Privacy policy

Last updated: 2026-04-29 · AIFindsDeal, operated from Pennsylvania, USA

This policy describes what information AIFindsDeal collects, why we collect it, how long we keep it, and the rights you have over it. It applies to aifindsdeal.com and any related subdomains.

Who we are

AIFindsDeal is a deal-aggregation site operated as a sole proprietorship based in the Commonwealth of Pennsylvania, USA. The data controller for purposes of this policy is the site operator, contactable at [email protected].

Information we collect

Information you provide directly

Account information: email address (required to create an account), an optional phone number for SMS price alerts, and a password (stored only as a bcrypt hash — we cannot recover it).
Tracking preferences: the products you choose to track, your target prices, your alert preferences (email, SMS, Apprise URLs), and any notification webhooks you configure.

Information collected automatically

Session cookie: a randomly-generated session_id stored in an HTTP-only cookie for 30 days. Used to attribute affiliate clicks to a session for revenue reporting.
Authentication cookie: if you log in, a JWT cookie is set for 24 hours. It contains only your user id and admin flag.
Click log: when you click an outbound deal link, we record the deal id, your session id, your user id (if logged in), your IP address, your browser user-agent, and the referring page. This is used to compute click-through rates per deal and to verify Amazon Associates commission attribution.
Server access logs: standard web-server access logs retained for 30 days for abuse mitigation and operational debugging.

We do not use third-party analytics tags (no Google Analytics, no Facebook Pixel, no advertising trackers).

How we use your information

To deliver the deal-tracking service you signed up for, including price-drop alerts.
To attribute affiliate clicks to revenue for accurate accounting and audit.
To detect and mitigate abuse (rate-limited login, IP throttling).
To operate, maintain, and secure the site.

We do not use your data for advertising profiling, retargeting, or cross-context behavioral advertising. We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

Service providers ("processors")

We share the minimum data needed with these processors to operate the service:

Amazon Web Services / Product Advertising API: outbound affiliate clicks land on amazon.com bearing our Associates tag; Amazon handles checkout and reports aggregate commission data back to us by Order ID and ASIN (no personal information about you is shared with Amazon by us).
Mailgun: sends transactional email (price alerts, account email). Receives your email address.
Amazon SNS: sends SMS price alerts when enabled. Receives your phone number.
Cloudflare: CDN and DDoS protection. Receives request metadata (IP, user agent, URL) for traffic in front of our origin.
Anthropic Claude API (optional): when AI price extraction is enabled, deal titles and descriptions are sent to Anthropic for parsing. No personal information about you is included.

Cookies

session_id — HTTP-only, 30-day expiry. Click attribution.
token — HTTP-only JWT, 24-hour expiry. Login session.
do_not_sell — HTTP-only, 1-year expiry. Set when you opt out via the do-not-sell page.
theme — non-essential. Stores light/dark preference.

All cookies are set with SameSite=Lax. None of them are used for cross-context advertising.

Data retention

Account: until you delete it (email [email protected]).
Click log: 18 months, then truncated.
Alert log: 12 months.
Server access logs: 30 days.
Anonymous opt-out cookie: 12 months from last visit.

Your rights

AIFindsDeal is operated from Pennsylvania. We honor the following rights universally, regardless of where you live, so that residents of states with active consumer-privacy statutes (including but not limited to California, Colorado, Connecticut, Utah, Virginia, Oregon, Texas, Iowa, Indiana, Tennessee, Montana, Delaware, New Jersey, and New Hampshire), residents of Pennsylvania, residents of the EU/UK under GDPR, and any other visitor receive the same treatment. Where state law grants additional rights beyond this list, those statutory rights apply directly and supersede this section.

Right to know: request a copy of the personal information we hold about you.
Right to correct: ask us to correct inaccurate information.
Right to delete: ask us to delete your account and all associated personal information.
Right to opt out of "sale or sharing": we do not sell or share personal information for cross-context behavioral advertising. You can confirm and reinforce this preference at /do-not-sell.
Right to non-discrimination: exercising any of these rights will not result in degraded service.

To exercise any of these rights, email [email protected] from the email address associated with your account. We respond within 45 days.

Children

AIFindsDeal is not directed at children under 13, and we do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact us and we will delete it.

Security

We use HTTPS for all traffic, store passwords only as bcrypt hashes, isolate database access behind the application layer, and rotate credentials periodically. No system is perfectly secure; if you discover a vulnerability, please report it to [email protected].

Changes to this policy

Material changes will be announced on this page with an updated "Last updated" date. Trivial corrections (typo fixes, link updates) do not get a new revision date.

Contact

Privacy questions: [email protected]
Postal contact available on request.