Privacy Policy
Last Updated: January 2025
1. Introduction
OriginSpotter ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Chrome extension and website.
2. Information We Collect
2.1 Information You Provide
- Account Information: When you sign in with Google, we receive your email address, name, and profile picture from Google.
- Payment Information: If you subscribe to our Pro plan, payment is processed securely by Stripe. We do not store your credit card details.
2.2 Information Collected Automatically
- Usage Data: We collect information about how you use the extension, including the number of products viewed.
- Product Data: We process Amazon product page data locally on your device. This data is cached locally and is not sent to our servers.
2.3 Information We Do NOT Collect
- Your browsing history on non-Amazon websites
- Your Amazon account credentials
- Your purchase history
- Personal financial information (handled by Stripe)
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our service
- Process your subscription payments
- Send you service-related communications
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Data Storage and Security
Local Storage: Product origin data is cached locally on your device using Chrome's storage API. This data remains on your device and is not transmitted to our servers.
Server Storage: Your account information (email, subscription status) is stored on secure servers with industry-standard encryption.
Third-Party Services:
| Service | Purpose | Compliance |
|---|---|---|
| Google OAuth | Authentication | OAuth 2.0 |
| Clerk | User session management | SOC 2, GDPR |
| Stripe | Payment processing | PCI-DSS Level 1 |
5. Data Sharing
We do not sell, trade, or rent your personal information. We may share your information only in the following circumstances:
- Service Providers: With third-party services that help us operate (Clerk, Stripe) under strict confidentiality agreements.
- Legal Requirements: When required by law, subpoena, or government request.
- Business Transfers: In connection with a merger, acquisition, or sale of assets, with notice to users.
6. Your Rights
You have the right to:
- Access: Request a copy of your personal data
- Correction: Request correction of inaccurate data
- Deletion: Request deletion of your account and data
- Portability: Request your data in a portable format
- Opt-out: Unsubscribe from marketing communications
7. Data Retention
We retain your account information for as long as your account is active. If you delete your account, we will delete your personal information within 30 days, except where retention is required by law.
8. Children's Privacy
Our service is not directed to children under 13. We do not knowingly collect personal information from children under 13.
9. International Data Transfers
Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place.
10. California Privacy Rights (CCPA)
California residents have additional rights under the CCPA. We do not sell personal information.
11. European Privacy Rights (GDPR)
If you are in the European Economic Area, you have rights under GDPR including access, rectification, erasure, restriction, portability, and objection.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy and updating the "Last Updated" date.
13. Contact Us
If you have questions about this Privacy Policy, please contact us:
Email: privacy@originspotter.com