customerfinder

Privacy Policy

Last updated: 19 May 2026

This Privacy Policy explains what personal data Customer Finder ("we", "us", "our") collects, why, and how we handle it. We are the data controller for the personal data described here.

1. Data We Collect

  • Account data: your email address, provided when you sign up or subscribe.
  • Search data: the product descriptions, URLs, and search parameters you enter, along with the generated search terms and the timestamp of each search.
  • Technical data: your IP address, user agent, and referer. We derive coarse geographic information (country, region, city) from the IP via a third-party geolocation API.
  • Payment data: handled entirely by Stripe. We never see or store your card details; we receive only a customer identifier, subscription status, and billing metadata.
  • Error data: if something goes wrong, diagnostic information is sent to our error-tracking provider (Sentry) so we can fix it.

2. How We Use Data

  • To run the Service: generate searches, return results, send digest emails.
  • To bill and provide customer support for paid plans.
  • To monitor performance, prevent abuse, and improve the Service (aggregated and anonymised where possible).
  • To communicate with you about your account or service changes.

3. How We Lawfully Process Your Data

We apply GDPR-equivalent data-handling practices to every user, regardless of where they live. For users in the UK and EU, where a legal basis is required under GDPR, we rely on (a) performance of our contract with you (running the Service and processing payments), (b) our legitimate interests in operating, improving, and securing the Service, and (c) consent where required (for example, optional marketing emails). Users in other jurisdictions receive the same protections as a global baseline.

4. Sharing

We share personal data only with service providers acting on our behalf:

  • Stripe — payment processing.
  • Anthropic / OpenAI — large-language-model inference to generate search terms (your product description is sent to the model and is not used for training under our API agreements).
  • ip-api.com — IP-to-geo lookups.
  • Sentry — error tracking.
  • Render — hosting and database.

We do not sell personal data. We will disclose data only as required by law or to protect our rights.

5. International Transfers

Our service providers operate across multiple regions, so your data may be transferred between countries. Where transfers involve regions with stricter data laws (e.g. the UK or EU), we rely on standard contractual clauses or equivalent safeguards.

6. Retention

Account and subscription data is retained for as long as your account is active and for up to seven years after closure to meet legal and accounting obligations. Search history is retained for analytics and product improvement; you can request deletion at any time.

7. Your Rights

Every user can request to access, correct, port, restrict, or delete their personal data, and object to its processing. To exercise these rights, email info@sashy.ai. Users in the UK and EU additionally have the right to complain to their local data-protection authority (in the UK, the Information Commissioner's Office at ico.org.uk). Users in California, the EEA, Brazil, and other jurisdictions with consumer-data legislation have any additional rights granted by their local laws.

8. Cookies

We use a small number of strictly-necessary cookies (for example, to keep you signed in). We do not use third-party advertising or cross-site tracking cookies.

9. Security

We use encryption in transit (HTTPS) and at rest, restrict access to production systems, and follow standard security practices. No system is perfectly secure; we'll notify affected users promptly if a breach occurs.

10. Changes

We may update this Policy. Material changes will be announced via email or in-app notice.

11. Contact

Questions about this Policy can be sent to info@sashy.ai.