CCirelay Ventures
Updated May 19, 2026

Privacy and data handling practices.

This policy explains how Cirelay Ventures collects, uses, protects, shares, retains, and deletes data for its website, software services, and marketplace account-management engagements, including engagements that may involve Amazon Seller Central or Walmart Marketplace data.

Data We Collect How We Use Data Account Access Security Controls Retention Incident Response

Data We Collect

Cirelay Ventures collects only the data needed to respond to inquiries, provide scoped services, operate software, maintain security, and meet legal or platform obligations.

  • Contact and business information: name, email address, company name, marketplace channel, account status, and project requirements submitted by a prospective or active client.
  • Marketplace operational data: account-health notices, listing data, catalog attributes, SKU and inventory information, fulfillment settings, order workflow details, return/refund workflow details, and reports when the seller authorizes access.
  • Buyer or order PII: buyer name, shipping/contact details, order identifiers, and similar marketplace order information only when required for an authorized service task.
  • Technical and security data: access logs, device/session metadata, support records, audit history, and security event information.
  • Website data: standard server logs and email inquiry metadata. The public marketing site does not require account registration.

How We Use Data

Cirelay uses data only for legitimate service, support, operational, security, legal, and compliance purposes.

  • To respond to service inquiries and prepare written scopes or quotes.
  • To provide marketplace account-management services authorized by the seller.
  • To monitor account-health workflows, listing operations, inventory workflows, and reporting cadence.
  • To troubleshoot software, maintain security, prevent abuse, and investigate incidents.
  • To comply with applicable laws, contracts, and marketplace platform requirements.

Cirelay does not sell seller, buyer, order, listing, inventory, or contact data. Cirelay does not use seller or buyer data for advertising, data brokerage, or unrelated analytics.

Marketplace Account Access

Cirelay requests access to Seller Central or other marketplace accounts only when it is required for a written service scope. The seller remains the account owner and controls the access granted.

  • Access is granted through marketplace-supported user permissions or approved authorization flows where available.
  • Cirelay does not ask sellers to share marketplace passwords or MFA codes.
  • Access is limited to the least privilege required for the task.
  • Access is reviewed quarterly for ongoing engagements and removed when the engagement ends or the access is no longer needed.
  • Any credentials, tokens, or secrets needed for approved integrations are stored in encrypted systems and restricted to authorized personnel.

Security Controls

For engagements involving marketplace data, Cirelay uses administrative, technical, and procedural controls designed to reduce unauthorized access, disclosure, loss, and misuse.

Network and system protection

  • HTTPS/TLS is used for web access and data transfer.
  • Administrative access requires MFA where supported.
  • Systems are configured with least-privilege access and role-based permissions where available.
  • Workstations used for seller data are kept updated and protected with device lock and anti-malware controls.
  • Production access is restricted to authorized operators and reviewed for ongoing engagements.

Credential management

  • Passwords must be unique and strong, and are not shared over chat or email.
  • Secrets and tokens are encrypted at rest where storage is required.
  • Access keys and secrets are rotated when personnel changes, suspected exposure, or platform requirements call for rotation.
  • Credentials are removed when they are no longer required for the approved task.

Backups and recovery

  • Service data needed for continuity is backed up according to the written engagement scope.
  • Backups containing sensitive data are protected from public access and retained only for the required period.
  • Recovery procedures are reviewed during ongoing service engagements.

Retention And Deletion

Cirelay keeps data only as long as needed for the service, security, legal, or marketplace purpose. When data is no longer needed, it is deleted, anonymized, or returned to the seller where appropriate.

Data Type Typical Retention Deletion Trigger
Buyer/order PII Only as long as needed for the authorized support, fulfillment, return, refund, or account-management task. When order data is used, deletion or anonymization occurs no later than 30 days after order delivery unless a longer period is legally required. Order delivery plus retention window, task completion, seller request, engagement end, or legal/platform requirement.
Marketplace listing, SKU, inventory, and account-health data For the active engagement and up to 18 months after engagement end when needed for reporting, audit history, or support. Seller request, engagement end plus retention expiry, or when no longer needed.
Security logs and audit history Up to 12 months unless needed for incident investigation, legal obligations, or platform compliance. Retention expiry or completion of investigation.
Contact, quote, and billing records For the duration of the business relationship and as required for accounting, tax, contract, or legal obligations. Deletion request where legally permitted or retention expiry.

To request deletion, correction, export, or access removal, email hello@cirelay.com. Cirelay will verify the request before making account or data changes.

Sharing And Service Providers

Cirelay shares data only when needed to provide the service, comply with law, protect security, or when the seller authorizes the sharing.

  • With marketplace platforms when required to perform authorized account-management tasks.
  • With infrastructure, email, domain, accounting, or support providers that help operate the service.
  • With legal, regulatory, or security parties when required by law or necessary to protect rights, users, or systems.

Cirelay does not sell marketplace data, buyer PII, or client contact lists.

Incident Response

If Cirelay suspects unauthorized access, disclosure, loss, or misuse of sensitive data, Cirelay follows an incident-response process:

  • Log and triage the suspected incident.
  • Contain affected systems or access paths.
  • Investigate scope, affected data, root cause, and corrective action.
  • Notify affected sellers, marketplaces, service providers, or regulators when required by contract, law, or platform policy.
  • Document remediation and review controls before normal service resumes.

Contact

Cirelay Ventures is an independent software and marketplace operations service provider. Questions about privacy, security, account access, deletion, correction, or incident response can be sent to:

hello@cirelay.com