Privacy Policy
Last updated: June 2026. This is a template — have a lawyer review it before charging customers.
What we collect
- Account data: your email address and a salted hash of your password (never the password itself).
- Product data you create: tracked replens, target prices, tags, notes, blocked lists, keyword rules, filter presets.
- Amazon connection: if you connect a seller account, an API refresh token stored encrypted, plus the order, inventory, and gating data needed to power the features you use.
- Billing: handled by Stripe; we store your plan, subscription status, and Stripe customer ID — never card numbers.
- Logs: request metadata (path, status, timing) for reliability and abuse prevention, retained for 30 days.
Cookies
We set exactly one cookie: an httpOnly session cookie required to keep you signed in. No advertising or cross-site tracking cookies.
How we use data
Only to provide the service: matching deals to your filters, enforcing plan limits, and billing. We do not sell or rent your data, and we do not use your sourcing activity to compete with you or to inform other users' feeds.
Sharing
Data is shared only with processors needed to run the service (hosting provider, Stripe for payments) and when legally required.
Deletion
The "Delete my account" button on the account page permanently removes your account and all associated data immediately. Disconnecting Amazon deletes the stored token immediately.
Security
Passwords are hashed with scrypt; sessions are stored as hashes; API tokens are encrypted at rest; all production traffic uses TLS.
Contact
Questions or data requests: contact the operator of this deployment.