Last updated: 24/03/26
LazyLister Limited understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of everyone who uses this Application, www.lazylister.app ("Our Application") and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Please read this Privacy Policy carefully and ensure that you understand it. Your acceptance of this Privacy Policy is requested before you use this Application.
In this Policy the following terms shall have the following meanings:
| Term | Definition |
|---|---|
| "Account" | means an account required to access and/or use certain areas and features of Our Application |
| "Cookie" | means a small text file placed on your computer or device by Our Application when you visit certain parts of Our Application and/or when you use certain features of Our Application. Details of the Cookies used by Our Application are set out in Part 15, below; and |
| "Cookie Law" | means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003; |
Our Application is owned and operated by LAZYLISTER Limited, a limited company registered in England under company number 16801336.
Data Protection Officer: Philip Nedev Logsdon
This Privacy Policy applies only to your use of Our Application. Our Application may contain links to other web Applications. Please note that we have no control over how your data is collected, stored, or used by other web Applications and we advise you to check the privacy policies of any such web Applications before providing any data to them.
Personal data is defined by the UK GDPR and the Data Protection Act 2018 (collectively, "the Data Protection Legislation") as 'any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier'.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
For more information about our use of your personal data or exercising your rights as outlined above, please contact us using the details provided in Part 18.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
Further information about your rights can also be obtained from the Information Commissioner's Office or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office. We would welcome the opportunity to resolve your concerns ourselves, however, so please contact us first, using the details in Part 18.
Depending upon your use of Our Application we may collect and hold some or all of the personal and non-personal data set out in the table below, using the methods also set out in the table. Please also see Part 15 for more information about our use of Cookies and similar technologies. We do not intentionally collect or require the submission of special category data (as defined in Article 9 UK GDPR), personal data relating to criminal convictions or offences, or personal data relating to children.
Our services are not designed to process such data. However, due to the nature of user-generated content (including uploaded images), there is a limited possibility that special category data may be processed incidentally where a user submits such information contrary to our instructions.
As described in Part 17 (Use of Generative Artificial Intelligence), we have implemented technical and organisational measures designed to minimise this risk, including user warnings, upload restrictions, purpose limitation and contractual safeguards with AI service providers.
Where incidental processing occurs, it is limited strictly to what is necessary to provide the requested service and is handled in accordance with UK data protection law.
| Data Collected | How We Collect the Data |
|---|---|
| Identity Information including name, email address, password or OAuth credentials | When you register or log in via Clerk |
| Contact information including address, name, email and phone number | When you register or log in via Clerk and entered at checkout through Stripe |
| eBay Account & Listing Data including store name, product listings, titles, prices, inventory, order history, access and refresh tokens | When you connect your eBay account via OAuth |
| Payment information including billing details, card information | Entered at checkout and processed directly by Stripe |
| Profile information including preferences, interests, data history | Automatically when using the application |
| Usage & Analytics Data including interaction logs, session metadata, chatbot messages | Automatically via Botpress analytics |
| Device and Technical data including IP address, browser type, OS, access times | Automatically when using the application |
| Listing Metadata including title, price, quantity, SKU, and live status updates (e.g. when offers are received or items are sold) | Stored temporarily in our Supabase database to display your dashboard. This data is synchronised with eBay to reflect real time listing status and is not retained for analytics, resales, or long term storage. |
Our Application is intended for use by individuals aged 18 or over. By creating an Account using our services, you confirm that you are at least 18 years old.
We do not knowingly collect, use, or process personal data relating to individuals under the age of 18. Our services are not directed at children, and we do not design Our features with children as the intended audience.
If we become aware that personal data has been provided by a person under the age of 18 in breach of Our Terms of Use, we will take reasonable steps to:
If you believe that a child has provided personal data to Us, please contact Us using the details set out in Part 2 so that we can investigate and take appropriate action.
Where we rely on contractual necessity as a lawful basis for processing personal data, this basis applies only to individuals legally capable of entering into a binding contract.
Under the Data Protection Legislation, we must always have a lawful basis for using personal data. The following table describes how we use your personal data, the lawful basis for each type of processing, and which data protection rights apply to you in each case.
