Privacy Policy
Last Updated: January 23, 2026
- 1. Introduction
- 2. Data We Collect
- 3. Data We Do NOT Collect
- 4. How We Use Your Data
- 5. Data Storage & Security
- 6. Third-Party Services
- 7. Data Sharing
- 8. Your Rights
- 9. Data Retention
- 10. Children's Privacy
- 11. International Transfers
- 12. California Privacy Rights (CCPA)
- 13. European Privacy Rights (GDPR)
- 14. Policy Changes
- 15. Contact Us
1. Introduction
OriginSpotter ("we", "our", or "us") operates the OriginSpotter Chrome extension and website (originspotter.com). This Privacy Policy describes how we collect, use, protect, and share information when you use our services.
By using OriginSpotter, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies, please do not use our services.
2. Data We Collect
2.1 Account Information
When you sign in using Google OAuth, we receive:
- Email Address: Used to identify your account and send service-related communications
- Display Name: Used to personalize your experience in the extension
- Profile Picture URL: Used to display your avatar in the extension popup
2.2 Subscription Information
- Subscription Status: Whether you are on Free or Pro plan
- Subscription ID: Reference to your Stripe subscription for billing management
Note: Credit card details are processed directly by Stripe and are never stored on our servers.
2.3 Usage Statistics
- Product View Count: The number of Amazon products you have viewed origin information for (used to enforce free tier limits)
- Extension Settings: Your preferences such as whether the extension is enabled or badge visibility
2.4 Amazon Product Data (Local Processing Only)
When you visit an Amazon product page, the extension reads:
- Product ASIN (Amazon Standard Identification Number)
- Product title
- Seller/manufacturer information displayed on the page
- Country of origin information from product details
Important: This data is processed entirely on your local device and cached using Chrome's local storage. It is NOT transmitted to our servers.
| Data Type | Collected | Stored On | Purpose |
|---|---|---|---|
| Email & Name | Yes | Our Servers | Account identification |
| Subscription Status | Yes | Our Servers | Access control |
| Product View Count | Yes | Local + Servers | Usage limits |
| Product Origin Data | Yes | Local Only | Core functionality |
| Browsing History | No | — | — |
| Payment Details | No | Stripe Only | — |
3. Data We Do NOT Collect
We are committed to minimal data collection. We explicitly do NOT collect:
- Your browsing history on non-Amazon websites
- Your Amazon account credentials or login information
- Your Amazon purchase history or order details
- Credit card numbers or banking information (handled exclusively by Stripe)
- Your geographic location
- Personal communications or messages
- Health or biometric data
- Data from other browser extensions
- Keystroke or mouse movement data
4. How We Use Your Data
We use collected information solely for:
- Providing Service: Displaying product origin information and managing your subscription
- Account Management: Authenticating your identity and maintaining your account
- Usage Enforcement: Tracking product view counts to enforce free tier limits
- Service Communications: Sending essential emails about your account or subscription
- Fraud Prevention: Detecting and preventing abuse of our service
- Service Improvement: Understanding aggregate usage patterns to improve our product
- Legal Compliance: Meeting applicable legal obligations
We do NOT use your data for:
- Targeted advertising
- User profiling beyond service functionality
- Selling to data brokers
5. Data Storage & Security
5.1 Local Storage
Product origin data and user preferences are stored locally on your device using Chrome's Storage API. This data remains on your device and can be cleared at any time through the extension's "Clear Cache" function.
5.2 Server Storage
Account information (email, name, subscription status) is stored on secure servers hosted on Render.com with:
- TLS/SSL encryption for all data in transit
- Encrypted database storage for data at rest
- Regular security audits and updates
- Access controls limiting employee access to user data
6. Third-Party Services
We use the following third-party services to operate OriginSpotter:
| Service | Purpose | Data Shared | Compliance |
|---|---|---|---|
| Google OAuth | User authentication | Email, name, profile picture | OAuth 2.0, Google Privacy Policy |
| Stripe | Payment processing | Payment details (direct to Stripe) | PCI-DSS Level 1 |
| Render.com | Backend hosting | Account data | SOC 2 Type II |
| Vercel | Website hosting | None (static hosting) | SOC 2 Type II |
Each service has its own privacy policy. We encourage you to review them.
7. Data Sharing
We do not sell, trade, or rent your personal information to anyone.
We may share limited information only in these specific circumstances:
- Service Providers: With trusted third-party services (listed above) that help operate our service, under strict contractual obligations to protect your data
- Legal Requirements: When required by law, court order, subpoena, or government request
- Safety: To protect the rights, property, or safety of OriginSpotter, our users, or the public
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with advance notice to affected users
8. Your Rights
You have the following rights regarding your data:
- Access: Request a copy of your personal data we hold
- Correction: Request correction of inaccurate or incomplete data
- Deletion: Request deletion of your account and associated data
- Portability: Request your data in a machine-readable format
- Restriction: Request limitation of processing in certain circumstances
- Objection: Object to processing based on legitimate interests
- Withdrawal: Withdraw consent at any time (where processing is based on consent)
To exercise these rights, contact us at privacy@originspotter.com. We will respond within 30 days.
9. Data Retention
- Active Accounts: We retain your account data for as long as your account remains active
- Account Deletion: Upon request, we delete your personal data within 30 days, except where retention is required by law
- Local Data: Cached product data on your device is retained until you clear it or uninstall the extension
- Backup Retention: Backups containing your data may persist for up to 90 days after deletion
10. Children's Privacy
OriginSpotter is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If we discover that a child under 13 has provided us with personal information, we will delete it immediately. If you believe a child has provided us with their data, please contact us at privacy@originspotter.com.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence, including the United States. These countries may have different data protection laws. When we transfer data internationally, we implement appropriate safeguards including:
- Standard contractual clauses approved by relevant authorities
- Ensuring third-party recipients maintain adequate security measures
12. California Privacy Rights (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act:
- Right to Know: What personal information we collect, use, disclose, and sell
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: Opt-out of the sale of personal information
- Right to Non-Discrimination: Not be discriminated against for exercising your rights
We do not sell personal information. To exercise your CCPA rights, contact privacy@originspotter.com.
13. European Privacy Rights (GDPR)
If you are in the European Economic Area (EEA), UK, or Switzerland, you have rights under the General Data Protection Regulation including:
- Access to your personal data
- Rectification of inaccurate data
- Erasure ("right to be forgotten")
- Restriction of processing
- Data portability
- Object to processing
- Lodge a complaint with a supervisory authority
Legal Basis for Processing: We process your data based on:
- Contract: To provide the services you requested
- Legitimate Interests: To improve our services and prevent fraud
- Consent: Where you have given explicit consent
- Legal Obligation: To comply with applicable laws
14. Policy Changes
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes:
- We will update the "Last Updated" date at the top of this policy
- For significant changes, we will provide notice through the extension or via email
- Continued use of our services after changes constitutes acceptance of the updated policy
We encourage you to review this policy periodically.
15. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
Email: privacy@originspotter.com
Website: https://originspotter.com
We aim to respond to all inquiries within 30 days.