Privacy policy
Last updated: 2026-05-17
Who we are
PalletScout (“we”, “us”) operates the website at palletscout.app and the PalletScout Chrome extension. You can reach us at hello@palletscout.app.
What we collect
- Waitlist email. The address you submit on this site.
- Optional marketplace preference. Helps us prioritize integrations.
- Referrer / source. So we know which channels send signups.
- Hashed IP & user agent. Used to throttle abuse on the waitlist endpoint. We don't store raw IPs.
- Aggregate analytics. Vercel Analytics & Speed Insights — cookie-less, no personal identifiers.
What we don't collect
We don't set advertising cookies. We don't share or sell your email. The extension itself does not transmit any data you analyze; ASIN lookups go directly between your browser and our analysis API, and we do not log ASIN content tied to your account.
How we use your email
One email when the extension launches, plus occasional product updates if you stay subscribed. Every email has a one-click unsubscribe.
Cookies and similar technologies
PalletScout does not set marketing or advertising cookies. The waitlist form uses Cloudflare Turnstile, which may set a short-lived first-party cookie strictly to verify that you are a human rather than a bot; this cookie carries no profile, advertising, or cross-site tracking purpose. Vercel Analytics and Speed Insights run cookie-less and do not store any device fingerprint. We use first-party browser storage only when you sign in, to keep your session active across page loads.
How long we keep things
- Waitlist email and marketplace preference: kept until you ask us to delete it, or 24 months after the extension launch — whichever comes first.
- Hashed IP and user agent: 30 days, used only for abuse rate-limiting.
- Aggregate analytics: retained per Vercel's defaults (90 days for individual events, indefinitely for aggregated, anonymous counts).
- Account and billing records (after launch): kept while your account is active and for up to 7 years after closure where tax law requires.
Where data lives and who processes it
The website is hosted by Vercel. Account and waitlist data is stored in Supabase (EU-West-2, London). Anti-abuse checks run on Cloudflare. When the paid product launches, Stripe processes card payments and we never see or store full card numbers. Each provider is contractually limited to processing data on our behalf for the purposes set out in this policy. All access requires staff-side strong authentication with audit logging.
International transfers
We store data in the United Kingdom by default. Some sub-processors (e.g. Vercel, Stripe) may transfer limited operational data to the United States or other regions. These transfers rely on the UK Addendum to the EU Standard Contractual Clauses and equivalent safeguards required by UK and EU data-protection law.
Security
Data is encrypted in transit (TLS 1.2+) and at rest by our infrastructure providers. Database access is restricted via row-level security policies; only a small set of service-role credentials, held by PalletScout staff and rotated periodically, can read personal data. Production systems require multi-factor authentication. No security measure is perfect, and we encourage you to use a strong, unique password on any account you connect.
Your rights
Depending on where you live (UK GDPR, EU GDPR, California CCPA/CPRA, and similar laws) you may have the right to access, correct, delete, restrict, or port your personal data, and to object to processing or withdraw consent. We do not sell personal information. Email hello@palletscout.app and we will action verifiable requests within 30 days. You can also complain to your local supervisory authority — in the UK that is the Information Commissioner's Office (ico.org.uk).
Children
PalletScout is a business-to-business tool aimed at adult resellers. It is not directed to anyone under 16, and we do not knowingly collect personal information from children. If you believe a child has submitted data to us, contact us and we will delete it.
Changes
If we change this policy materially, we'll bump the date above and, if you're on the waitlist, email you a heads-up.