Where we rely on legitimate interests as a lawful basis for processing, we have conducted a Legitimate Interests Assessment (LIA) to ensure that the processing pursues a legitimate business purpose, is necessary to achieve that purpose, and that our interests are not overridden by your fundamental rights and freedoms. You may request further information about our legitimate interests by contacting us using the details set out in Part 18.
| Processing Purpose | Personal Data Used | Lawful Basis | Your Rights |
|---|---|---|---|
| Providing our service To create and maintain your account, process your subscription, provide access to the Application, generate listings, and deliver the core functionality of the service. |
|
Contract: Processing is necessary to enter into or perform our contract with you. Where you connect your eBay account, processing of eBay data is necessary to provide the listing service you have requested. |
You have the right to:
|
| Account management and security To manage your account, verify your identity, handle authentication, maintain account security, and process account changes including closure. |
|
Contract: Processing is necessary to maintain and manage your account as part of our service. Consent: Where you create an account and agree to our terms. |
You have the right to:
|
| Payment processing To process subscription payments, manage billing, handle refunds, and maintain financial records. |
|
Contract: Processing is necessary to take payment for the service you have purchased. Legal obligation: We are required to maintain financial records for tax and accounting purposes. |
You have the right to:
|
| AI-assisted listing generation To process images you upload, generate product descriptions, titles, and other listing content using third-party AI services. |
|
Contract: Processing is necessary to deliver the AI-assisted listing features that form part of the service. Consent: You choose to upload images and use the AI features. |
You have the right to:
|
| Service updates and marketing To send essential service communications (such as feature updates, maintenance notices, and security alerts) and, where you consent, marketing communications about improvements or new features. |
|
Legitimate interests: We have a legitimate interest in keeping users informed about important changes to the service. We balance this against your rights and ensure marketing messages are optional with a clear opt-out. Consent: For marketing communications, we rely on your explicit consent. You may withdraw this at any time. |
You have the right to:
|
| Analytics and performance To understand how the Application is used, diagnose technical issues, and improve the service. This includes analytics via Google Analytics and Botpress. |
|
Legitimate interests: We have a legitimate interest in understanding how our Application is used so we can improve it. Consent: Analytics cookies are only placed with your explicit consent via our cookie banner. |
You have the right to:
|
| CRM, marketing automation, and affiliate tracking To manage customer relationships, send service and marketing communications, track user lifecycle events (such as account creation, first listing, and subscription), and attribute referrals via our affiliate programme. This includes use of Go High Level (HighLevel) as our CRM and marketing automation platform, and placement of affiliate tracking cookies where you arrive via an affiliate link. |
|
Legitimate interests: We have a legitimate interest in managing customer relationships, communicating relevant service updates, and operating an affiliate programme. Consent: Affiliate tracking cookies are only placed with your explicit consent via our cookie banner. Marketing emails require your consent or rely on the soft opt-in rule where applicable. |
You have the right to:
|
| Queries, complaints, and legal claims To respond to enquiries, resolve complaints, investigate potential misuse, and defend against or pursue legal claims. |
|
Contract: Where the query relates to your account or subscription. Legal obligation: Where we are required to respond to a legal or regulatory request. Legitimate interests: We have a legitimate interest in responding to enquiries, resolving disputes, and protecting our business from misuse. |
You have the right to:
|
Some personal data is required in order for us to provide our services and to enter into or perform a contract with you. This includes, but is not limited to, account registration details, authentication information, and payment information.
Where the provision of personal data is a contractual requirement or necessary to enter into a contract, failure to provide that data may mean that we are unable to create or maintain your account, process payments, or provide access to certain features of the Application.
