SellSafely

Security & Trust

What we actually do with your data.

Procurement, IT, and legal teams: this is the page you came here to read. No vague “privacy-first” copy — concrete handling, retention, and access decisions.

Access model

Four tiers. Right data, right audience.

Every published passport is rendered through a tier-aware view. Each tier exposes a progressively richer subset of the underlying data — the public never sees what only authorities should see, and authorities don't need to dig through internal drafts.

Public

Consumers, retailers, anyone with a QR scan

  • Product name + brand
  • Material composition (high-level)
  • Certifications + validity dates
  • Sustainability claims with summary rationale
  • Compliance disclosures (status only)

Partner

Customers, retailers under contract

  • Everything in Public
  • Detailed BOM / supplier breakdown (where shareable)
  • Lot- or batch-level traceability
  • Per-customer custom fields (e.g., PO references)

Authority

Regulators, market surveillance, certifying bodies

  • Everything in Public
  • Evidence document references (linked)
  • Review history + claim provenance
  • Audit trail for every published version
  • Retention: 10+ years per ESPR availability requirement

Internal

The brand's own compliance + ops team

  • Everything above + draft / pre-publish state
  • Supplier contact + workflow tasks
  • Pending evidence requests
  • Per-claim review decisions + reasoning

Data handling

EU residency, retention, and the artifacts we keep.

EU data residency

Where data lives

  • All visitor analytics on PostHog EU cloud (eu.i.posthog.com)
  • Contact-form email pipeline in AWS SES (eu-west-1)
  • Site assets served via Amplify edge (EU regional fallback)
  • Cookieless analytics — no persistent visitor identity stored
Retention

How long we keep things

  • Contact form submissions: 24 months (legitimate-interest follow-up)
  • Published passports + evidence: 10+ years per ESPR availability requirement[ESPR]
  • Analytics events: 365 days; aggregated metrics retained longer
  • Backups: encrypted, EU region, 30-day retention

Sub-processors

Third parties that touch your data.

Maintained list. Updated when we add or remove a processor. DPAs on file with each.

ProcessorPurposeRegion
AWS (Amazon Web Services)Hosting, compute (Amplify SSR, Lambda), storage (S3), CDN (CloudFront)EU (eu-west-1, eu-central-1)
AWS SESTransactional email (contact form, customer notifications)EU (eu-west-1)
CalendlyDemo scheduling — only loaded on form-success stateUS — covered by SCCs / DPA on file
PostHogProduct analytics (cookieless, no PII in events)EU (eu.i.posthog.com)
Cloudflare TurnstileContact form bot defense (invisible mode)Global edge — no PII processed
DPA

Need our DPA?

Standard Data Processing Agreement available on request. Email dpo@sellsafely.ai and we'll send it within 1 business day.

Privacy policy

GDPR data-subject rights

Access, deletion, rectification, portability, objection — see the privacy policy for details.

Material allocation vs material ledger

Two different problems. We solve one of them.

What we do

Material Allocation

Allocate certified material quantities and evidence coverage across shipment lines, products, and claims with explicit allocation methods (BOM-weight, unit-weight, equal-split with confirmation, manual).

  • Shipment-coverage support — “does this evidence cover this product line?”
  • Claim support allocation with reasoning recorded on every allocation
  • Evidence-linked claim records (per-product, with provenance)
What we don't replace

Material Ledger

A certified balance-reconciliation system that tracks volumes of certified material available for sale — bank-account-style accounting against scope and transaction certificates.

  • Certified balance reconciliation (e.g., Textile Exchange Trackit)[Textile Exchange Trackit]
  • Volume-tracking ledger across organizations + transactions
  • Trackit-style certified-balance accounting

Material allocation supports shipment-level claim records — recording which evidence backs which product line. It is not a substitute for certified material-ledger accounting. If you need certified-volume reconciliation across transactions, that's Trackit's domain[Textile Exchange Trackit].

Procurement questions we didn't answer?

We'd rather you ask before booking a demo. Pick “Technical review” on the form — we'll write back with what you need to clear procurement.