Privacy Policy

Last updated: March 26, 2026

Overview

WhatToBuy (“we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and share information when you use WhatToBuy.app (the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information in the following ways:

Information you provide directly

  • Account information: Email address and password when you create an account.
  • Profile information: Display name, gender, date of birth, city, state, family member details, and preferred stores — only what you choose to provide. This information is used solely to personalize your recommendations.
  • Shopping prompts: The natural-language prompts you submit to generate shopping carts.
  • Feedback and communications: Any messages you send us via email or in-product feedback.

Information collected automatically

  • Usage data: Pages visited, features used, search queries made, and carts generated.
  • Device and connection data: IP address, browser type, operating system, and referring URLs, collected through standard server logs and analytics tools.
  • Cookies and local storage: Authentication tokens to keep you signed in. We do not use advertising or behavioral tracking cookies.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service, including generating personalized product recommendations tailored to your situation and profile.
  • Save and retrieve your past carts so you can revisit them.
  • Authenticate your account and maintain your session.
  • Improve the accuracy and relevance of recommendations over time, using aggregated and anonymized data.
  • Detect and prevent fraud, abuse, and security incidents.
  • Respond to your inquiries and provide customer support.
  • Send service-related communications (e.g., significant changes to these terms or the Service).

We do not sell your personal data to third parties. We do not use your personal data for targeted advertising.

3. How We Share Your Information

We share your information only in the following limited circumstances:

  • Service providers: We share data with third-party vendors who operate on our behalf (see Section 4). These parties process data only as instructed by us and are bound by confidentiality obligations.
  • Legal requirements: We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of WhatToBuy, our users, or the public.
  • Business transfers: If WhatToBuy is acquired, merged, or its assets transferred, your information may be transferred as part of that transaction. We will notify you before your data becomes subject to a materially different privacy policy.
  • With your consent: We may share your information for any other purpose with your explicit consent.

4. Third-Party Services We Use

We use the following third-party services to operate the Service. Each has its own privacy policy that governs how they handle data:

  • Supabase — user authentication and database storage for accounts, profiles, and cart history.
  • Anthropic Claude — the AI model that parses your prompts and generates product gear lists. Your prompts are sent to Anthropic’s API and processed in accordance with Anthropic’s Privacy Policy.
  • Serper.dev — Google Shopping search API used to retrieve product data. Search queries (not your account data) are sent to Serper to fetch results.
  • Vercel — frontend hosting, edge network, and server-side analytics.
  • Railway — backend API hosting and infrastructure.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

  • Account and profile information is retained until you delete your account.
  • Shopping prompts and generated carts are stored to allow you to revisit past results. You can request deletion at any time.
  • Server logs are retained for a limited period for security and debugging purposes, then deleted.

We may retain aggregated, de-identified data (which cannot identify you) indefinitely for analytics and product improvement.

6. Security

We implement reasonable technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These include encrypted data transmission (HTTPS), access controls, and secure credential storage. However, no method of transmission over the internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Children’s Privacy

The Service is not directed to children under the age of 13 (or 16 in the EU). We do not knowingly collect personal data from children. If we become aware that a child under the applicable age has provided us with personal information, we will take steps to delete that information promptly. If you believe we have inadvertently collected such data, please contact us at support@whattobuy.app.

8. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your account and associated personal data.
  • Objection / Restriction: Object to or request restriction of certain processing activities.
  • Data portability: Request your data in a structured, machine-readable format.
  • Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at support@whattobuy.app. We will respond to verifiable requests within 30 days.

9. International Data Transfers

WhatToBuy is operated in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or other countries where our service providers operate. By using the Service, you consent to your information being transferred to and processed in countries that may not have the same data protection laws as your jurisdiction. Where required, we rely on appropriate transfer mechanisms such as standard contractual clauses.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, disclose, and sell.
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of personal information. We do not sell personal information.
  • The right to non-discrimination for exercising your CCPA rights.

To exercise your California rights, contact us at support@whattobuy.app.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. When we make material changes, we will update the “Last updated” date at the top of this page and, where required, notify you by email. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at support@whattobuy.app.