Other personal data (such as marketing preferences) is optional. You are not required to provide optional data and may withdraw consent where applicable.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Your personal data will therefore be kept for the following periods (or, where there is no fixed period, the following factors will be used to determine how long it is kept):
| Type of Data | How Long We Keep It |
|---|---|
| Account registration and profile data | While your account is active and up to 30 days after deactivation. This is to allow you time to recover your account before full deletion. |
| Transactional, sales and payment records | 6 years from end of the relevant financial year. This is to ensure that we comply with all our legal and tax requirements. |
| Customer support and complaint records | 3 years after resolution for quality, dispute resolution, legal defence. |
| Marketing contact / preferences | Until you opt out and minimal record of opt-out status. This is to respect your choices while preventing unwanted contact. |
| AI-generated outputs and listing drafts | Until you delete them or your account is closed. They have no ongoing purpose beyond your use. |
| Application and analytic logs (cookies, IP, usage) | 12 months (or shorter, depending on purpose). To support diagnostics, improvements and performance metrics. |
We sometimes share personal information with trusted third parties in order to operate our service. These include:
Our Application also uses Supabase as a secure, cloud-hosted database for listing metadata. Supabase is used solely to store and synchronise listing information (such as titles, prices, quantities, SKUs and live status updates) to support your dashboard functionality. This information is automatically updated via your linked eBay account and is not used for analytics, profiling, or marketing. Where Supabase services are configured in an EU region, data is hosted in that region. However, Supabase, Inc. is a United States based entity, and personal data may be subject to restricted transfer outside the UK. Where such transfers occur, we rely on the UK Addendum to the EU Standard Contractual Clauses (SCCs) or other appropriate safeguards in accordance with UK GDPR.
Where personal data is transferred outside the United Kingdom, we rely on one of the following safeguards, as appropriate:
Where required, we conduct risk assessments to ensure that personal data transferred internationally is afforded a level of protection that is essentially equivalent to that required under UK data protection law.
You may contact us using the details in this Privacy Policy for further information about the specific safeguards applicable to a particular transfer.
We will use specific approved contracts which ensure the same levels of personal data protection that apply under the Data Protection Legislation. For further information, please refer to the Information Commissioner's Office.
Please contact us using the details below in Part 18 for further information about the particular data protection safeguards used by us when transferring your personal data to a third country.
The security of your personal data is essential to us and, to protect your data, we take a number of important measures, including the following:
We do not sell your personal data. We will only share your personal data with third parties where it is necessary, lawful, and subject to appropriate safeguards, including the following circumstances:
Some of our service providers are based outside the United Kingdom. When personal data is transferred internationally, we ensure it is protected by using appropriate safeguards in accordance with UK GDPR.
| Recipient | Activity Carried Out | Sector | Location | Transfer Safeguard |
|---|---|---|---|---|
| Clerk | Authentication & user account management | Processor | EU/US | UK Addendum to the EU Standard Contractual Clauses (SCCs) |
| Stripe Payments Europe Ltd | Payment processing | Independent Controller | EU | UK Adequacy Regulations (EEA) |
| eBay UK Limited | Marketplace connection and token authorisation | Independent Controller / Joint Controller | UK | N/A |
| Botpress | Chatbot support, analytics tracking & image storing | Processor | Canada/US | UK Adequacy Regulations (Canada – commercial organisations) and, where applicable, UK Addendum to EU Standard Contractual Clauses (SCCs) |
| Netlify, Inc. | Web hosting and infrastructure | Processor | US (with EU data centres where available) | UK Addendum to EU Standard Contractual Clauses (SCCs) |
| Supabase | Cloud database for listing metadata synchronisation (titles, prices, SKUs, and status updates) | Processor | US (EU region hosting where available) | UK Addendum to EU Standard Contractual Clauses (SCCs) |
| HighLevel, Inc. (Go High Level) | CRM, marketing automation, and affiliate referral tracking | Processor / Independent Controller | US | UK Addendum to the EU Standard Contractual Clauses (SCCs) |
If any of your personal data is shared with a third party, as described above, we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights, our obligations, and the third party's obligations under the law, as described above in Part 10.
If any personal data is transferred outside of the UK, we will take suitable steps in order to ensure that your personal data is treated just as safely and securely as it would be within the UK and under the Data Protection Legislation, as explained above in Part 10.
If we sell, transfer, or merge parts of our business or assets, your personal data may be transferred to a third party. Any new owner of our business may continue to use your personal data in the same way(s) that we have used it, as specified in this Privacy Policy.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
You may access certain areas of Our Application without providing any personal data at all. However, to use all features and functions available on Our Application you may be required to submit or allow for the collection of certain data.
