Privacy Policy
Effective date: 2026-05-14 · Last updated: 2026-07-10
Real Product Origin ("we", "us") operates the Product Origin Checker browser extension, mobile app, and supporting backend services (collectively, the "Service"). This Privacy Policy explains what data we collect, how we use it, and your rights.
1. What we collect
1.1 Information you provide
- Complaint submissions: When you use "Contest this finding", we collect the information you fill into the form — your name, email address, optional phone number, your stated affiliation or credentials, the indicators you're contesting, any proposed corrections, and your free-text reasoning.
- Email-verification interactions: Whether and when you clicked the verification link we sent. We use this to confirm you own the email address you provided.
- Sign-in and account: When you sign in to use the mobile app or to subscribe, we collect your email address. We do NOT collect a password — sign-in uses a one-time link sent to your email (magic link). We store the email, the timestamp you first verified it, the timestamp of your most recent sign-in, and the anonymous install identifier(s) of the browsers/devices you have signed in from.
- Subscription details: If you subscribe, Stripe collects your billing information directly (see section 3). We receive back and store: your Stripe customer identifier, your subscription plan (Basic, Pro, or Premium — monthly or yearly), your current billing-period start and end dates, whether you have set your subscription to cancel at period end, and — if you cancel and choose a reason from the Stripe survey — that cancellation-reason category and any free-text comment you provided.
- Access-code redemptions: If we've given you an access code (a private promo, gift, or partnership code of the form
RPO-XXXX-XXXX) and you redeem it in the extension, we store the code you redeemed, the time you redeemed it, and the plan tier it granted, so we can honor your access until the code's expiration date. Codes are not linked to any identity beyond the account that redeems them.
1.2 Information collected automatically
- Product identifiers (ASINs): The Amazon Standard Identification Numbers of products you ask us to score. We cache scores by ASIN.
- Product-page content: When the extension is active on an Amazon product page — either automatically (default) or when you open the popup with auto-check disabled — it reads the page's public product information and sends it to our backend to compute an origin score. Specifically: the product title, brand, seller name, price, "Sold by" and "Ships from" fields, product description, A+ content text, up to 15 questions-and-answers, a short excerpt of top reviews, and up to 8 product gallery image URLs. We do not read your Amazon account, cart, purchase history, or any other Amazon page besides the product-detail page you're actively viewing. The extension has no permission for non-Amazon sites.
- Anonymous install identifier: When you install the browser extension or mobile app, we generate a random UUID and store it in your browser's local extension storage (or the app's local sandbox on mobile). This UUID is sent as an HTTP header (
X-Install-Id) with every request to our backend so we can measure aggregate usage — how many distinct installs are active, how often each install requests a score, and cache-hit patterns. It is not linked to your name, email address, Amazon account, IP address in our aggregates, or any other identifier. Uninstalling the extension or app permanently erases it, and reinstalling generates a new one. - Coarse country from browser timezone: We derive a two-letter country code (e.g.
US,DE,JP) from your browser's IANA timezone (e.g.America/New_York) and send it as an HTTP header (X-Client-Country). This is not GPS-precise location: it never reveals a city, street, or coordinates, and we never ask your browser for its geolocation. The country is used only to plot aggregate usage on a world map so we can see roughly where our users are. - Submission metadata: For each complaint, we record the IP address it was submitted from and the User-Agent of the browser/device. This helps us detect abuse and is retained only for audit purposes.
- Server logs: Standard request logs from our hosting provider (Render) recording request paths, timestamps, response codes. These do not include personal data beyond IP addresses and are retained for 7–30 days for operational monitoring.
- Error tracking (if enabled): If we have Sentry enabled, application errors are sent to Sentry for diagnosis. Sentry data is automatically scrubbed of personal data we control.
- Session token: When you sign in, we create a session token — a random string with no personal information in it — and store it in your browser's local extension storage (or the app's local sandbox on mobile). The token is sent as an
Authorization: Bearerheader on subsequent requests so we know it's still you. Sessions last 30 days from your most recent activity; signing out or 30 days of inactivity invalidates the token. - Free-tier usage counter: If you have not subscribed, we count how many product checks you have used in the current calendar month, keyed on your account (if signed in) or the anonymous install identifier (if not signed in). The counter resets on the first day of the next month.
1.3 What we DO NOT collect
- We do not collect your Amazon account information, login, or order history.
- We do not collect your browsing history outside of Amazon product pages.
- We do not collect or store your full payment-card number, CVC, or expiry date. If you subscribe, Stripe collects those directly through their hosted checkout — see section 3. We only receive back a Stripe customer identifier and subscription metadata (plan, dates, status), as described in section 1.1.
- We do not collect precise location: no GPS coordinates, no city, no street. The only geographic signal we collect is the coarse country code described in section 1.2, which is derived from your browser's timezone and never reveals more than a country.
- We do not collect advertising IDs, contacts, or microphone/camera data. The anonymous install UUID described in section 1.2 is not an advertising identifier — it is never shared with third parties for advertising and it does not survive an uninstall.
- The browser extension does not have permission to read or write any non-Amazon pages.
- The mobile app does not request permission to read your contacts, photos, location, or clipboard contents outside of the explicit "Check the link you copied?" prompt.
