This Privacy Policy explains how Sello collects, uses, shares, and protects personal data when you use our website, seller dashboard, and public storefronts (together, the "Platform"), whether you are a creator selling through Sello (a "Seller"), a customer buying from a Sello storefront (a "Buyer"), or a visitor.
1. Who we are
The data controller for the Platform is Sello Ltd, a company registered in England and Wales ("Sello", "we", "us"). For any privacy question or request, contact support@sello.bio.
Where a Seller uses buyer information (for example, a shipping address) to fulfil an order, the Seller acts as an independent controller of that data for their own business. This policy covers Sello's processing.
2. The data we collect
Data you give us
- Account data — name, email address, password, profile details, and country.
- Store data (Sellers) — store name and handle, category, description, branding images, contact and business details you submit when applying for a store.
- Payout data (Sellers) — bank account details you register to receive payouts.
- Order data (Buyers) — name, email, billing and delivery address, and the items you buy.
- Communications — messages you send to support or through the Platform.
Data collected automatically
- Usage and device data — IP address, approximate location derived from IP (used, for example, to preselect your currency and country), browser and device type, pages viewed, and referral source.
- Transaction data — order history, amounts, currencies, refunds, and payout records.
- Cookies and similar technologies — see section 9.
Payment data
Card payments are processed by our payment processors, including Stripe. Your full card number goes directly to the processor and is never stored on Sello's servers. We receive only limited payment metadata (such as payment status, card brand, and last four digits) needed to manage orders and refunds. Stripe processes your data under its own privacy policy, available at stripe.com/privacy.
3. How and why we use your data
| Purpose | Data used | Legal basis (UK GDPR) |
|---|---|---|
| Creating and managing your account and store | Account, store data | Performance of a contract |
| Processing orders, payments, refunds, and payouts | Order, transaction, payout data | Performance of a contract |
| Reviewing store applications and preventing fraud, abuse, and prohibited sales | Account, store, transaction, usage data | Legitimate interests (keeping the marketplace safe); legal obligation |
| Providing support and responding to enquiries | Communications, account, order data | Performance of a contract; legitimate interests |
| Showing prices in your local currency and preselecting your country | IP-derived approximate location | Legitimate interests (usability) |
| Sales analytics and insights shown to Sellers about their own stores | Order and traffic data for that store | Performance of a contract with the Seller |
| Service emails (order confirmations, payout notices, security alerts) | Account, order data | Performance of a contract; legal obligation |
| Complying with law (tax, accounting, consumer protection, requests from authorities) | Transaction, account data | Legal obligation |
| Improving and securing the Platform | Usage and device data | Legitimate interests |
We do not sell personal data, and we do not use your data for third-party advertising.
4. Who we share data with
- Sellers and Buyers (each other). When a Buyer places an order, the Seller receives the order details needed to fulfil it — the Buyer's name, contact details, delivery address (for physical goods), and items purchased. Buyers see the Seller's store identity and contact information.
- Payment processors — Stripe and any other processors we use, to take payments, prevent fraud, and send Seller payouts.
- Service providers — hosting and infrastructure providers, email delivery services, and exchange-rate data providers, each acting under contract and only on our instructions.
- Legal and safety — courts, regulators, law enforcement, or professional advisers where required by law or to protect Sello, our users, or others.
- Business transfers — if Sello is involved in a merger, acquisition, or asset sale, personal data may transfer as part of that transaction; this policy will continue to apply to it.
5. International transfers
We are based in the United Kingdom. Some of our service providers (including Stripe) process data outside the UK, including in the United States. Where personal data leaves the UK or EEA, we ensure appropriate safeguards are in place — such as UK adequacy regulations, the UK International Data Transfer Agreement or Addendum, or the EU Standard Contractual Clauses — or another lawful transfer mechanism.
6. How long we keep data
- Account and store data — for as long as your account is open, then deleted or anonymised within 90 days of account closure, except where we must keep it longer.
- Order and transaction records — kept for 6 years after the transaction, as required for tax, accounting, and legal claims in the UK.
- Support communications — up to 2 years after the issue is resolved.
- Security and fraud logs — up to 2 years.
7. Security
We protect personal data with technical and organisational measures appropriate to the risk, including encryption in transit (HTTPS), access controls, and the separation of payment processing to PCI-DSS-compliant processors. No system is completely secure; if we become aware of a personal data breach that risks your rights, we will notify you and the ICO as required by law.
8. Your rights
Under the UK GDPR (and, where it applies, the EU GDPR) you have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data ("right to be forgotten") in certain circumstances;
- Restrict or object to processing, including any processing based on legitimate interests;
- Data portability — receive data you provided in a machine-readable format;
- Withdraw consent at any time, where processing is based on consent.
To exercise any right, email support@sello.bio, or use the account deletion option in the app's settings. We respond within one month. You also have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk, or to your local supervisory authority in the EU.
9. Cookies and local storage
We use a small set of first-party cookies and browser storage, all functional — we do not use advertising or cross-site tracking cookies:
| Name | Type | Purpose | Duration |
|---|---|---|---|
| sello_currency | Cookie | Remembers your chosen display currency on storefronts | 1 year |
| sello-theme | Local storage | Remembers your light/dark mode choice | Until cleared |
| sello_token | Local storage | Keeps you signed in to the seller dashboard | Until sign-out |
| wordpress_* / wp-* | Cookies | Core sign-in and session security | Session – 1 year |
| woocommerce_* | Cookies | Keeps your shopping cart working during checkout | Session – 2 days |
You can clear or block cookies in your browser settings; essential cookies are required for sign-in and checkout to work.
10. Children
The Platform is not directed at children. You must be at least 18 to sell on Sello. We do not knowingly collect personal data from children under 13; if you believe a child has provided us data, contact us and we will delete it.
11. Third-party links
Storefronts may contain links chosen by Sellers (for example, to their social media). Those sites have their own privacy policies, and we are not responsible for them.
12. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top shows the current version, and we will notify account holders of material changes by email or dashboard notice before they take effect.
13. Contact
Sello Ltd, a company registered in England and Wales. Email: support@sello.bio.