You may restrict our use of Cookies. For more information, see Part 15 and our Cookie Policy.
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a "subject access request".
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 18. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is 'manifestly unfounded or excessive' (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 14 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
For the purposes of the UK General Data Protection Regulation ("UK GDPR"), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 ("PECR"), the data controller responsible for cookies and similar technologies used on this Application is:
LazyLister Limited (company number: 16801336)
Registered Office: 8 Raynham Avenue, Manchester, M20 6BW
Email: account@lazylister.app
Where third-party cookies are used (for example, analytics, payment processing, or chatbot services), those third parties may act as independent data controllers in respect of the personal data collected through their cookies. Further details are provided in the tables below.
Our Application uses cookies and similar technologies to ensure the proper functioning of the platform and to improve your experience. Some cookies are strictly necessary for the operation of the Application and do not require your consent. Other cookies (such as analytics or performance cookies) will only be placed on your device if you provide your explicit consent.
Our Application may place and access certain first-party Cookies on your computer or device. First-party Cookies are those placed directly by us and are used only by us. We use Cookies to facilitate and improve your experience of Our Application and to provide and improve our services. We have carefully chosen these Cookies and have taken steps to ensure that your privacy and personal data is protected and respected at all times.
By using Our Application, you may also receive certain third-party Cookies on your computer or device. Third-party Cookies are those placed by web Applications, services, and/or parties other than us. Third-party Cookies are used on Our Application for authentication and session management, payment processing, analytics and performance and hosting. For more details, please refer to the table below. These Cookies are not integral to the functioning of Our Application and your use and experience of Our Application will not be impaired by refusing consent to them.
All Cookies used by and on Our Application are used in accordance with current Cookie Law.
Before Cookies are placed on your computer or device, you will be shown a pop-up requesting your consent to set those Cookies. By giving your consent to the placing of Cookies you are enabling us to provide the best possible experience and service to you. You may, if you wish, deny consent to the placing of Cookies; however certain features of Our Application may not function fully or as intended. You will be given the opportunity to accept or reject non-essential cookies (including analytics and performance cookies) before they are placed on your device. Our consent banner allows you to accept or reject Cookies by category: (1) Strictly Necessary (always active), (2) Analytics and Performance, (3) Third Party / Functional. You may adjust these preferences at any time.
No non-essential cookies (including analytics, performance, functional, or third-party cookies) are placed on your device unless and until you have provided your explicit consent through our consent banner. Analytics tools (including Google Analytics and Botpress Analytics) are configured so that cookies are not set and tracking scripts do not execute prior to consent being recorded. If you reject non-essential cookies, those tools remain disabled. Strictly necessary cookies required for authentication, security, session management, and core functionality are set without consent in accordance with Regulation 6 of PECR.
Certain features of Our Application depend on Cookies to function. Cookie Law deems these Cookies to be "strictly necessary". Your consent will not be sought to place these Cookies, but it is still important that you are aware of them. You may still block these Cookies by changing your internet browser's settings, but please be aware that Our Application may not work properly if you do so. We have taken great care to ensure that your privacy is not at risk by allowing them.
These storage mechanisms are necessary to provide core functionality (such as authentication, analytics, and offline capability), to improve performance, and to enhance user experience. We do not use them for third-party advertising or cross-site tracking.
For full details of the Cookies we use, their purposes, classifications, and the third-party providers involved, please refer to Our Cookie Policy, available at: /cookie-policy.html.
We have voluntarily appointed a Data Protection Officer ("DPO") who is responsible for overseeing questions in relation to this Privacy Policy and our data protection practices.
Our DPO is responsible for overseeing questions in relation to this Cookie Policy and our data protection practices.
Data Protection Officer: Philip Nedev Logsdon
Email: DPO@lazylister.app
Postal Address: 8 Raynham Avenue, Manchester, M20 6BW
You have the right to contact our DPO regarding any issues relating to the processing of your personal data.
Our Application uses third-party artificial intelligence ("AI") services solely for the purpose of processing images of items that you wish to list. These AI services analyse your uploaded images to generate item descriptions, identify product features, and assist with the listing process.
