internal data export
247 Profits247 Profits
HomePricingLogin
Back to site
Terms of ServicePrivacy PolicyRefund PolicyData Processing AddendumSubprocessorsAcceptable UseAmazon Data Protection

Privacy Policy · v1.4 · 5eaff95d4cdf

24/7 PROFITS — Privacy Policy

Effective: June 19, 2026 · Version 1.4

This Privacy Policy describes how AllDayFBA LLC dba 24/7 Profits ("we," "us," or "Company") collects, uses, discloses, and protects personal information from individuals who interact with our website, software, coaching programs, and Discord community (collectively, the "Services").

This Policy is incorporated by reference into our Terms of Service. Capitalized terms used but not defined here have the meaning given in the Terms.


1. Information We Collect

We collect three categories of personal information.

a) Information you give us directly:

  • Name, email address, phone number, and billing address at sign-up or checkout
  • Payment metadata returned by our processors (Whop, FanBasis): card last four digits, AVS result, billing zip, billing country, cardholder name, 3-D Secure result where applicable
  • Profile information you choose to provide (Amazon experience, capital, goals, profile photo)
  • Content you submit: messages, support tickets, community posts, refund requests, survey answers, and uploaded documents

b) Information collected automatically when you use the Services:

  • IP address, user agent, device fingerprint, browser language, referrer URL
  • Pages visited, features used, software events, search queries, and session duration
  • Recordings, transcripts, and AI-generated summaries of: sales calls, coaching calls, AEI sessions, and Discord voice channels you join (recording disclosure is shown at the time of each session — see Section 4 of the Terms of Service)
  • Cookies and similar technologies (see Section 6)

c) Information from third parties:

  • OAuth identity claims when you sign in with Google, Whop, or Discord (email, name, provider user ID)
  • Entitlement events from Whop and FanBasis (purchases, refunds, cancellations)
  • Public Amazon catalog and price-history data via Keepa, used to enrich the Software
  • Social handles you choose to link to your profile

2. How We Use Your Information

We use personal information for the following purposes:

  1. To deliver the Services you purchased — coaching, software access, content, community
  2. To process payments, issue receipts, manage subscriptions and entitlements
  3. To communicate with you about your account, the Program, scheduled sessions, and policy changes
  4. To send marketing emails about our products (you may opt out at any time — see Section 7)
  5. To verify identity and prevent fraud, including matching IP, AVS, billing zip, and OAuth claims at the time of purchase
  6. To investigate and defend against payment disputes, chargebacks, and refund inquiries
  7. To improve the Services, including aggregate analytics, A/B testing, and AI feature quality
  8. To comply with legal, tax, accounting, and recordkeeping obligations

We do not sell personal information for monetary consideration. We do not train third-party AI models on customer content; our AI subprocessors are configured for zero-retention API access.

3. Legal Bases (GDPR / UK GDPR Customers)

If you are in the EEA, UK, or another GDPR-equivalent jurisdiction, our legal bases are:

  • Contract performance: delivering the Services you purchased (Articles 6(1)(b))
  • Legitimate interest: fraud prevention, dispute defense, product improvement, security (Articles 6(1)(f))
  • Consent: marketing email opt-in, recording of sales calls, cookies that aren't strictly necessary (Articles 6(1)(a))
  • Legal obligation: tax, accounting, regulatory recordkeeping (Articles 6(1)(c))

You may withdraw consent at any time by emailing privacy@247profits.org.

4. How We Share Your Information

We share personal information with the following recipients:

a) Subprocessors who provide the infrastructure of the Services. A current list is published at /subprocessors and is incorporated here by reference. Each subprocessor is bound by a written contract requiring confidentiality and security of customer data.

b) Payment processors and their issuing banks to process transactions and respond to chargebacks. The full evidence packet — including session recordings and transcripts where applicable — is shared with the processor and the cardholder's issuing bank for any dispute we receive.

c) Professional advisors — accountants, attorneys, auditors — under confidentiality.

d) Government authorities when required by valid legal process, or to protect our rights or the safety of others.

e) An acquirer or successor entity if we are involved in a merger, acquisition, financing, or sale of assets — subject to the receiving entity honoring this Policy.

We do not share personal information with advertisers, data brokers, or third-party marketers without your consent.

5. International Transfers

Our services are operated from the United States. If you are located outside the US, the personal information you provide will be transferred to and processed in the US. Where required, we rely on Standard Contractual Clauses (SCCs) and additional safeguards as published by the European Commission.

6. Cookies and Tracking

We use a small number of cookies and similar technologies:

  • Strictly necessary: session cookies for login state, CSRF tokens, and load balancing. These cannot be disabled.
  • Functional: preferences (theme, dismissed banners) — set only after first interaction.
  • Analytics: PostHog (anonymized device-level event tracking). You can opt out by toggling Settings → Privacy → Analytics.

