Privacy Policy

1. Information We Collect

We collect information you provide directly when you create an account or use our service:

• Account data — name, email address, and (if signing up with email) a hashed password. We never store your password in plain text.
• Google sign-in — if you use Google OAuth, we receive your name, email, and Google profile ID. We do not receive your Google password.
• Search history — queries you enter are logged to your account to power personalised recommendations. You can clear these from your dashboard.
• Wishlists — product lists you save are stored against your account.

2. How We Use Your Information

• To provide and improve the search, comparison, and wishlist features.
• To authenticate you and keep your session secure.
• To generate personalised buying guides based on your searches.
• To send transactional emails (e.g. password reset) — we do not send marketing email without your explicit consent.
• To analyse aggregate usage patterns so we can improve the service (only with your analytics cookie consent).

3. Cookies & Tracking

We use cookies for session management and, with your consent, for analytics. You can review and change your cookie preferences at any time on our Cookies page.

Affiliate links to retailers such as Amazon may cause those sites to set their own cookies when you click through. We have no control over third-party cookies — please review the retailer's own privacy policy.

4. Affiliate Disclosure

ScratchTheWeb participates in the Amazon Associates Program and other affiliate networks. We earn a commission when you purchase through our links at no extra cost to you. Commission rates never influence which products we recommend.

5. Data Sharing

We do not sell your personal data. We share data only in these limited circumstances:

• Service providers — infrastructure (hosting, database) that process data on our behalf under strict confidentiality agreements.
• Legal requirements — if required by law or to protect the rights and safety of our users.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, your personal data is permanently removed within 30 days. Anonymised, aggregate analytics data may be retained indefinitely.

7. Your Rights

Depending on your location you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data via the Account section of your dashboard.
• Delete your account and associated data.
• Object to or restrict certain processing activities.
• Data portability (receive a copy of your data in a machine-readable format).

To exercise any of these rights, contact us at [email protected].

8. Security

Passwords are hashed with bcrypt (cost factor 12). Sessions are managed via HTTP-only, Secure cookies signed with a JWT secret. Database connections are encrypted in transit. We follow industry-standard practices to protect your data, though no system is 100% immune to breaches.

9. Children

ScratchTheWeb is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us with their data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this policy from time to time. When we do, we'll update the "Last updated" date at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.

11. Contact

Questions about this policy? Email us at [email protected].