No GDPR Worries

SellCube is written from the ground up with your customers’ privacy in mind

All your customer data is automatically anonymised when you import it into SellCube. Fields containing names, addresses, usernames, telephone numbers and email addresses are automatically stripped from the data before it is loaded to any part of the SellCube database, and the temporary files you upload which may contain these are automatically deleted as soon as the import is completed

SellCube retains only the city, county/state, country and post (zip) code data from customer addresses which means that no personally identifiable information is held. In practical terms within UK a postcode is a minimum of 15 delivery points (e.g. houses or flats) – making it impossible to identify any individual customer

What this means is that you have peace of mind that if you are hit with a GDPR Data Subject Access Request, then SellCube is one place you don’t need to go to extract the customer’s records! Of course you’ll still have to extract customer data directly from the ecommerce platforms you use, but you have to do that anyway

However, SellCube is also able to tell you about repeat customers, or even common customers with other users

This may seem impossible given the absence of personally identifiable information!

However, we do this by using a one-way cryptographic process to convert the personal information into a code of letters and numbers during the process to read the file. This code is the only thing that gets loaded to our database and cannot be reverse engineered back to the original customer details by any practical means (the only way it can be done is by trying every combination of letters and numbers up to the length of the name and address details until you find the one that matches the code, so for a typical address this will mean trying over 100 trillion combinations – and we’re going to spot it if you try to upload that much data!)

You should be aware that there are some constraints on this matching though – primarily that it relies on the details being exactly identical before encryption and that because we only store the encrypted value there’s no opportunity for SellCube to look at 2 addresses that are really the same but entered slightly differently and detect that – it simply never sees anything but an essentially random string of letters and numbers, so it’s either the same, or it’s not