We honor the Global Privacy Control (GPC) signal in supported browsers as a Do-Not-Sell / Do-Not-Share request.

7. Marketing Communications

You may opt out of marketing email at any time by:

  • Clicking the unsubscribe link at the bottom of any marketing email
  • Emailing privacy@247profits.org with subject line "Unsubscribe"
  • Toggling Settings → Notifications → Marketing email inside the Software

Opting out does not stop transactional email (receipts, password resets, dispute notices, security alerts) — those are sent under a contractual basis.

8. Data Retention

We retain personal information for as long as your account is active and for the periods listed below thereafter:

CategoryRetention
Account profile, course progress, software eventsAccount lifetime + 12 months
Payment records, AVS / CVV / 3-DS results, dispute evidence7 years
Recordings and transcripts of sales / coaching / AEI calls7 years
Tax and accounting records7 years (or longer if required by law)
Marketing email engagement24 months from last engagement
Web logs (IP, user agent, security events)13 months

Records currently or previously subject to a payment dispute are retained for the longer of seven (7) years from the date of dispute resolution or the regulatory minimum.

9. Your Rights

Depending on your jurisdiction, you have some or all of the following rights:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to fix inaccurate information
  • Deletion — ask us to delete your information, subject to the retention obligations in Section 8
  • Portability — receive your data in a structured, machine-readable format
  • Objection / Restriction — object to or restrict certain processing (e.g., direct marketing)
  • Withdraw consent — for processing based on consent
  • Non-discrimination — we will not deny you Services or charge a different price for exercising your rights
  • GPC honoring — Global Privacy Control signal treated as Do-Not-Sell / Do-Not-Share

Submit any request to privacy@247profits.org with the subject "Privacy Request" and include enough information for us to verify your identity. We respond within 30 days (or the period required by your local law).

10. California Privacy Rights (CCPA / CPRA)

California residents may exercise the rights in Section 9. We do not "sell" personal information for monetary consideration. We may "share" deidentified analytics with subprocessors for our own analytics purposes (PostHog) — you may opt out via the GPC signal or by emailing privacy@247profits.org. We retain personal information for the periods in Section 8.

11. Children's Privacy

The Services are not directed to children under 18, and we do not knowingly collect personal information from anyone under 18. If you believe we have collected information from a minor, contact privacy@247profits.org and we will delete it.

12. Security

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including TLS encryption in transit, encryption at rest for sensitive fields, role-based access controls, audit logs, and least-privilege policies. No system is 100% secure — if we become aware of a breach affecting your information, we will notify you in accordance with applicable law.

13. Changes to This Policy

We may update this Policy from time to time. Material changes will be announced by email (at the address on file) and by an in-Software banner at least 14 days before they take effect. The version of this Policy in effect at the time of your most recent acceptance — captured by hash, IP, user-agent, and timestamp — governs the rights between us with respect to that purchase.

14. Wins, Testimonials, and Public Showcases

We celebrate student wins on the public wall at 247profits.org/wins and on our marketing pages. Here is exactly how that works.

a) What we capture. When you post a result in our Discord community — for example, a sales screenshot, a first-sale announcement, or a milestone post — we capture the message text, attachments, your Discord display name, and a link back to the original post. We also capture peer reactions (🏆, 💰, 🚀, 🔥) which signal that the post was a win. This capture is automatic and limited to channels in our explicit allowlist (today: #wins and similar celebration channels). We do not silently scan general chat or DMs.

b) Automated classification. Captured messages pass through an AI classifier (Claude Haiku) which estimates whether the post represents a real customer win, what type (first sale / milestone / monthly / breakthrough), and an approximate dollar amount. This classification is never published unedited. It surfaces in our internal admin queue at /admin/wins and waits for human review.

c) Consent before public use. No win moves to a public surface without one of the following:

  • Blanket-TOS consent — for content that was already public when you posted it (Discord channels visible to all members, your own social posts you tagged us in, screenshots you previously consented to use). These showed up on our existing landing page when you joined the community and are reflected on the wall today.
  • Direct DM consent — for new captured wins, we DM you with the proposed quote and a one-click withdrawal link. We treat any explicit "yes," ✅ reaction, or "use it" response as approval. We do NOT publish on silence.
  • Manual admin approval — Sabbo personally reviews each candidate before it reaches /wins.

d) What goes public. Your display name, win type, dollar amount, and an approved quote drawn from your post. Your Discord avatar URL is shown unless you ask us to remove it. We do not publish your phone number, email, billing address, or anything else from your account profile.

e) How to withdraw. You can remove your win from the public wall at any time:

  1. Click the withdrawal link in your consent DM (this hits a secure RPC, flips the row private within seconds, and notifies our operations team).
  2. Email privacy@247profits.org with "remove my win from the wall" — we'll action within 24 hours.
  3. Reply ❌ or "remove this" to the consent DM at any time.

