Privacy Policy
Last updated: June 12, 2026
This Privacy Policy explains how JCDC Ventures Pte. Ltd. (“we”, “us”) collects, uses, and protects information when you use the TheFBABros product-research tools (the “Service”), including the Market Dominator niche analyzer and related product-research features. By using the Service you agree to this policy.
Information we collect
- Account information. The email address you sign in with, and basic account and subscription status.
- Research inputs. The ASINs, keywords, marketplaces, product candidates, and notes you enter to run analyses.
- Content you upload or generate. Product reference photos you upload, image URLs you paste, brand inputs (name, audience, listing copy), and the listing, brand, and creative images the tools generate for you. These are stored so you can reuse them, and the relevant parts are sent to our AI providers to produce the output you request (see below).
- Usage data. Standard logs (requests, timestamps, errors) used to operate and secure the Service.
- Payment information. Billing is handled by our payment processor (Stripe). We do not store your full card details.
- Amazon data you authorize. If you connect an Amazon account, we access only the data needed for the feature you use (see below).
Login with Amazon and Amazon Advertising data
Some features let you connect your Amazon account using Login with Amazon. When you authorize this, we use the Amazon Advertising API solely to retrieve advertising metrics that power your research, such as keyword bid (CPC) recommendations and related keyword data. We use this access only to display those insights inside the Service. We do not create, modify, pause, or delete your advertising campaigns, and we do not place ads or spend on your behalf. You can revoke our access at any time from your Amazon account settings, after which we stop accessing that data.
How we use information
- To provide the analyses, scores, and product-research features you request.
- To operate, maintain, secure, and improve the Service.
- To process payments and manage your subscription or credits.
- To communicate with you about your account and support requests.
How we share information
We do not sell your personal information. We share data only with:
- Service providers that help us run the Service, each limited to what is needed to perform their function. Our current sub-processors are:
- Vercel (US) — application hosting, edge delivery, and object storage (Vercel Blob) for the images you upload or generate.
- Upstash (US) — Redis storage for accounts, credits, analyses, and product records.
- Stripe (US) — payment processing, billing, receipts.
- Anthropic (US) — AI processing of research inputs and the text and images you submit (Claude API, including vision).
- OpenAI (US) — AI image generation for the brand and creative studios.
- Replicate (US) — AI image and video generation for the brand and creative studios.
- DataForSEO (Estonia / EU) — keyword and SERP data for niche scans.
- Amazon (US / EU) — Selling Partner API and Advertising API data you authorise.
- Resend (US) — transactional email (sign-in codes, receipts).
The AI providers (Anthropic, OpenAI, Replicate) receive only what a feature needs to produce its output — your research inputs, brand and product content, and any images you upload or paste. They do not receive your account email or payment details. Under their API terms, your content is not used to train their models.
We also disclose information to legal and safety recipients when required by law or to protect rights, safety, and the integrity of the Service.
Where your data is stored
Your account data, credits, analyses, and product records are stored in our Upstash Redis database. Images you upload or generate are stored in Vercel Blob object storage. The Service itself runs on Vercel’s cloud infrastructure. These providers host data in regions across their global infrastructure; the sub-processors above process data in the locations listed beside each. For the specific region where your data is held, contact our Data Protection Officer below.
International data transfers
Several of our sub-processors operate outside Singapore (primarily in the United States and the European Union). When we transfer your personal data overseas, we take reasonable steps to ensure the recipient is bound to a standard of protection at least comparable to Singapore’s Personal Data Protection Act 2012 (PDPA), through the recipient’s own data protection programme and contractual safeguards.
Data retention
We keep information for as long as your account is active or as needed to provide the Service, then delete or anonymize it within a reasonable period, except where we must retain it to meet legal, accounting, or security obligations.
Security
We use reasonable technical and organizational measures to protect your information, including encrypted transport and access controls. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
Your rights and choices
- Request access to, correction of, or deletion of your personal information.
- Revoke any Amazon account authorization at any time from your Amazon settings.
- Close your account by contacting us at the address below.
Cookies
We use only the cookies necessary to keep you signed in and to operate the Service. We do not use them for third-party advertising.
Children
The Service is for business use and is not directed to children under 16.
Changes to this policy
We may update this policy from time to time. Material changes will be reflected by the “Last updated” date above.
EU and EEA users (GDPR)
If you are in the European Union, the European Economic Area, or the United Kingdom, the General Data Protection Regulation (GDPR) and the UK GDPR give you additional rights.
Lawful basis. We process your personal data primarily to perform our contract with you (Article 6(1)(b)) and on the basis of your consent where we ask for it (Article 6(1)(a)) — for example when you authorise Login with Amazon. We also rely on our legitimate interests (Article 6(1)(f)) for service security, fraud prevention, and improving the Service, balanced against your rights.
Your rights. You can request access to your personal data, correction of inaccurate data, deletion (“right to be forgotten”), restriction of processing, data portability (a machine-readable copy), and you can object to processing based on our legitimate interests. To exercise any of these, email clarence@jcdcventures.com. We respond within 30 days.
Complaints. If you believe we have not handled your personal data properly, you have the right to lodge a complaint with your local data protection authority. In the EU, the list of supervisory authorities is on the European Data Protection Board’s site (edpb.europa.eu); in the UK, the Information Commissioner’s Office (ico.org.uk).
Data Protection Officer
In accordance with section 11 of the PDPA, we have designated a Data Protection Officer (DPO) responsible for our compliance with the Act. You can contact our DPO at clarence@jcdcventures.com.
Contact
Questions about this policy or your data? Email clarence@jcdcventures.com.