller profile.
  • Competitor research data. Public product and seller information our spider pulls from eBay search results and storefronts, so you can research the competitive landscape.
  • Your own eBay orders.When the Chrome extension detects new orders on your own Seller Hub, it posts them to DropXRay so you can track fulfillment, fees, and profit. This is read from the page DOM — we do not use the eBay API.
  • Buyer addresses and order details.When you open an order in Seller Hub, the extension can sync the buyer’s shipping address, tracking number, and amount paid so you can track fulfillment and ship from suppliers. This data is yours (the seller); DropXRay holds it on your behalf and never shares it with anyone outside your account.
  • Saved supplier products.When you click “Save to DropXRay” on an Amazon (or future Walmart / Home Depot / AliExpress) product page, we store the title, price, images, and supplier URL so you can list, monitor, or reprice it later. We never auto-scrape; saving is always an explicit action.
  • Listings you create. Title, description, price bounds, category, and the eBay item ID after you push. Used to run the bulk lister, repricer, and stock monitor.
  • Spider session metadata. Timestamps, scan targets, result counts, and health signals so we can debug failures and show you progress.
  • Contact form submissions. If you email us or submit the access request form, we keep the message so we can reply.
  • Error reports and performance metrics. When something crashes in the dashboard, we send a stack trace + the relevant URL to Sentry so we can fix it. Personal data (IPs, headers, request bodies) is filtered out by default; we ship only the minimum needed to reproduce. Anonymous page-load timings go to Vercel Analytics.

2. How we use your data

Your data is used to run DropXRay for you, and nothing else. That means displaying your dashboard, computing stats across your linked accounts, running spider sessions you start, syncing orders from your extension, and answering support questions.

We may look at aggregated usage (e.g. “how many sessions ran this week”) to improve the product. We do not build individual profiles for advertising or resale.

3. What we do NOT do

  • We do not sell your data to third parties. Ever.
  • We do not share your account data with eBay. DropXRay is not affiliated with eBay and does not report user activity to eBay.
  • We do not run ads against your data.
  • We do not use the eBay API, which means we do not hand eBay a list of accounts using our service.

4. Cookies and analytics

DropXRay uses cookies in two places. First, Clerk sets an authentication session cookie so you stay logged in — this is strictly necessary for the app to function. Second, we use Vercel Analytics for basic, privacy-respecting traffic measurement (page views, referrers). Vercel Analytics does not use cross-site tracking cookies and does not sell data.

The Chrome extension stores a small amount of local state (your session token, config, and order cache) inside Chrome’s extension storage. That data never leaves your browser except when it is sent to DropXRay for sync.

4a. Subprocessors

We use a small set of vetted vendors to run DropXRay. Each handles a narrow slice of the system; none are given access to data they don’t need.

  • Vercel— hosts the dashboard, runs the API, stores blob assets. Located in the United States.
  • Supabase— managed Postgres database for your account, listings, orders, and supplier products. Encrypted at rest and in transit. US region.
  • Clerk— authentication. Stores your email, password hash, and session tokens. Never sees your eBay or supplier data.
  • Sentry— error monitoring. Receives stack traces and request URLs when something crashes. PII filters are on by default.
  • Upstash— rate-limiter cache (Redis). Stores hashed identifiers + a per-minute counter. No personal data; entries expire within minutes.
  • Stripe(after billing launch) — payment processing. Stripe holds your billing details; we receive only a customer ID and subscription status.

We do not transfer your data to any other vendor without prior notice and an updated subprocessor list.

5. Data retention

While your account is active, we keep your data so the product works. If you delete your account, we permanently remove your personal data and linked eBay identifiers within 30 days. We may keep fully anonymized, aggregated metrics (e.g. total scan counts) for internal analytics. Contact form submissions are kept for up to 12 months to maintain support history, then deleted.

6. Your rights

You can request an export of your data or delete your account at any time by emailing contact@dropxray.com. We reply within seven business days.

For users in the European Economic Area, the United Kingdom, or Switzerland: the data controller for your DropXRay account is the operator of dropxray.com, contactable at the email above. You have the right to access, rectify, erase, restrict, port, and object to processing of your personal data, and to lodge a complaint with your local supervisory authority. Your account-related processing is necessary for performance of the contract you accepted in our Terms of Service.

For California residents: under the CCPA you have the right to know what personal information we collect, request deletion, and opt out of any “sale” of personal information. We do not sell personal information.

7. Security

We take a boring, layered approach to security. Authentication is handled by Clerk, which means passwords never touch our servers — Clerk handles hashing, rotation, and session management. Data is stored in a managed Postgres instance with encryption in transit and at rest. Internal API keys (for example, service credentials between the dashboard and background workers) are scoped to the minimum permissions required, rotated on a schedule, and never exposed to the client.

No system is perfectly secure. If we ever discover a breach that affects your data, we will notify you promptly with a clear explanation of what happened and what to do.

8. Children under 13

DropXRay is a commercial tool for eBay sellers and is not intended for anyone under 13. We do not knowingly collect data from children. If you believe a child has signed up, email us and we will remove the account.

9. Changes to this policy

If we make material changes to this policy, we will update the “Last updated” date at the top and email active accountholders before the changes take effect. Minor edits (clarifications, typos, formatting) may happen without notice.

10. Contact

Questions about privacy or your data? Email contact@dropxray.com. A human will answer.

← Back to homeTerms of Service →