Privacy Policy | UpSeller

UPSELLER PRIVACY POLICY

Publication Date: March 27, 2026

Effective Date: March 27, 2026

Thank you for accessing the UpSeller e-commerce business management platform (the “Platform”). This Privacy Policy (the “Policy”) applies to the UpSeller products and services provided by us.

We attach great importance to the protection of users’ (hereinafter referred to as “you”) privacy and personal information. We will strictly comply with applicable laws and regulations and adopt appropriate security measures to protect your personal information and privacy.

Accordingly, we have formulated this UpSeller Privacy Policy (the “Policy”) and hereby remind you of the following:

This Policy applies to all functions and services provided through the UpSeller Platform. Before using any of the functions or services, you are required to carefully read and fully understand this Policy, and use the services only after confirming that you have fully understood and agreed to it.

This Policy does not apply to services provided to you by third parties. Before using any third-party services, you should fully understand their product features and privacy protection policies and decide whether to use such services accordingly.

Data Controller

Depending on your geographical location, the entity responsible for processing your personal information (i.e., the personal information processor/controller, hereinafter referred to as “we”, “us”, or “UpSeller”) is as follows:

  • Users in China:

    If you are a registered user of the Services and are located within the territory of the People’s Republic of China, the entity responsible for processing your personal information is Shenzhen Dianxiaomi Network Technology Co., Ltd.

  • Users in Other Overseas Regions:
    If you are a registered user of the Services and are located outside of China, the entity responsible for processing your personal information is VASTAR SINGAPORE TECHNOLOGY PTE. LTD.

To safeguard your rights and interests, this Policy explains how UpSeller collects, uses, and stores your personal information, as well as the rights you are entitled to. Please read, understand, and agree to this Policy before using the UpSeller products and services.Important provisions regarding your personal information rights are highlighted in bold for your attention.We may review and update this Policy from time to time. Please visit this page periodically to stay informed of the latest version.

DEFINITIONS

  • “Enterprise User” means an organization that registers for, logs in to, and uses the UpSeller products or services through authorized users and obtains management permissions, including but not limited to legal entities, government agencies, partnerships, and sole proprietorships or other unincorporated organizations. Enterprise Users may create sub-accounts, establish teams, and invite Authorized Users to join such teams through the Platform.
  • “Authorized User” means a natural person who is authorized or invited by an Enterprise User to join the organizational structure established by the Enterprise User within the Services and to use the Services (typically employees of the Enterprise User). Among them, individuals designated by the Enterprise User to configure the Services and exercise administrative permissions are referred to as “Administrator Users.” Administrator Users may invite other Authorized Users to use the Services.
  • “Individual User” means a natural person who independently registers an UpSeller account using a mobile phone number and verification code, or logs in via a third-party account authorization, and uses the UpSeller products or services in an individual capacity.
  • “Enterprise Contact” means a contact person of a supplier or other partner enterprise of an Enterprise User, including but not limited to store contacts, procurement contacts, manufacturer contacts, logistics personnel, warehouse personnel, and customer contacts.
  • “End Individual” means a data subject involved in order-related personal information managed by Authorized Users in the course of using the Services, including, for example, buyers registered on third-party e-commerce platforms and recipients of orders.
  • “User” refers collectively to Authorized Users and Individual Users who directly register and use the Platform services.

 

This Policy will help you understand the following:

  1. I. How We Collect and Use Your Personal Information
  2. II. How We Share, Transfer, and Disclose Your Personal Information
  3. III. How We Store Your Personal Information
  4. IV. How We Protect Your Personal Information
  5. V. Your Rights
  6. VI. How We Handle Personal Information of Minors
  7. VII. How Your Personal Information Is Transferred Globally
  8. VIII. How We Use Cookies and Similar Technologies
  9. IX. Changes to This Policy
  10. X. Contact Us

I. HOW WE COLLECT AND USE YOUR PERSONAL INFORMATION

 

In order to provide services to you and Enterprise Users, optimize our services, and ensure account security, UpSeller will collect information that you actively provide, authorize us to collect, or that is generated as a result of your use of the Services, as described below:

1. Basic Account Services

When you register an account through the UpSeller Platform, you are required to provide us with the following information to create your account:

  • Email address
  • Mobile phone number
  • Verification code
  • Login password

After registration, you may log in to the Platform using your email address and login password.

