← Back

Privacy Policy

Last updated: May 20, 2026

1. Introduction

EcomSpy ("we", "us", "our") operates the website at ecomspy.se. This Privacy Policy explains what information we collect, how we use it, and your rights regarding your data.

2. Information We Collect

Account information:

  • Email address
  • Password (stored securely using bcrypt hashing)
  • Name and profile picture (if you sign in with Google)

Billing information:

  • Subscription status and billing period
  • Payment details are handled entirely by Stripe and never stored on our servers

Usage data:

  • Saved filter presets and favorited stores
  • API keys you generate for programmatic access — only a sha256 hash and a short display prefix are stored; the full key is shown to you once and never retained

Security and anti-abuse data:

  • Your IP address is used to enforce rate limiting on requests
  • At the moment you create an account, we record and store your IP address, browser user agent, and referring URL. This signup record is retained to detect and prevent fraudulent or abusive account creation, and is visible only to EcomSpy admins

Feedback / bug reports:

When you submit a report via the in-app feedback form, we collect:

  • The text description and category you provide
  • An optional screenshot if you attach one
  • The page URL where you submitted the report
  • Your browser user agent and viewport size (to help reproduce bugs)
  • Your account ID (so we can follow up if needed)

Feedback reports are visible only to EcomSpy admins and are retained until the issue is resolved.

3. How We Use Your Information

  • To create and manage your account
  • To process subscription payments via Stripe
  • To send email verification when you sign up
  • To prevent abuse through rate limiting and to detect fraudulent or abusive account creation
  • To gate premium features (full store profiles, ad data, change history, API and AI-assistant access) to active, verified subscribers
  • To review and act on feedback / bug reports you submit
  • To provide and improve our services

4. Third-Party Services

We use the following third-party services:

  • Stripe — Payment processing and subscription management. Stripe's privacy policy applies to payment data.
  • Google — Optional sign-in via Google OAuth. We receive your email, name, and profile picture from Google.
  • Resend — Transactional emails (verification only). We share your email address with Resend to deliver these emails.
  • OpenAI — Used for store data classification. No personal user data is sent to OpenAI.

5. Data Storage and Security

  • Your data is stored on secure servers
  • Passwords are hashed with bcrypt and never stored in plain text
  • Authentication uses signed JWT tokens stored in your browser's local storage, which expire after 7 days
  • We do not use tracking cookies or third-party analytics

6. Data Retention and Deletion

We retain your account data for as long as your account is active. If your account is deleted, all associated data (favorites, saved filters, API keys, subscription records, and your signup record) is permanently removed from our database. To request account deletion, contact us at the email below.

If you sign up with email and do not verify your email address within 7 days, your account is automatically deleted, along with any API keys associated with it.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and data
  • Manage your subscription and payment methods via the Stripe billing portal

8. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date.

9. Contact

If you have questions about this Privacy Policy, contact us at support@ecomspy.se.