We commit to a <1-second technical SLA for self-service withdrawal (the row is flagged private the moment the link fires) and a <24-hour human SLA for manual takedowns via email. The data row itself is retained internally so we can audit the consent history and so you can ask us to restore it later — it is just no longer surfaced publicly.

f) AI-classification spend ledger. We log every classification call (token counts, cost in cents, the JSON verdict) so we can audit the system and stay within our daily AI-budget cap. This ledger contains no personal data beyond a Discord message ID and channel ID — both of which you already know about.

g) Imported testimonials. Cards already shown on our existing landing page (Brandon, Jeff, Diaz, Winston, Xavier, Raf, etc.) are stored under consent_method = 'tos_blanket'. They are on this wall because they were on the public funnel before this policy version took effect; the same withdrawal mechanism applies — email us and we'll remove.

This Section 14 is part of how we use information described in Section 2 (purposes 1, 4, 6) and how we share information described in Section 4 (we do not sell win data; the only "sharing" is publishing it on our own marketing pages with your consent).

14A. Community Map (Opt-In Student Globe)

We provide an interactive globe at /community/map that shows other students as dots so the community can see roughly where each other are. Participation is opt-in only — by default your dot does not appear.

a) What we collect when you opt in. Either (i) your country code and an optional self-typed city label, or (ii) your browser-precise coordinates if you grant the geolocation prompt. In every case, before we store anything, we add ±0.05° random jitter (≈3.5 miles at the equator) to the latitude and longitude. The fuzzed coordinates are what we save; the original precise coordinates are not retained.

b) What goes public. The fuzzed latitude/longitude, country code, your typed city label (if provided), your display name, your avatar URL, and your student tier label. We do not publish your address, exact location, IP, email, or phone.

c) How to withdraw. Toggle "Hide me" on your profile at /academy/profile (it calls a secure RPC that NULLs every map field within ~1 second), or email privacy@247profits.org. We action manual requests within 24 hours.

d) What we do not do. We do not store your precise coordinates, sell or share community-map location data with third parties, or use it for advertising. The data exists only to power the public dot rendering.

This section is part of Section 2 (purpose: community engagement) and Section 4 (we do not sell community-map data).

14B. Amazon Selling Partner Data

When you connect your Amazon Seller Central account to the Software through the "Connect Amazon" flow, we access a defined subset of your Amazon data through the Amazon Selling Partner API (SP-API) under the authorization you grant. This section describes that integration in detail. The companion public document 24/7 Profits — Amazon Data Protection Plan is published at /amazon-data-protection and forms the basis of our Amazon Developer Application; both documents are kept consistent.

a) Data categories we pull. With your authorization, we pull (and only pull) the following SP-API data sets:

  • Orders — order ID, purchase date, fulfillment channel, ASIN-level line items, order status, buyer-anonymized order metadata. We do not pull buyer name, email, phone, or shipping address (we do not request the Restricted Personally Identifiable Information (PII) role).
  • Inventory — current FBA + FBM inventory levels, replenishment recommendations, in-bound shipments, sellable / unsellable units, IPI score, storage usage.
  • Pricing — your active listing prices, Buy Box ownership, competitor prices on the same ASIN, and historical price changes for your listings.
  • Returns / FBA reimbursements — return reasons, reimbursement events, lost-inventory reimbursements.
  • Catalog metadata — product titles, dimensions, weights, brand, category, parentage relationships for your ASINs.
  • Reports — a fixed set of standardized SP-API reports we request on a scheduled basis (settlement, FBA inventory, sales-and-traffic, restock).

We do not pull Restricted PII (buyer name / address / phone / email). We do not call any SP-API operation outside the scope explicitly granted at connection.

b) Why we pull it. Solely to provide the features you signed up for: profit calculation, automatic deal grading, replenishment alerts, refund-rate monitoring, IPI tracking, Seller-Spy benchmarking against tracked competitors, and the analytics dashboards inside the Software. We do not use Amazon data for advertising, do not sell it, do not share it with other Amazon sellers, do not aggregate it into a product visible to your competitors, and do not train any AI model on it.

c) Encryption. Amazon refresh tokens are encrypted with AES-256 before being stored in our database and are sealed inside Supabase Vault under per-credential row-level security; they are never placed in any user-facing column or analytics view. All API calls between your browser, our servers, and Amazon SP-API are encrypted in transit with TLS 1.2 or higher.

d) Internal access. Access to Amazon refresh tokens and the raw SP-API response cache is restricted to the production Supabase service role and a named admin account held by AllDayFBA LLC's sole engineering owner. Every load of a credential is recorded in an internal credential_use_log audit table (no PII), and tokens are scrubbed from application logs by the centralized log redactor before serialization.

