Privacy Policy

Last updated July 15, 2026

The short version

Fyndare is built to work without knowing who you are. There are no visitor accounts, no sign-ups, no tracking cookies, and no advertising profiles. The little data we do handle exists to keep the site fast, honest, and abuse-free — and none of it can single you out as a person.

Information we collect

Click events. When you click an outbound coupon, deal, or store link, we record an anonymous event: which offer was clicked, the page you came from, a one-way cryptographic hash (SHA-256) of your browser’s user-agent string, and your two-letter country code (derived at the network edge). We do not store your IP address, name, email address, or any identifier that could single you out. These events power the “popular right now” and success-rate features you see on the site.

Abuse prevention. Your IP address is used transiently to enforce fair-use limits on things like voting, rating, and the AI assistant (so one person can’t stuff the ballot or flood a paid service). These rate-limit counters expire automatically — within 24 hours at most — and are never joined with click or browsing data. Separately, our hosting provider processes standard request data (including IP addresses) transiently to serve and secure the site, as virtually all web hosts do.

AI assistant questions. If you use the deal assistant, the question you type is sent to Anthropic (our AI provider) to generate the answer. We do not store your questions in our database, and Anthropic’s commercial API terms do not use them to train its models by default. Please don’t include personal information in your questions — the assistant only needs to know what kind of deal you’re after.

Community feedback. “Did this code work?” votes and store star ratings are stored only as anonymous aggregate counters (e.g. “42 people said this worked”). No vote or rating is linked to you.

What we deliberately don’t collect

  • No visitor accounts, names, or email addresses
  • No stored IP addresses in our analytics or click data
  • No tracking or advertising cookies, pixels, or fingerprinting
  • No precise location — only a country code
  • No selling or sharing of personal information, ever

Cookies

The public site sets no tracking cookies. Authentication cookies are set only inside the administration area (/admin) and only for the site’s administrators — they are strictly necessary for that login to function and are never used on public pages.

Analytics

We may use Plausible Analytics, a privacy-first, cookieless analytics service. Plausible collects only aggregate statistics (page views, referral sources, country) without cookies, without persistent identifiers, and without tracking you across sites — which is why no consent banner is required. If we ever adopt an analytics tool that does more than this, we will update this policy first.

When you leave this site

Coupon and deal links lead to retailers via affiliate networks (Awin, CJ, Rakuten Advertising, and Impact). Once you follow an outbound link, those networks and retailers may set their own cookies to attribute any purchase you make — that attribution is how this site earns commissions (see our Affiliate Disclosure). Their processing is governed by their own privacy policies, and we encourage you to review them.

Service providers

We rely on a small set of infrastructure providers to run the site:

  • Vercel — hosting and content delivery (processes request data, including IP addresses, transiently; derives the country code we store)
  • Supabase — database and image storage (holds the anonymous data described above)
  • Upstash — short-lived rate-limit counters for abuse prevention
  • Anthropic — processes AI assistant questions to generate answers
  • Plausible — cookieless aggregate analytics, if enabled
  • Resend — sends administrator password-reset emails only; it never touches visitor data

Each provider processes data on our behalf and under its own security and privacy commitments. We do not sell, rent, or share data with advertisers or data brokers.

Data retention

Anonymous click events and aggregate feedback counters are retained for as long as they remain useful for the statistics they power; they contain no personal identifiers. Rate-limit counters expire automatically within at most 24 hours. Administrator password reset tokens are single-use, stored only as hashes, and expire within one hour.

Your rights

Depending on where you live (for example under the GDPR in Europe or the CCPA/CPRA in California), you may have rights to access, correct, delete, or port personal data, and to opt out of its sale or sharing. Two honest notes on how those rights apply here: first, we do not sell or share personal information as those laws define it, so there is nothing to opt out of; second, because the data we keep cannot identify you, we are generally unable to link any of it back to a specific person who asks (a situation the GDPR anticipates in Article 11). You can still contact us with any request or question and we will do our best to help.

Do Not Track and Global Privacy Control

This site does not track visitors across websites, so there is nothing for a Do Not Track or Global Privacy Control signal to switch off — the protections those signals request are already the default here for everyone.

Children

Fyndare is not directed at children under 13, and we do not knowingly collect personal information from anyone — children included.

International visitors

The site is operated from the United States and data is processed on servers in the United States. By using the site, you understand that the minimal data described above is processed there.

Changes to this policy

If our practices change — for example, if we add a newsletter or new analytics — we will update this policy before the change takes effect and revise the “last updated” date above. Material changes will be flagged prominently on this page.

Contact

Questions about this policy — or any privacy request — can be sent to privacy@fyndare.com.