Privacy Policy

ProfitLens is operated by Nudge Social Co (“we”, “us”, “our”). This Privacy Policy explains what data we collect, why we collect it, how we use it, and the rights you have over it.

By using ProfitLens you also agree to our Terms of Service and Disclaimer.

Account information

When you create an account we collect your email address, your password (stored hashed by our auth provider), and any display name you choose to provide.

Subscription and billing information

When you subscribe to ProfitLens Pro we collect billing-related metadata returned by Stripe — including your Stripe customer ID, your subscription status, your trial / billing period dates, and the last four digits of your card. We do not store your full payment-card number, CVV, or full card expiration. Card data is collected, processed, and stored directly by Stripe under their own privacy and security terms.

Sourcing and product data you create

• Scan history (item name, scanned barcode or photo-derived category, eBay market data we retrieved, your purchase price, the verdict produced, and timestamps).
• Inventory items (title, description, condition, cost of goods, sale price, sold date, fees, shipping).
• Sourcing rules (minimum sale price, profit multiplier, risk appetite).
• Watchlist items (descriptions, max buy prices, notes).

Photos you submit for identification

When you use the photo scanner, the captured image is transmitted to our AI provider (Anthropic) for product identification. We do not permanently store your raw photos on our servers; only the AI’s text identification result is kept as part of your scan history.

Device and usage data

When you use the Service, our infrastructure providers automatically collect technical information including IP address, browser type, device type, operating system, pages visited, referring URLs, and timestamps. This is used for security, debugging, and aggregate analytics.

Cookies and similar technologies

We use first-party cookies set by our auth provider to keep you signed in and to remember session state. We do not use third-party advertising cookies or sell-data trackers. The PWA install banner and our scanner use browser localStorage to remember dismissals and preferences.

• To provide, maintain, and improve the Service.
• To look up current eBay market pricing for items you scan.
• To generate Buy / Maybe / Pass recommendations based on your sourcing rules.
• To identify items from photos using our AI provider.
• To bill your subscription, process refunds (where applicable), and prevent fraud.
• To save your scan history, watchlist, and inventory drafts for you.
• To detect, prevent, and address technical issues, security incidents, and abuse.
• To communicate with you about your account, important service notices, and updates to these legal documents.

We do not sell your personal information, and we do not share it with third parties for their own advertising purposes.

To operate ProfitLens we use the following third-party providers:

• Supabase — authentication and database hosting. Account data, profiles, scan history, inventory, and watchlist data are stored in Supabase.
• Stripe, Inc. — payment processing. Card data is collected and stored by Stripe directly.
• Anthropic, PBC — AI product identification (Claude). Photos you submit and item summaries are sent to Anthropic for processing.
• eBay Inc. — public Browse API used to fetch market pricing. We query this API using our own application credentials; we do not connect to or store anything from your personal eBay account.
• Vercel — application hosting and edge delivery.

Each of these providers handles your data under its own privacy and security policies. We have selected them based on their security practices and contractual data-handling commitments.

We retain your account information, scan history, watchlist, inventory data, and subscription metadata for as long as your account is active. If you delete your account, we delete your associated data within 30 days, except where we are required to retain certain records (for example, billing records for tax and audit purposes typically retained for up to 7 years).

Server logs containing IP addresses and request metadata are retained for up to 90 days for security and debugging purposes.

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your account and associated data.
• Export your scan history, inventory, and watchlist in a portable format.
• Opt out of non-essential communications.

To exercise any of these rights, email privacy@profitlensapp.com from the email address on file. We will respond within 30 days.

If you are a California resident, you have additional rights under the California Consumer Privacy Act and California Privacy Rights Act:

• The right to know what categories of personal information we collect, the sources, the purposes, and the categories of third parties we share with.
• The right to delete personal information we have collected from you, subject to legal retention exceptions.
• The right to correct inaccurate personal information.
• The right to limit use of sensitive personal information.
• The right to opt out of the “sale” or “sharing” of personal information. We do not sell or share personal information as those terms are defined under California law.
• The right to non-discrimination for exercising any of the above.

To exercise any of these rights, email privacy@profitlensapp.com.

If you are located in the EEA, the UK, or Switzerland, our legal bases for processing your personal information include:

• Performance of a contract — to provide the Service you signed up for.
• Legitimate interests — to operate, secure, and improve the Service.
• Legal obligations — to retain billing records and respond to lawful requests.
• Consent — where you have explicitly opted in (e.g., AI photo identification).

You have the right to:

• Access, rectify, or erase your personal information.
• Restrict or object to processing.
• Receive your personal information in a portable, machine-readable format.
• Withdraw consent at any time where processing is based on consent.
• Lodge a complaint with your local data-protection authority.

Personal information collected in the EEA / UK may be transferred to and processed in the United States. Where this occurs, we rely on standard contractual clauses or other lawful transfer mechanisms required by applicable law.

ProfitLens is intended for users 18 and older. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal information from a person under 18, we will delete it promptly. If you believe a minor has provided us personal information, contact privacy@profitlensapp.com.

We use HTTPS for all data in transit, encrypted storage at rest via our database provider, and per-user row-level security so each user can only access their own data. No system is perfectly secure; you use the Service at your own risk and are responsible for keeping your password confidential.

We may update this Privacy Policy from time to time. Material changes will be communicated to you by email and via in-app notice at least 14 days before they take effect. Your continued use of the Service after the effective date of an updated version constitutes acceptance.

Privacy questions: privacy@profitlensapp.com
General support: support@profitlensapp.com