e) Retention. Refresh tokens are deleted immediately when you disconnect at Settings → Integrations → Disconnect Amazon or when you delete your account. Sync'd Amazon data (orders, inventory snapshots, derived analytics) is retained per the table in Section 8 of this Policy so that your historical metrics (refund rates, BSR trends, profit history) remain available across reconnects — this is intentional and important: deleting your sales history would silently break months of analytics. If you want the historical data deleted as well, exercise your full account-deletion right under Section 9 (privacy@247profits.org) and we will purge both the credentials and the derived data within the 30-day window required by applicable law (and confirmed under the Amazon Data Protection Plan).

f) Disconnection. Disconnect at any time at Settings → Integrations → Disconnect Amazon. The disconnect endpoint (i) revokes our copy of the refresh token in our database and clears the access-token cache, (ii) writes a revoked audit row, and (iii) instructs you to also revoke our app from Seller Central → Apps & Services → Manage Your Apps, which is the only way to fully terminate the refresh token on Amazon's side.

g) Breach response. If we experience a security incident affecting your Amazon SP-API data, we will notify Amazon Developer Support within 72 hours in accordance with Amazon's Data Protection Policy, and we will notify you in accordance with applicable law (see Section 12).

h) Subprocessors. The same subprocessor list at /subprocessors applies. Amazon SP-API data is processed by Supabase (database + Vault, region listed in the Data Protection Plan), Vercel (compute), and Cloudflare (CDN). It is not shared with any analytics, marketing, AI training, or ad-tech subprocessor.

This Section 14B is part of how we use information described in Section 2 (purpose 1, 7) and how we share information described in Section 4(a).

14C. Browser Extension (24/7 Profits — FBA Analyzer)

We offer an optional Chrome browser extension, "24/7 Profits — FBA Analyzer," that displays your own 24/7 Profits product analysis directly on the Amazon product page you are viewing. Installing and using the extension is entirely optional and is not required to use the Software. This section describes the data the extension accesses and transmits, and mirrors the data disclosures we publish on the extension's Chrome Web Store listing.

a) Authentication information. When you are signed in to 247profits.org, the extension reads your existing 24/7 Profits session token from your signed-in 247profits.org browser session and sends it, over an encrypted (HTTPS / TLS 1.2+) connection, to our own API solely to authenticate that the analysis requests are coming from you. The extension does not read, collect, or transmit credentials, cookies, or tokens for any site other than 247profits.org, and it never stores or transmits your password.

b) Website content (the product you are viewing). On an Amazon product or search page, the extension reads the product identifier (ASIN) and URL of the listing you are viewing and sends it to our API to retrieve that product's analysis (profit, ROI, BSR, Buy Box, and BUY/PASS verdict). It does not read, collect, or transmit the content of pages on any site other than Amazon product/search pages and 247profits.org.

c) Local caching. Analysis results are cached locally in your browser's extension storage so that revisiting a product is instant and does not re-spend your credits. This cache lives only on your device, is size-bounded and evicted automatically, and is removed when you uninstall the extension.

d) Permissions. The extension requests only the permissions needed for the single purpose above: cookies plus 247profits.org host access (to read your session for authentication), scripting / tabs plus amazon.com host access (to display the overlay on the Amazon page you are viewing), and storage / unlimitedStorage (for the local cache in (c)). It executes no remotely-hosted code; the chart is rendered by embedding our own 247profits.org page in a frame, which runs in its own origin.

e) What the extension does NOT do. It does not collect your browsing or web history, does not track your clicks, keystrokes, scrolling, or mouse position, does not access pages outside Amazon product/search pages and 247profits.org, does not sell or share your data with third parties, and is not used for advertising, creditworthiness, or lending. All data it transmits goes only to our own first-party API.

f) Removal. You can remove the extension at any time from your browser's extensions page (chrome://extensions); uninstalling it stops all of the above and clears its local cache. Removing the extension does not delete your 24/7 Profits account data, which is governed by the rest of this Policy.

This Section 14C is part of how we use information described in Section 2 and how we share information described in Section 4(a); the local cache in (c) is processed only on your device and is not a disclosure to any third party.

15. Contact

Privacy questions: privacy@247profits.org Data deletion / data subject rights: privacy@247profits.org General contact: support@247profits.org

AllDayFBA LLC dba 24/7 Profits (Postal address as listed in the footer of every legal page.)


AllDayFBA LLC dba 24/7 Profits

⚠ Postal address pending — set NEXT_PUBLIC_LEGAL_STREET/CITY/REGION/POSTAL in Vercel env.

Support: support@247profits.org · Privacy: privacy@247profits.org · Legal: legal@247profits.org

© 2026 AllDayFBA LLC dba 24/7 Profits. All rights reserved.