Privacy Policy

Last updated: June 18, 2026

Should you trust us with this?

Honest answer: we can read what you upload, because that's how reports get generated. We can't pretend otherwise — anyone who tells you their analytics tool "can't see your data" is either lying or shipping a useless product.

What we promise instead: we don't sell your personally identifiable data, we don't share buyer-level detail with anyone outside your account, we don't train AI on it, and we have no API connection to your Whatnot store at all. Aggregated, anonymized trends may power benchmark features. You upload a file. We give it back to you with structure. That's it.

You can delete everything from Account → Danger Zone whenever you want. We don't keep a hidden copy.

What we collect

  • Account info: name, email, password (hashed). You give us this at registration.
  • Whatnot CSV rows you upload: buyer names, buyer states, order amounts, product titles, livestream names, Whatnot seller ID, etc. These come from the CSV file Whatnot hands you.
  • Basic usage telemetry: which reports you’ve generated, how often you log in, and which pages and dashboard features get used. Page analytics are self-hosted — that data lives on our server and is never shared with anyone.
  • Interaction patterns via Microsoft Clarity (clicks, scrolls, which features get attention) — with strict on-device masking, meaning every word and number on your screen is redacted in your browser before anything is sent. Clarity recordings of your dashboard contain no readable text: no revenue figures, no buyer names, nothing.
  • Stripe handles payment info. We only see that a charge succeeded and the masked last four digits.

What we do with it

  • Show you analytics based on your own data.
  • Send product updates and announcements to users who opted in at registration. Every email includes an unsubscribe link.
  • Generate AI insights via Anthropic's Claude API. We send aggregated metrics derived from all of your uploaded CSVs — and every identifying string (buyer handles, product titles, US state codes) is replaced with a positional placeholder before the prompt leaves our server. Claude sees "buyer_a, item_p1, state_a"; we swap the real strings back in on your dashboard. Anthropic does not train on API traffic.
  • Include your data in anonymized, aggregated industry reports shared with brands, retailers, or researchers. This is a condition of using the service. Anonymized means no seller IDs, no buyer names, no item titles — only bucketed aggregates that cannot be traced back to you or your buyers.

What we don’t do

  • Sell your raw data. Ever.
  • Share buyer names or order-level detail with anyone outside your workspace.
  • Use your data to train machine-learning models, ours or anyone else’s.
  • Plant ad trackers or cross-site tracking on the dashboard — no ad pixels, no retargeting, nothing that follows you around the web. The only third-party measurement we use is Microsoft Clarity in strict masking mode (described above), which cannot read your data.

Your controls

  • Delete any report from the Account page.
  • Hide rows you know are bad so they’re excluded from all metrics.
  • Revoke marketing or data-share consent anytime by emailing support.
  • Delete your entire account — reports, orders, insights, buyers — from Account → Danger Zone.

Storage + security

Your data is stored in our database, hosted on WP Engine in the United States. Encrypted at rest by the hosting provider, transferred over HTTPS. We don’t promise zero breach risk — no one honestly can — but we use the standard protections a modern SaaS should.

Rights if you’re in the EU/UK/California

You have the right to access, correct, export, or delete your data. Most of this you can do yourself from the Account page. For anything else, email support and we’ll handle it within 30 days.

Contact

Questions about privacy: contact support.