2. How we use what we collect
- Scoring products: Product ASINs are sent to our backend, which queries the Anthropic Claude API to compute the four transparency indicators (Made in, Ships from, Retailer, Money goes to). The product ASIN, scraped page fields (title, brand, seller, etc.), and the resulting score are cached to speed up repeat lookups — up to 180 days for immutable indicators (Made in, Money goes to) and up to 30 days for volatile ones (Retailer, Ships from). A cached score is invalidated immediately if we detect that the product's brand or seller has changed since we last scored it.
- Reviewing complaints: Your complaint submissions are reviewed by our team. We may contact you at the email or phone number you provided to follow up.
- Service improvement: We use aggregate patterns from cached scores and complaint outcomes to refine our scoring engine.
- Aggregate usage measurement: The anonymous install UUID and coarse country code described in section 1.2 are used only to power an internal usage dashboard — totals such as "how many installs are active this week," "how often each install scores a product," "which countries our users are in." We do not sell, share, or otherwise disclose this data to third parties.
- Abuse prevention: IP addresses and User-Agents from complaint submissions are used to detect spam, bots, and coordinated abuse.
3. Third parties we share data with
| Recipient | What they receive | Why |
|---|---|---|
| Anthropic, PBC | Scraped product metadata (title, brand, seller, reviews snippets) to score. Per Anthropic's policy, this is processed for inference and is not used to train their models without explicit opt-in. | Country-of-origin scoring requires AI inference. |
| Stripe, Inc. | If you subscribe: your email address, billing address, and payment-card information — collected directly by Stripe in their hosted checkout and customer-portal pages. We do NOT receive or store your full card number, CVC, or expiry date. We only receive back a Stripe customer identifier (cus_…), a subscription identifier, plan tier, current-period timestamps, subscription status, and (if you cancel) the cancellation-reason category you selected. |
Subscription billing, recurring charges, hosted customer portal for cancel / update card / switch plans. |
| Render, Inc. | Hosting our backend service and managed PostgreSQL database. All data we collect is stored here. | Hosting provider. |
| Resend, Inc. | Recipient email address and verification-email contents. | To deliver complaint-verification and admin-notification emails. |
| Cloudflare, Inc. | Standard web-server logs for our marketing site (realproductorigin.com), which is hosted on Cloudflare Pages: request URL, response code, timestamp, IP address, and User-Agent. No extension or backend traffic is routed through Cloudflare. | Marketing-site CDN, DNS resolution, DDoS protection. |
| Sentry, Inc. (if enabled) | Application error data, scrubbed of personal data. | Error monitoring. |
| Law enforcement | Only as required by valid legal process. | Legal compliance. |
We do not sell your personal data. We do not share your personal data with advertisers.
4. Data retention
- Cached product scores: retained indefinitely. Individual indicators expire on their own cadence — up to 180 days for immutable indicators (Made in, Money goes to) and up to 30 days for volatile ones (Retailer, Ships from) — and are re-computed on the next request, but the historical record remains in our database for audit and quality-control purposes.
- Complaint submissions and personal data therein: retained until the complaint is resolved + 24 months for audit, or until you request deletion (whichever is later).
- Account records (email, sign-in metadata): retained for the life of the account plus 24 months after account deletion (for accounting and abuse-history purposes). Deleting your account via privacy@realproductorigin.com clears your email and links the account to an anonymous placeholder within 30 days.
- Subscription records: retained for the life of the subscription plus 7 years after final cancellation, to satisfy tax and accounting record-keeping requirements. Payment-card information is never stored by us — only by Stripe.
- Session tokens: automatically deleted 30 days after their last use, or immediately when you sign out.
- Server logs: 7–30 days.
- Manually-verified score overrides: retained indefinitely. Even when "retired", the record persists for audit. The data does not contain personal information.
5. Your rights
Depending on where you live, you may have rights under applicable law (including GDPR for EU/UK residents and CCPA/CPRA for California residents):
- The right to access the personal data we hold about you.
- The right to have inaccurate data corrected.
- The right to have your data deleted ("right to be forgotten" under GDPR).
- The right to restrict or object to certain processing.
- The right to data portability.
- The right to lodge a complaint with a supervisory authority.
To exercise any of these rights, email us at privacy@realproductorigin.com from the email address associated with your complaint(s). We will respond within the timeframes required by applicable law.
6. Children's privacy
The Service is not directed at children under 13 (or 16 in the EU). We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us and we will delete it.
7. Security
We use industry-standard practices to protect the data we hold:
- All connections to our backend are encrypted via TLS.
- Our database is hosted on private networking within Render and is not directly accessible from the internet.
- Administrative access to our admin module is gated by strong authentication and operated over TLS only.
- Secrets (API keys, passwords) are stored as encrypted environment variables; never committed to source control.
No system is perfectly secure. If we discover a breach affecting your personal data, we will notify affected users within the timeframes required by applicable law.
8. International transfers
Our backend is operated in the United States. By using the Service, you understand that your data may be processed in the United States, which may have data-protection laws different from the laws of your country.
9. Changes to this policy
We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review the policy periodically.
10. Contact us
Questions, requests, or complaints: privacy@realproductorigin.com.
Mailing address: (to be filled in).