Rellist private beta

Privacy

Last updated: 2026-04-24 · Private beta

Rellist is a Chrome extension + web app that crosslists a draft item across Wallapop, Vinted, and OLX using marketplace cookies already present in your browser. This page explains every piece of data the product reads, stores, or transmits. It matches the disclosures submitted to the Chrome Web Store.

What we collect

Account

  • Email address. Collected at signup through the web app (this site). Used for account identity, login magic-link delivery (via Resend), and beta-specific correspondence.
  • Session id. Opaque identifier bound to your Rellist account, stored in a first-party cookie on this domain and in chrome.storage.local inside the extension so the extension and backend know which user is acting.

Listing content you are actively crosslisting

  • Title, description, price, currency, category, condition, brand, and image URLs of the draft item you load into the extension.
  • Per-platform publish results (success / failure / validation errors) so the Progress screen can show you what landed where.

We do not read listings you did not ask us to crosslist. The content script that runs on marketplace pages only reaches into DOM elements tied to the draft you are editing, never to other users' listings, your inbox, or your transaction history.

Marketplace session state

The extension uses the marketplace's own cookies, already in your browser from a normal signed-in session. It does not read your marketplace password, OAuth refresh token, 2FA seed, recovery codes, or anything equivalent. When a marketplace asks for a CAPTCHA or 2FA code, the extension pauses and hands you the UI so you complete the challenge yourself.

Drift-sensor telemetry

When the extension expects a DOM selector on a marketplace page and the selector is missing (usually because the marketplace changed its HTML), the extension sends us a small report so we can ship an adapter fix before other users are affected. Each report contains:

  • Adapter id (e.g. vinted-es-v1).
  • Selector name that failed.
  • Timestamp.
  • Up to 8 KB of surrounding HTML, truncated from the element the selector was meant to match. Stripped of user-entered text where reasonably identifiable.
  • Marketplace origin (e.g. https://www.vinted.es). No full URLs, no query strings.

These reports do not contain your email, session id, marketplace username, listing content, or navigation history.

What we do NOT collect

  • Marketplace passwords, OAuth tokens, 2FA secrets, or recovery codes.
  • Payment-card numbers or any financial credentials.
  • Listings, messages, or transaction history belonging to you or anyone else on any marketplace.
  • Browsing history outside the marketplaces we integrate with.
  • Location data, health data, personal communications.
  • Third-party analytics (no Google Analytics, no Segment, no Mixpanel).

How we use it

  • To execute the crosslist operation you request.
  • To show you the status of that operation.
  • To detect marketplace UI changes quickly (drift telemetry) and ship adapter fixes.
  • To email you about your account and the beta.

We do not sell your data. We do not use your data to train any third-party model. We do not share your data with advertisers.

Where it is stored

  • In your browser. Marketplace cookies and extension state live in your browser profile and never leave it except during an active crosslist dispatch.
  • On our backend. Postgres database hosted in the EU. Encrypted at rest. Access restricted to the small engineering team running the beta.
  • Email provider. Resend (privacy policy) processes your email address to deliver magic-link logins and beta communications.

How long we keep it

  • Account email + session id: until you delete your account.
  • Listing crosslist records: 90 days, then purged.
  • Drift telemetry: 30 days, then purged.
  • Access logs: 14 days.

Your rights

Under GDPR / UK GDPR (the beta is EU/UK-focused), you have the right to access, correct, delete, export, and restrict processing of your personal data. Email hello@rellist.com with your request and we will respond within 30 days. You may also lodge a complaint with your national data protection authority.

Kill switch

If a marketplace asks us to pause, or we detect abuse, we ship a remote kill-switch that disables the integration on every user's extension without requiring a new release. You can see the current state of every kill-switch on the Kill-switches page.

Changes

Private-beta users will be emailed about material changes to this policy before they take effect.

Contact

hello@rellist.com