customerfinder

Privacy Policy

Last updated: 19 May 2026

This Privacy Policy explains what personal data Customer Finder ("we", "us", "our") collects, why, and how we handle it. We are the data controller for the personal data described here.

1. Data We Collect

  • Account data: your email address, provided when you sign up or subscribe.
  • Search data: the product descriptions, URLs, and search parameters you enter, along with the generated search terms and the timestamp of each search.
  • Technical data: your IP address, user agent, and referer. We derive coarse geographic information (country, region, city) from the IP via a third-party geolocation API.
  • Payment data: handled entirely by Stripe. We never see or store your card details; we receive only a customer identifier, subscription status, and billing metadata.
  • Error data: if something goes wrong, diagnostic information is sent to our error-tracking provider (Sentry) so we can fix it.

2. How We Use Data

  • To run the Service: generate searches, return results, send digest emails.
  • To bill and provide customer support for paid plans.
  • To monitor performance, prevent abuse, and improve the Service (aggregated and anonymised where possible).
  • To communicate with you about your account or service changes.

3. Legal Bases (UK/EU users)

We process personal data on the bases of (a) performance of our contract with you (running the Service and processing payments), (b) our legitimate interests in operating, improving, and securing the Service, and (c) consent where required (for example, optional marketing emails).

4. Sharing

We share personal data only with service providers acting on our behalf:

  • Stripe — payment processing.
  • Anthropic / OpenAI — large-language-model inference to generate search terms (your product description is sent to the model and is not used for training under our API agreements).
  • ip-api.com — IP-to-geo lookups.
  • Sentry — error tracking.
  • Render — hosting and database.

We do not sell personal data. We will disclose data only as required by law or to protect our rights.

5. International Transfers

Some service providers are based outside the UK/EU. Where data is transferred internationally, we rely on standard contractual clauses or equivalent safeguards.

6. Retention

Account and subscription data is retained for as long as your account is active and for up to seven years after closure to meet legal and accounting obligations. Search history is retained for analytics and product improvement; you can request deletion at any time.

7. Your Rights

Under UK GDPR you have the right to access, correct, port, restrict, or delete your personal data, and to object to processing. To exercise these rights, email info@sashy.ai. You also have the right to complain to the UK Information Commissioner's Office (ico.org.uk).

8. Cookies

We use a small number of strictly-necessary cookies (for example, to keep you signed in). We do not use third-party advertising or cross-site tracking cookies.

9. Security

We use encryption in transit (HTTPS) and at rest, restrict access to production systems, and follow standard security practices. No system is perfectly secure; we'll notify affected users promptly if a breach occurs.

10. Changes

We may update this Policy. Material changes will be announced via email or in-app notice.

11. Contact

Questions about this Policy can be sent to info@sashy.ai.