Privacy Policy

Last updated: March 9, 2026

Our Core Promise

We will never sell, rent, trade, or otherwise share your personal data with any third party without your explicit permission. Your data belongs to you, and we treat it with the utmost respect.

1. Information We Collect

When you use StarShopper, we collect only the information necessary to provide our service:

  • Account Information: Email address, name, and password (stored as a secure BCrypt hash — we never store your plain-text password).
  • Shopping Activity: When you make purchases through our affiliate links, we record the retailer name, purchase amount, and commission earned. We do not record what specific products you buy.
  • Extension Activity: Page visits to supported retailer sites (Amazon, eBay, Walmart, Target, Best Buy, Etsy) for the purpose of applying coupons and tracking affiliate commissions. We do not track your browsing on non-supported sites.
  • Referral Information: Your referral code and the referral code used when you signed up (if any).
  • Financial Data: Commission balances, payout history, and transaction records within the StarShopper virtual bank system.

2. How We Use Your Information

Your information is used solely for the following purposes:

  • Processing and tracking affiliate commissions you earn.
  • Calculating and distributing payouts to you.
  • Applying coupons and finding savings on supported retailer sites.
  • Sending you emails you have opted into (earnings summaries, payout confirmations, account security notifications).
  • Improving our service through aggregated, anonymized analytics (never individual-level data).
  • Detecting and preventing fraud to protect your account.

3. What We Will NEVER Do

  • Sell your personal data to advertisers, data brokers, or any third party.
  • Use your browsing data to build advertising profiles.
  • Share your individual purchase history with anyone.
  • Send you marketing emails without your explicit consent.
  • Access your browsing activity on websites outside our supported retailer list.

4. Data Sharing

We share data only in these limited circumstances:

  • Affiliate Networks: When you make a purchase, the affiliate network (Rakuten, CJ, Impact, or Amazon) receives a tracking ID to attribute the commission. They do not receive your name, email, or any personal information.
  • Payment Processors: When you request a payout, we share the minimum information required to process the payment (amount and payment destination).
  • Legal Requirements: If required by law, court order, or government regulation, we may disclose information as legally obligated. We will notify you if legally permitted to do so.

5. Data Security

  • Passwords are hashed using BCrypt (never stored in plain text).
  • All API communication uses HTTPS encryption in production.
  • API keys and secrets are stored as environment variables, never in source code.
  • Webhook signatures are verified using HMAC to prevent tampering.
  • Rate limiting protects against brute-force attacks.
  • Financial transactions use idempotency keys to prevent duplicate processing.
  • Commissions are held for 30 days before becoming available, providing chargeback protection.

6. Data Retention

  • Account data is retained as long as your account is active.
  • Transaction history is retained for 7 years for tax and legal compliance.
  • If you delete your account, personal data is anonymized within 30 days. Anonymized transaction records may be retained for compliance purposes.

7. Your Rights

You have the right to:

  • Access: Request a copy of all personal data we hold about you.
  • Correction: Update or correct your personal information at any time.
  • Deletion: Request deletion of your account and personal data via the dashboard (DELETE /api/dashboard/account).
  • Portability: Request your data in a machine-readable format.
  • Withdraw Consent: Opt out of non-essential emails at any time.

8. Cookies and Browser Extension

The StarShopper browser extension stores:

  • Your authentication token (JWT) in chrome.storage.local — used to authenticate API requests.
  • Session-level deduplication data in chrome.storage.session — cleared when the browser closes.

We do not use third-party tracking cookies or analytics scripts in the extension.

9. Children's Privacy

StarShopper is not intended for users under the age of 18. We do not knowingly collect personal information from minors.

10. Changes to This Policy

If we make material changes to this privacy policy, we will notify you by email and update the "Last updated" date above. Continued use of the service after notification constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or data requests, contact us at: privacy@starshopper.com