Try It Free

Privacy Policy

Last updated: February 15, 2026

The short version: We collect your email to create your account, your searches to show results, and affiliate click data to earn commissions and share cashback. We don’t sell your data. We use two cookies (both for keeping you signed in). We anonymize IP addresses after 90 days. You can delete your account and all personal data anytime. For California and European residents, your full rights are in Section 9.

1. Who We Are

Lowest Listed is a price comparison platform. When this policy says “we,” “us,” or “our,” it means the operator of Lowest Listed.

For privacy questions, contact us at privacy@lowestlisted.com.

2. What We Collect

Information you provide

  • Email address — required to create an account (via magic link, Google, or Apple sign-in)
  • Name — from your OAuth provider or provided by you (optional)
  • Passkey credentials — public key data if you set up passkey sign-in (stored on our server; your private key never leaves your device)
  • Profile information — city, state, country, and zip code, if you choose to provide them
  • Watchlist, price alerts, and shopping lists — products and price thresholds you set
  • Purchase data — if you use post-purchase price monitoring, you provide the product and purchase price

Information collected automatically

  • IP address — used for rate limiting, bot protection, and affiliate click attribution
  • Device and browser information — user agent and language headers, used for session security
  • Search queries — what you search for on the platform
  • Page views and usage patterns — collected via Umami, a cookie-free, privacy-focused analytics tool. Umami collects anonymous, aggregated data such as page views, referrer sources, and browser types. Umami does not use cookies, does not collect personal information, and cannot tie analytics data back to individual users.
  • Affiliate click data — when you click a link to a retailer, we record the click for commission attribution, including the product, retailer, timestamp, IP address, and browser information

3. How We Use Your Information

We use your data to:

  • Provide the service — show you price comparisons, track your watchlist, send price alerts
  • Process cashback rewards — attribute affiliate commissions to your account and process payouts
  • Send notifications — price alerts, smart notifications for products you’ve viewed, weekly market reports (all configurable in your profile settings)
  • Protect the service — detect fraud, prevent abuse, enforce rate limits, and verify you’re not a bot (via Cloudflare Turnstile)
  • Secure your account — session fingerprinting (a hash of your browser and language settings) to detect unauthorized access
  • Improve the service — understand usage patterns through privacy-focused analytics (Umami) and fix errors through error monitoring (Sentry, if configured)

We do not:

  • Sell your personal information
  • Use your data for advertising
  • Profile you for purposes unrelated to the service
  • Rank or prioritize search results based on your personal data

4. Cookies

We use only two cookies, both strictly necessary for authentication:

Cookie Purpose Duration
access_token Keeps you signed in 15 minutes
refresh_token Renews your session 7 days

Both cookies are HTTP-only (not accessible to JavaScript), secure (encrypted in transit), and lax same-site (sent only with top-level navigations, not embedded requests).

We do not use advertising cookies, tracking cookies, or third-party cookies. Our analytics tool (Umami) does not use cookies.

Because we only use strictly necessary cookies, no cookie consent banner is required.

5. Third-Party Services

We share data with third parties only as necessary to operate the service:

Service What They Receive Why
Polar.sh (payments) Email address, subscription selection Process Premium subscriptions. Polar acts as our Merchant of Record and handles billing, sales tax, and payment processing.
Cloudflare Turnstile (bot protection) IP address, challenge token Verify that anonymous searches come from real users, not bots.
Google / Apple (OAuth sign-in) Authorization code Authenticate your identity. We receive your email and name back.
Affiliate networks (Amazon, eBay, CJ, etc.) Click and purchase attribution data Track commissions we earn so we can share cashback with you.
SMTP email provider Email address, notification content Deliver price alerts, weekly reports, and account emails.
Sentry (error monitoring, if configured) Error details, request metadata (PII redacted) Identify and fix technical issues. Emails, tokens, and passwords are automatically stripped before transmission.

We do not sell, rent, or trade your personal information to any third party. Every service listed above receives only the minimum data needed to perform its function.

Third-party practices: When you click a link to a retailer, you leave Lowest Listed and are subject to that retailer’s own privacy policy and terms. We are not responsible for the privacy practices, data collection, or content of any third-party websites. We encourage you to review the privacy policy of any retailer you visit through our links.

6. Affiliate Links and Tracking

When you click a link to a retailer, the link passes through an affiliate network (such as Amazon Associates, CJ Affiliate, or Impact). This is how we earn commissions and fund the service.

What we record: The product, retailer, timestamp, your IP address, and browser information. IP addresses are retained for 90 days and then anonymized.

What the affiliate network does: The affiliate network may place its own tracking cookie on your browser to attribute purchases made on the retailer’s site. These cookies are set by the affiliate network, not by Lowest Listed, and are governed by that network’s own privacy policy. We have no control over and are not responsible for the data these networks collect.

7. How Long We Keep Your Data

Data Retention
Account information (email, name) Until you delete your account
Watchlists, price alerts, shopping lists Until you delete them or your account
Search history Until you delete your account
Affiliate click IP addresses 90 days, then anonymized
Magic link tokens 10 minutes
Session fingerprints 7 days
Anonymous search rate limits 24 hours
Cashback and commission records Retained for tax and legal compliance, even after account deletion
Server logs (IP, request data) Rotated automatically, maximum 50MB retained

When you delete your account, we delete your personal data and all associated records (watchlists, alerts, notifications, shopping lists). Financial records related to cashback payouts and commissions may be retained as required for tax reporting and legal obligations.

8. How We Protect Your Data

We implement industry-standard security measures to protect your personal information, including encryption in transit, secure authentication practices, and automatic redaction of sensitive data from server logs.

We do not store passwords for user accounts, eliminating an entire class of security risk.

No system is 100% secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If we become aware of a security breach affecting your personal data, we will notify you in accordance with applicable law.

9. Your Rights

Depending on where you live, you may have some or all of the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request that we fix inaccurate data
  • Deletion — request that we delete your account and personal data
  • Portability — request your data in a portable format
  • Opt out — unsubscribe from non-essential emails at any time through your profile settings or the unsubscribe link in any email

To exercise any of these rights, contact us at privacy@lowestlisted.com. We will respond within 30 days.

For California residents (CCPA): You have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. You will not receive discriminatory treatment for exercising your rights.

For European residents (GDPR): Our legal basis for processing your data is: (a) your consent (account creation, notifications), (b) legitimate interest (service security, fraud prevention, analytics), and (c) contractual necessity (providing the service you signed up for). You have the right to withdraw consent at any time by deleting your account or adjusting your notification preferences.

10. Children’s Privacy

Lowest Listed is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, contact us at privacy@lowestlisted.com and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we’ll update the “Last updated” date at the top and, if you have an account, notify you by email.

Your continued use of the service after changes take effect constitutes acceptance. If you disagree with an updated policy, you may delete your account at any time.

12. Contact

For privacy questions, data requests, or to exercise any of your rights, contact us at privacy@lowestlisted.com. We will respond within 30 days.