Images uploaded to the Application for AI-assisted processing are retained by us only for as long as necessary to generate listings content and support related user functionality, unless you choose to save or publish the generated output within your account.
Where images are transmitted to third-party AI service providers for processing, those providers process the data on Our behalf in accordance with their applicable contractual terms. Such processing is limited to the time necessary to provide the requested AI functionality.
Our licence to use generated content under Our Terms of Use does not affect your data protection rights. Where generated content includes personal data, it will be processed and retained only for the purposes described in this Privacy Policy and in accordance with applicable data protection law.
The AI features within Our Application are designed exclusively to process images of items. They are not designed to process personal data, and we do not intend or expect any personal data to be submitted through this feature.
You must not upload any of the following through our AI-assisted image processing features:
We display a notice at the point of upload reminding you of these restrictions.
When you upload an image through our AI features, it is transmitted to our third-party AI service providers for processing. These providers act as data processors on Our behalf and process images solely for the purpose of generating listing content for you. Our current AI service providers are:
| Provider | Service | Location | Safeguard |
|---|---|---|---|
| OpenAI (ChatGPT) | Image analysis and content generation | United States | UK Addendum to the EU Standard Contractual Clauses (SCCs) |
| Google (Gemini) | Image analysis and content generation | United States | UK Addendum to the EU Standard Contractual Clauses (SCCs) |
| KimiK2 (Hosted on Fireworks) | Image analysis and content generation | United States | UK Addendum to EU Standard Contractual Clauses (SCCs) |
A copy of the relevant transfer safeguards can be obtained on request.
We engage third-party AI service providers to support AI-assisted functionality within Our Application. Where user submitted content is processed through AI features, such content may be transmitted to these providers for the purpose of generating the requested output.
We do not independently use user-submitted content for general AI model training or for purposes unrelated to providing the requested service.
Processing by AI providers is governed by the contractual terms applicable to Our use of their services and their published privacy policies. While we seek to engage providers that offer appropriate technical and organisational safeguards, such providers may process data in accordance with their own legal and contractual obligations.
Any retention or further processing of submitted content by AI providers is subject to their applicable contractual terms, security controls, and data protection obligations.
Where personal data is transferred outside the United Kingdom in connection with AI processing, we rely on appropriate safeguards in accordance with Chapter 5 UK GDPR, including the UK Addendum to the EU Standard Contractual Clauses or other lawful transfer mechanisms where applicable.
Users are encouraged not to include personal, sensitive, or confidential information within AI prompts unless strictly necessary for the intended functionality.
We have implemented technical and organisational measures to minimise the risk of personal data being processed through our AI features, including clear user instructions, upload notices, and purpose limitation in our agreements with AI providers.
However, we recognise that despite these measures, a user can inadvertently submit an image that contains personal data. Where this occurs:
We do not accept liability for any consequence arising from your decision to upload images containing personal data in breach of our terms of use, to the extent permitted by applicable law. However, this does not affect your statutory rights under data protection legislation, and we will continue to meet our obligations as a data controller in respect of any personal data we process.
By using our AI-assisted features, you confirm that:
If you believe that personal data has been inadvertently processed through Our AI features, or if you wish to exercise any of your rights under data protection law in connection with this processing, please contact our Data Protection Officer using the contact information at the beginning of this document.
If you have any questions about this Privacy Policy or how we handle your personal data, or if you wish to exercise your data protection rights, you may contact us at:
LazyLister Limited
Registered Office: 8 Raynham Avenue, Manchester, M20 6BW
Email: dpo@lazylister.app
We take data protection concerns seriously and aim to resolve them promptly and fairly. If you wish to make a complaint about how we process your personal data, please contact Us using the details above and provide sufficient information to enable Us to investigate your concern.
We will:
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO). Information about how to do so is available at: www.ico.org.uk.
Any changes will be posted on Our Application. Where changes are material, we will notify you by email before they take effect. If you continue to use Our Application after the changes take effect, you will be deemed to have accepted the updated Privacy Policy. We recommend that you check this page regularly to keep up to date. This Privacy Policy was last updated on 24 March 2026.