If you are an Administrator User authorized by an Enterprise User, you may create sub-accounts for other Authorized Users and manage their permissions. To assist Administrator Users in creating such sub-accounts, the Administrator User is required to provide the email address, verification code, and password of the Authorized Users. Where Enterprise Users and Administrator Users use this function to authorize us to collect employees’ personal information, they shall ensure that they have obtained the informed consent of such employees.

2. Additional Account Services

Where you wish to complete or enhance your account profile, you may voluntarily provide additional personal information, including:

  • Name
  • Language
  • Country/Region
  • Currency
  • Time zone

3. Subscription, Purchase, and Transaction Management

Certain products or services require payment. When you use such paid products or services, you are required to provide payment information, including bank card details, or complete payment through third-party payment institutions (such as WeChat Pay or Alipay).

For this purpose, we will collect:

  • Transaction date
  • Transaction method
  • Transaction amount
  • Payment status
  • Payment summary and details

This information is used to enable you to manage transaction records under your account.

Where you purchase products or services on behalf of another person, you are required to provide the relevant personal information of such actual purchaser. Prior to providing such information, you shall ensure that you have obtained their authorization and consent.

To confirm transaction status and provide dispute resolution services, we may collect information related to transaction progress from payment institutions, logistics providers, or other transaction counterparties, or share your relevant information with such service providers.

4. After-Sales Services and Customer Support

When you contact customer service through the Platform for assistance, our support personnel will provide consultation and technical support in response to your inquiries.

For the purpose of contacting you, resolving your issues efficiently, and maintaining records of problem resolution processes and outcomes, we may collect necessary account information and retain records of your communications with customer service.

5.Marketing

We may use the contact information you provide to invite you to participate in surveys related to our products and services, conduct service-related marketing activities, and send you information regarding our latest promotional activities and offers.

If you do not wish to receive such commercial communications, you may opt out by replying “unsubscribe” as instructed in SMS or email communications, or by using other methods provided by us.

6.Operations and Security

To ensure the secure and stable operation of our software and services, and to improve operational quality and efficiency, we may collect the following information:

  • IP address
  • Operation logs (including username, operation time, operation location, and operation content)
  • Device identifiers (i.e., a string of characters embedded in a device by the manufacturer that uniquely identifies the device, such as IMEI, Android ID, IMSI, SIM serial number)

7.Exceptions to Obtaining Consent

Please understand that, under applicable laws, regulations, and national standards, we may collect and use your personal information without your authorization or consent in the following circumstances:

  • a. Where necessary for the performance of obligations under laws and regulations;
  • b. Where directly related to national security or national defense security;
  • c. Where directly related to public safety, public health, or significant public interests;
  • d. Where directly related to criminal investigations, prosecutions, trials, or enforcement of judgments;
  • e. Where necessary to protect the life, property, or other significant lawful rights and interests of the personal information subject or other individuals, and it is difficult to obtain consent;
  • f. Where the personal information is voluntarily disclosed to the public by you;
  • g. Where the personal information is collected from lawfully publicly disclosed information, such as lawful news reports or government disclosures;
  • h. Where necessary for entering into or performing a contract at your request;
  • i. Where necessary for maintaining the safe and stable operation of software and related services, including identifying and handling faults;
  • j. Where necessary for lawful news reporting;
  • k. Where academic research institutions conduct statistical or academic research based on public interest, and the results are de-identified before external provision;
  • l. Other circumstances as stipulated by applicable laws and regulations.

8.Other Purposes

8.1 Third-Party Personal Information Provided by You
If the information you provide includes personal information of other individuals, you shall ensure that you have obtained lawful authorization prior to providing such information to us.

8.2Changes to Purpose of Processing

In order to provide you with better services, we may update platform functionalities from time to time.

As a general principle, where new functions or services are related to existing ones, the personal information collected and used will be directly or reasonably related to the original purposes.

Where there is no direct or reasonable relation to the original purposes, we will notify you in accordance with applicable laws and obtain your consent through appropriate means, such as page notices, interactive processes, or agreement confirmations.

9.Services Provided as a Data Processor (Entrusted Processing)

We may process personal information on behalf of Enterprise Users in accordance with their instructions and our agreements with them.

9.1Authorized User Information

If you are an Authorized User, in addition to system-collected and user-submitted information, Enterprise Users and Administrator Users may provide us with personal information necessary for the provision of services, including:

  • Name
  • Mobile phone number
  • Email
  • DingTalk account
  • Role and permissions

Such information may be updated from time to time.

