// Trust & Security Report
Perpetua Labs, LLC (product brand "Perpetua"; privacy policy issued by Flywheel Digital Limited, part of Omnicom Group)
eCommerce retail-media advertising optimization platform for Amazon, Walmart, Instacart and other marketplaces (campaign automation, Display/Video advertising, market intelligence reporting). Formerly branded "Sellics" (Amazon SEO/PPC tool); Sellics rebranded to Perpetua after a 2022 merger, and Perpetua was subsequently folded into the Ascential/Flywheel Digital portfolio, which Omnicom acquired in Jan 2024.
Certifications held
1
Maturity
Growth
Trains on your data
Unknown
Trust center
No
// Certification ledger
Each held certification is backed by a verbatim quote from the vendor's own trust or security page. “Not confirmed” means we could not verify it publicly, not that the vendor lacks it.
Verify on perpetua.io“"This global privacy policy explains how Flywheel Digital Limited and/or its affiliates ("Flywheel" referred to as "we", "us" or "our") handle your personal data..." and "If you are located in the EEA, this may involve transferring your data outside the EEA" with processing grounded in "Performance of Contract", "Legitimate Interests", and "Consent", plus EEA data-subject rights language and reference to "pseudonymisation and encryption of personal data".”
> Show 8 unconfirmed / not-held certifications
source: perpetua.ioNo public evidence: no trust center, security page, or SOC 2 mention found on perpetua.io, its Help Center (help.perpetua.io), or its privacy policy/terms. A SOC 2 result surfaced in search belongs to "getflywheel.com" (Flywheel, a managed WordPress hosting company) - a different, unrelated company from "Flywheel Digital Limited" (Perpetua's corporate parent); it does not apply to this vendor.
source: perpetua.ioNo public evidence of ISO 27001 certification on perpetua.io or in its privacy policy/terms.
source: perpetua.ioNo public evidence; HIPAA is not mentioned anywhere on perpetua.io, and the product (retail-media/ad optimization) is out of scope for HIPAA-regulated data.
source: perpetua.ioNo public evidence of PCI DSS on perpetua.io. The product does not appear to process cardholder payment data directly.
source: perpetua.ioNo public evidence of any of these certifications on perpetua.io.
source: perpetua.ioNo public evidence of AI governance certification, despite the product using "AI-powered automation" for bidding/campaign optimization.
source: perpetua.ioNo public evidence of CSA STAR registration on perpetua.io.
source: perpetua.ioNo public evidence; not applicable, this is a commercial ecommerce tool, not a US government product.
// Privacy & AI training
Trains on customer data
Not stated
Data processing agreement
Not offered
Data region
Not specified on the public site; privacy policy notes EEA-to-outside-EEA transfers are covered by intercompany data transfer agreements, but no specific region/residency commitment (e.g., EU-only hosting) is published.
No standalone public DPA page was found (dpa/subprocessor URLs 404 or are unindexed). The Terms of Service contain a broad data-use license: "You agree that we (including our Affiliates) may freely use any data (including the Customer Materials) which we learn, acquire or obtain in connection with the performance of a Contract to improve the quality of our respective services and deliverables." This is broad enough to cover model/algorithm improvement but does not explicitly say "train AI/ML models on customer data" or offer an opt-out, so the answer is recorded as unknown (null) rather than assumed true or false.
// Security controls
Encryption in transit/at rest
Privacy policy references "the pseudonymisation and encryption of personal data" as a security measure, but gives no technical specifics (e.g., TLS version, at-rest algorithm).
perpetua.ioTrust center / dedicated security page
Not found. No security.perpetua.io, trust.perpetua.io, or /security page exists (404). Help Center (help.perpetua.io) has no security/compliance articles among its 12 collections.
perpetua.io// Products & data scope
data: Advertising performance data, campaign spend, ACoS/sales metrics from Amazon, Walmart, Instacart seller/vendor accounts
Core product; automated bidding and campaign creation via connected marketplace advertising APIs.
data: Ad creative assets, placement and performance data
Extension of core optimization into display/video ad formats.
data: Aggregated category, competitor, and digital-shelf data plus the brand's own sales/ad data
Enterprise-level reporting layer; no separate compliance posture disclosed from the core product.
data: Historical: Amazon listing, keyword, and PPC data
Sellics merged into Perpetua ("Sellics joins forces with Perpetua", per current site footer); the Sellics brand and product are no longer independently offered. Any AIFOXX listing under "Sellics" should redirect/relabel to Perpetua.
// What to watch
- IDENTITY / LISTING MISMATCH: The AIFOXX slug "sellics" refers to a brand that no longer exists independently. The vendor's own site states "Sellics joins forces with Perpetua" and all product, pricing, and legal pages are now under the Perpetua brand and perpetua.io domain. The listing should be updated to reflect Perpetua as the current product, with Sellics noted as a legacy/former name only.
- CORPORATE STRUCTURE AMBIGUITY: The privacy policy is issued by "Flywheel Digital Limited" while the Terms of Service name the contracting entity as "Perpetua Labs, LLC. or the Perpetua Affiliate identified on the Order Form." This is consistent with Perpetua being a brand inside the Ascential/Flywheel Digital portfolio (acquired by Omnicom Group in Jan 2024), but the exact contracting entity a customer signs with will vary by Order Form and was not independently confirmed beyond the ToS text.
- NO TRUST CENTER OR SECURITY PAGE: No SOC 2, ISO 27001, or any other formal security certification was found anywhere on perpetua.io, its privacy policy, terms, or help center.
- POSSIBLE IDENTITY-CONFLATION TRAP AVOIDED: A web search for "Flywheel Digital SOC 2" surfaced a SOC 2 Type II attestation, but it belongs to getflywheel.com (a managed WordPress hosting company, unrelated), not to Flywheel Digital Limited (Perpetua's actual corporate parent, part of Omnicom's ecommerce agency portfolio). This cert must NOT be attributed to Perpetua/Sellics.
- AI training posture is unclear: the ToS grants a broad license to use customer data "to improve the quality of our respective services and deliverables," which could include using data to train/tune the product's ad-bidding AI, but there is no explicit AI-training disclosure or opt-out mechanism published.
- No published data residency or subprocessor list; enterprise buyers requiring EU-only hosting or GDPR Article 28 subprocessor transparency would need to request this directly from sales.
// At a glance
Pricing model
Not published; site funnels to "Book a Demo" / "Request a Demo" - custom/sales-assisted pricing, no self-serve tiers listed.
Self-hostable
No
// How we verified this
Every certification marked HELD is confirmed against a verbatim quote on Perpetua Labs, LLC (product brand "Perpetua"; privacy policy issued by Flywheel Digital Limited, part of Omnicom Group)'s own trust, security, or privacy pages. We reject certifications claimed only on third-party aggregators, on a cloud host's behalf, or by a similarly named company.
Last verified 2026-07-09. Compliance changes over time. Always confirm directly with the vendor before relying on any certification for a purchasing or compliance decision.
perpetua.io