Legal

Privacy Policy

Last updated 2026-04-30

1. Overview

This Privacy Policy explains how One2Many LLC, an Oklahoma limited liability company (“One2Many,” “we,” or “us”), collects, uses, shares, and protects information in connection with ResellMaxx (the “Service”). Capitalized terms not defined here have the meaning given in our Terms of Service.

For Customer Data uploaded into a tenant by a paying customer, we act as a data processor or service provider on behalf of that customer; the customer is the controller. For account-level data (e.g., billing contact, login credentials) and our own marketing site, we act as the controller.

2. Data We Collect

Account & billing. Name, business name, email, password hash, phone (optional), Stripe customer ID, subscription plan, billing history. Card data is handled by Stripe; we do not receive full card numbers.

Customer Data uploaded by you. Inventory records (including IMEIs, serial numbers, models, conditions, costs, sale prices), buyer and supplier contacts, invoices, ad-account metrics, IMEI-check results, chatbot conversations, and other content you load into your tenant.

Connected ad-account data. When you connect Meta or Google ad accounts, we receive OAuth tokens and the campaign, ad-set, ad, and conversion-level metrics needed for attribution.

Marketplace alerts. For FBM Sniper and similar features, we collect the keywords, radius, and city/region you configure, and the public listing results returned for those queries.

Usage & device data. IP address, browser type, device type, pages and features used, timestamps, error logs, and similar telemetry generated when you use the Service.

Communications. Emails, support tickets, and survey responses you send us.

3. How We Use Data

Provide, operate, secure, and improve the Service.
Authenticate users and isolate tenants.
Process payments, send invoices, and manage subscriptions.
Generate attribution, KPI, and inventory reports requested by the tenant.
Detect, investigate, and prevent fraud, abuse, and security incidents (including IMEI-related risk signals).
Send transactional, account, and (with appropriate basis) product-update communications.
Comply with legal obligations and enforce our Terms of Service.
Produce aggregated, de-identified statistics that do not identify you or your customers.

4. Legal Bases (GDPR)

Where the EU/UK GDPR applies, we rely on: (a) contract — to provide the Service you signed up for; (b) legitimate interests — to secure, improve, and market the Service in a way that is balanced against your rights; (c) legal obligation — for tax, accounting, and compliance; and (d) consent — where required (e.g., for certain marketing communications or non-essential cookies).

6. Cookies & Analytics

We use cookies and similar technologies that are strictly necessary to authenticate you, maintain your session, isolate your tenant, and protect against abuse. We may also use limited first-party analytics to understand feature usage and reliability. We do not use third-party advertising cookies on the Service. If we add non-essential analytics or marketing cookies, we will update this Policy and, where required, obtain consent.

7. Data Retention

We retain Customer Data for as long as your account is active and for a commercially reasonable period afterward to support backups, dispute resolution, fraud prevention, and legal obligations. Billing records are retained as required by tax law (typically up to seven years). You may delete most data from your account settings or by emailing us. Backups are purged on a rolling schedule.

8. Security

We use industry-standard administrative, technical, and physical safeguards, including encryption in transit, hashed credentials, row-level security to enforce tenant isolation, least-privilege access, and audit logging. No system is 100% secure; you are responsible for safeguarding your credentials and the data you upload. We will notify affected customers and, where required, regulators of a confirmed personal-data breach without undue delay.

9. Your Rights

Depending on where you live, you may have rights to: access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. To exercise these rights, email one2many@courtmcgee.biz. We will verify your request and respond within the timeframe required by applicable law. If you are an end user whose data was uploaded by a tenant, please direct your request to that tenant; we will assist them as the processor.

10. California Residents (CCPA/CPRA)

California residents have the right to know what personal information we collect, to delete it, to correct inaccurate information, and to limit the use of sensitive personal information, subject to exceptions. We do not sell or “share” personal information for cross-context behavioral advertising. You will not be discriminated against for exercising these rights. To submit a request, email one2many@courtmcgee.biz.

11. International Transfers

The Service is operated from the United States. If you access it from outside the U.S., you understand that your data will be transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses.

12. Children

The Service is not directed to children under 16, and we do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

13. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest version. For material changes, we will provide additional notice (e.g., email or in-app banner) before they take effect.

14. Contact

Privacy questions or requests? Contact us at one2many@courtmcgee.biz.

One2Many LLC, Oklahoma, U.S.A.