During your use of the account, the system will also automatically collect:

  • Sub-account creation time
  • Last login time

Enterprise Users and Administrator Users represent and warrant that they have obtained your prior explicit authorization and have fully informed you of the purposes, scope, and methods of processing your personal information. If you are unable to confirm such matters, we recommend that you immediately cease using the Services and verify with the Enterprise User or Administrator User.

You may also contact us using the contact information provided in this Policy, and we will assist within the scope of our capabilities.

9.2End Individual Order Information

When Authorized Users use the Services, they may manage and maintain order data of End Individuals.

We may obtain buyer order information from third-party platforms where End Individuals place orders, for purposes including order fulfillment, shipment, and customer management, including:

  • Order amount
  • Recipient information
  • Order number
  • Order and payment time
  • Order status
  • Logistics method

Authorized Users shall ensure that they have obtained informed consent (including separate consent where required) or other lawful bases under applicable laws before collecting such personal information.

9.3Enterprise Contact Information

When Authorized Users use the Services, they may manage Enterprise Contact information, including logistics contacts, warehouse contacts, and similar roles.We may collect such information provided by Authorized Users or obtained from third-party platforms, including:

  • Name
  • Phone number
  • Email
  • Address
  • Company name
  • Tax identification number
  • State tax number
  • Website

Authorized Users shall ensure that they have obtained informed consent (including separate consent where required) or other lawful bases under applicable laws before providing such information.

For personal information processed by us as a data processor, Enterprise Users are, in principle, responsible for informing you of the purposes, methods, and scope of such processing.

If you have any questions or wish to exercise your rights, you understand and agree that you may contact the Enterprise User or Administrator User.

Important Notice: Where information cannot identify you either independently or in combination with other information, such information does not constitute personal information under applicable laws. However, where such information, either alone or combined with other data, can identify you, or where de-identified data is re-associated with your personal information, such data shall be treated as personal information during such processing and shall be protected in accordance with this Policy.

II.HOW WE SHARE, TRANSFER, AND DISCLOSE YOUR PERSONAL INFORMATION

 

1.Sharing

We do not share your personal information with any company, organization, or individual, except in the following circumstances:

  • With your separate consent: We will share your personal information with other parties after obtaining your explicit consent.
  • Legal requirements: We may share your personal information in accordance with applicable laws and regulations, or as required for litigation, arbitration, or as requested by administrative or judicial authorities in accordance with the law.
  • At the instruction of Enterprise Users: We may provide Enterprise User data to third parties designated by Enterprise Users. Please note that such third parties are not selected by us, and we do not independently provide your personal information to such parties.In such cases, we will perform reasonable due diligence, including testing the security of third-party data interfaces, to ensure secure transmission of Enterprise User data.
  • Third-party service providers (SDKs): To ensure the implementation of product functions and the stable and secure operation of applications, we may integrate services provided by third parties. For details, please refer to the “Third-Party Information Sharing and SDK List” and the “Personal Information Collection List”

2.Transfer

We do not transfer your personal information to any company, organization, or individual, except in the following circumstances:

  • With explicit consent: We will transfer your personal information to other parties after obtaining your explicit consent.
  • Corporate transactions: In the event of a merger, division, dissolution, acquisition, or bankruptcy, if a transfer of personal information is involved, we will inform you of the name and contact information of the receiving party.We will require the new entity or organization holding your personal information to continue to be bound by this Policy. Otherwise, we will require such entity or organization to obtain your authorization and consent again.

3.Public Disclosure

We will publicly disclose your personal information only under the following circumstances:

  • With your separate consent;
  • Where disclosure is required by law, legal procedures, litigation, or mandatory requirements of governmental authorities.

4.Exceptions to Prior Consent for Sharing, Transfer, and Disclosure

Under the following circumstances, sharing, transfer, or public disclosure of your personal information does not require your prior authorization or consent:

  • Where necessary for the performance of statutory duties or obligations;
  • Where directly related to national security or national defense security;
  • Where necessary for entering into or performing a contract to which you are a party;
  • Where directly related to public safety, public health, or significant public interests, such as responding to public health emergencies or protecting life and property in emergencies;
  • Where directly related to criminal investigations, prosecutions, trials, or enforcement of judgments;
  • Where necessary to protect your or others’ life, property, or other significant lawful rights and interests, and it is difficult to obtain your consent;
  • Where personal information has been disclosed to the public by you or has been lawfully disclosed through other channels (e.g., lawful news reports or government disclosures), and is processed within a reasonable scope as permitted by law.

