Privacy Policy

Last updated: May 17, 2026

Systabook ("we," "our," or "the platform") is a warehouse listing and business management platform for used book resellers. This Privacy Policy explains what data we collect, how we use it, how we protect it, and your rights regarding your information.

1. What We Collect

When you use Systabook, we collect and store the following information:

Account information: Business name, business address, contact email, employee names, and 4-digit PINs for login.
Platform credentials: API keys, tokens, and seller IDs for third-party marketplaces (Amazon, eBay, Alibris) that you voluntarily provide to enable listing and sales features.
Inventory data: Book information (titles, ISBNs, prices, conditions, locations), listing records, and SKU assignments created through the platform.
Sales data: Order information pulled from your connected marketplace accounts, including order IDs, sale prices, and buyer shipping information necessary for fulfillment.
Employee activity: Timeclock punches, scanning activity, listing counts, and sorting decisions made by employees using the platform.
Usage data: Login timestamps, IP addresses (for security and rate limiting), and session activity.

2. How We Use Your Data

We use your data exclusively to provide the Systabook platform services:

Listing books on your connected marketplace accounts using the credentials you provide.
Synchronizing inventory across platforms (cross-platform delisting when a book sells).
Generating reports on sales, listings, and employee productivity.
Managing timeclock and employee attendance records.
Sorting and pricing books based on your configured rules.
Protecting your account through session management, rate limiting, and audit logging.

3. How We Store and Protect Your Data

Database: All data is stored in MongoDB Atlas, a cloud database service hosted on AWS infrastructure with daily automated backups.
Server: Our application server runs on Render, with all communications encrypted via HTTPS (TLS 1.2+).
Credential encryption: Marketplace credentials (API keys, tokens, passwords) are encrypted at rest using AES-256-GCM encryption before storage in the database. Credentials are only decrypted in server memory when needed for API calls.
Access control: Database access is restricted to our application server's IP addresses only. All administrator accounts are protected with two-factor authentication.
Session security: Sessions expire after 24 hours of inactivity and have a maximum lifetime of 7 days. Login attempts are rate-limited to prevent brute-force attacks.
Data isolation: Each subscriber's data is completely isolated. No subscriber can access another subscriber's inventory, sales, employees, or credentials.

4. What We Do NOT Do

We do not sell your data to anyone, ever.
We do not share your data with third parties except as necessary to provide the services you've enabled (e.g., sending listing data to eBay when you list a book on eBay).
We do not use your data for advertising or marketing purposes.
We do not access your marketplace accounts for any purpose other than the features you've enabled in Systabook.

5. Third-Party Services

Systabook integrates with the following third-party services using credentials you provide:

Amazon SP-API: For catalog lookup, sales data, inventory management, and listing.
eBay API: For listing, sales data, order management, and repricing.
Alibris FTP: For inventory syncing and order management.
PrintNode: For remote printing of receipts and labels (if configured).
Square: For point-of-sale transactions (if configured).

Each of these services has its own privacy policy. We only send the minimum data necessary to perform the requested action.

6. Data Retention

Active subscribers: All data is retained for the duration of your subscription.
Canceled subscribers: Data is retained for 90 days after cancellation to allow for reactivation, then permanently deleted.
Audit logs: Security audit logs (login attempts, settings changes) are retained for 1 year.

7. Your Rights

You have the right to:

Access: Request a copy of all data we store about your business.
Correction: Update or correct your information through the platform settings.
Deletion: Request permanent deletion of all your data by contacting us at support@systabook.com.
Export: Export your inventory and sales data through the platform's export tools.
Credential removal: Remove your marketplace credentials from our platform at any time through the settings page.

8. Children's Privacy

Systabook is a business-to-business platform. We do not knowingly collect data from individuals under 18 years of age.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers of material changes via email. The "last updated" date at the top of this page indicates when the policy was last revised.

10. Contact

For questions about this Privacy Policy or to exercise your data rights:

Email: support@systabook.com

Systabook is operated by Codex Brothers L.L.C.