III. HOW WE STORE YOUR PERSONAL INFORMATION

 

Unless otherwise required or permitted by law, we will retain personal information collected from or about you only for the minimum period necessary to fulfill the purposes described in this Policy.

When such information is no longer necessary for these purposes, we will delete it or anonymize it.In determining the retention period, we will consider various factors, including:

  • The type of services requested or provided by you;
  • The nature of our relationship with you;
  • The impact on our ability to provide services to you if certain information is deleted;
  • Applicable legal retention requirements.

Please note that after you successfully request account deletion, we will promptly review your request. Upon approval, we will completely delete your personal data.If we cease operations of our products or services, we will notify you individually or by public announcement and delete your personal data thereafter.

IV.HOW WE PROTECT YOUR PERSONAL INFORMATION

 

We adopt industry-standard security measures to protect your personal data against unauthorized access, disclosure, use, modification, damage, or loss.

We implement the following measures:

  • Use of encryption technologies to ensure data confidentiality;
  • Deployment of reliable protection mechanisms to prevent malicious attacks;
  • Implementation of access control mechanisms to ensure only authorized personnel can access personal data;
  • Provision of security and privacy training to employees to enhance awareness of personal data protection;
  • Use of secure encryption technologies during data transmission;
  • Adoption of appropriate organizational, administrative, and technical safeguards to protect personal data within our organization.

In the event that our physical, technical, or managerial safeguards are breached, resulting in unauthorized access, disclosure, alteration, or destruction of data that may harm your lawful rights and interests, we will assume responsibility in accordance with applicable laws.

In the event of a personal data security incident, we will promptly inform you in accordance with legal requirements, including:

  • The basic circumstances and potential impact of the incident;
  • The measures we have taken or will take;
  • Suggestions for you to mitigate risks;
  • Remedial measures available to you.

We will notify you via email, letter, telephone, push notification, or other appropriate means.

Notwithstanding the foregoing, please understand that no system can guarantee 100% security, whether online or offline.UpSeller accounts require a username and password for access. You are responsible for safeguarding your credentials and must not disclose them to any third party.

V.YOUR RIGHTS

 

Subject to applicable laws, regulations, and standards, as well as prevailing practices in other jurisdictions, we ensure that you may exercise the following rights with respect to your personal data:

1.Right of Access

You have the right to access your personal information, except as otherwise provided by laws and regulations.

You may access certain information directly through the product interface. For information not accessible through the Platform, you may contact us using the contact details provided in this Policy, and we will respond within the legally required timeframe.

2.Right to Rectification

If you discover that the personal information we process about you is inaccurate or incomplete, you have the right to request correction.

You may correct certain information through the product interface. If such correction cannot be completed through the Platform, you may contact us.

We will respond to your request within 5–7 business days.

3.Right to Deletion

You may request deletion of your personal information under the following circumstances:

  • Where our processing violates applicable laws and regulations;
  • Where we collect or use your personal information without your consent;
  • Where our processing violates our agreement with you;
  • Where you no longer use our products or services, or have canceled your account;
  • Where we no longer provide products or services to you.

Where we decide to respond to your deletion request, we will also notify entities that have obtained your personal information from us and require them to delete such information, unless otherwise provided by law or independently authorized by you.

4.Right to Account Deletion

You may cancel your account at any time.

You may submit a request for account deletion via the contact methods provided in Chapter X of this Policy. After verifying your identity, we will respond and process your request within 5–7 business days.

Upon account deletion, we will cease providing products or services and delete your personal information.

5.Right to Obtain a Copy of Personal Information

You have the right to obtain a copy of your personal information.

If you request a copy, you may contact us as specified in this Policy. After verifying your identity, we will respond within 5–7 business days and provide the information via email.

Where technically feasible and permitted by law, we will provide such copies in accordance with your request.

6. Right to Data Portability

You may exercise your right to data portability by contacting us through the “Contact Us” section of this Policy.

Where the conditions prescribed by applicable laws are met, and upon your request, we will provide a mechanism for transferring your personal information to a designated personal information processor.

7. Rights of California Residents

Pursuant to the California Consumer Privacy Act (CCPA), California residents have the right to know, access, and delete their personal data.

California residents also have the right to opt out of the sale of their personal data and the right not to be discriminated against for exercising their privacy rights.

We do not sell your personal data for any purpose, nor will we discriminate against you in response to your exercise of privacy rights.

If you are a California resident, you are advised to review this Privacy Policy to understand your rights under California privacy law and how to submit requests to us based on those rights.

8. Response to Your Requests

For the above requests, we will respond within 5–7 business days. Please refer to Chapter X of this Privacy Policy for contact details.

Under the following circumstances, we may be unable to respond to your request:

  • Requests related to the fulfillment of obligations required by laws and regulations by the personal information controller;
  • Requests directly related to national security or national defense security;
  • Requests directly related to public safety, public health, or significant public interests;
  • Requests directly related to criminal investigations, prosecutions, trials, or enforcement of judgments;
  • Requests where there is sufficient evidence indicating that the data subject has subjective malice or is abusing their rights;
  • Requests necessary to protect the life, property, or other significant lawful rights and interests of the data subject or other individuals where it is difficult to obtain consent;
  • Requests that would result in serious harm to the lawful rights and interests of the data subject or other individuals or organizations;
  • Requests involving trade secrets.

VI. HOW WE HANDLE PERSONAL INFORMATION OF MINORS

 

Our products and services are intended for adults.Individuals under the age of 18 shall not use our products or services without the consent of their parents or legal guardians.

Where we collect personal information of minors with the consent of their parents or guardians, we will use or disclose such information only where permitted by law, expressly consented to by the parents or guardians, or necessary for the protection of the minors.

If we discover that we have collected personal information of minors without verifiable parental consent, we will promptly take steps to delete such information.

If a guardian has reason to believe that we have collected personal information of a minor, please contact us using the contact information provided in this Policy.

VII. HOW YOUR PERSONAL INFORMATION IS TRANSFERRED GLOBALLY

 

We are committed to complying with the highest standards of privacy protection in the processing and transfer of personal information on a global basis.

When you use our Services, your personal information may be stored on servers located in Brazil.

If you are a user located in China, in order to provide our Services, we may transfer your personal information outside of China. The overseas recipient is our affiliated company:

VASTAR SINGAPORE TECHNOLOGY PTE. LTD.

Address: 60 Paya Lebar Road, #11-53 Paya Lebar Square, Singapore 409051

Contact: dpo@vastartech.com

The categories of personal information transferred may include the personal information described in Chapter I of this Policy that you provide or generate when using our products and services (excluding subscription and transaction management information generated within China). Such international transfers will be subject to strict data protection and privacy safeguards to ensure a level of protection equivalent to that provided in your local jurisdiction.

You may contact us or the overseas recipient to exercise your personal information rights.

We comply with applicable privacy and data protection laws, including implementing appropriate security measures such as encryption and access controls to safeguard data security and privacy.

We will also monitor legal developments to ensure our practices remain compliant and protect user privacy rights.

Special Provisions for EU Users (GDPR)

For personal information of users located in the European Union, we will conduct data transfers in accordance with the requirements of the General Data Protection Regulation (GDPR).

This means that where personal information is transferred outside the European Economic Area (EEA), we will adopt appropriate safeguards, such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission; or
  • Transfers to jurisdictions recognized as providing an adequate level of data protection.

We commit to regularly assessing the data protection level of recipient jurisdictions and ensuring the effectiveness of such safeguards.

If you have any questions or require assistance regarding cross-border transfers of your personal information, please contact us.

VIII. HOW WE USE COOKIES AND SIMILAR TECHNOLOGIES

 

We use Cookies and similar technologies to enhance your experience when using our Services.

When you use our Services, we may send one or more Cookies or anonymous identifiers to your device to collect and store information about your access to and use of the Services.We undertake not to use Cookies for any purpose other than those described in this Policy.

We use Cookies and similar technologies primarily for the following purposes:

  • To facilitate navigation;
  • To track usage of the website;
  • To identify user identity, access permissions, and preferences;
  • To conduct research and diagnostics to improve our content, products, and services.

You may refuse or manage Cookies or data analytics tools through your browser settings.However, please note that disabling Cookies or such tools may affect your user experience and certain features may not function properly.

IX.CHANGES TO THIS POLICY

 

To ensure that you remain informed about how we collect, use, and disclose your information, we may update this Policy from time to time.

Any changes or updates will be published on this website, and we encourage you to review this Policy periodically.

Where we make changes, we will notify you by updating the date at the top of this Policy.

X.CONTACT US

 

If you have any questions regarding this Policy, please contact us at:

Email: support@upseller.com

Talk to us
Feedback
Back to top