Privacy Policy

This Privacy Policy describes how Jigged, Inc. ("Company," "we," "us," or "our") collects, uses, shares, and protects your personal information when you use the InStore Steals website, application, tools, and related services (the "Service").

By using the Service, you consent to the practices described in this policy.

1. Information We Collect

Information you provide directly:

Data	When	Purpose
Email address	Account creation	Authentication (magic sign-in links), account communications, service notices
Name	Account creation (optional)	Personalization, addressing you in communications
ZIP code	After sign-in	Determining your nearby stores and personalizing deal results
Discord account	Discord sign-in	Authentication, community access, DM alerts. We receive your Discord user ID and username via OAuth.

Information collected automatically:

Data	How	Purpose
IP address	Server logs	Rate limiting, abuse prevention, security
Session token	Cookie (sid)	Keeping you signed in
Search history	Stock Checker usage	Displaying your recent searches, improving the Service
Usage data	Server logs	Scan activity, page views, feature usage, to maintain and improve the Service

Payment information: We do not collect, store, or have access to your credit card number, bank account, or full payment details. All payment processing is handled by Stripe. We store only your Stripe customer ID and subscription status to manage your account.

2. How We Use Your Information

• Provide, operate, and maintain the Service.
• Authenticate your identity and manage your account.
• Personalize your experience (showing deals near your ZIP code).
• Process your subscription and manage billing through Stripe.
• Send transactional emails (sign-in links, billing confirmations, service notices).
• Send deal alerts via Discord DM, if enabled by you.
• Monitor and prevent abuse, fraud, and unauthorized access.
• Improve and develop new features.
• Enforce our Terms of Service.
• Comply with legal obligations.

We will never sell, rent, or trade your personal information to third parties for marketing purposes.

3. Aggregate & Anonymized Data

We may create aggregate or anonymized data from your personal information (data from which you cannot be individually identified). We may use and share such aggregate or anonymized data for any lawful purpose, including analytics, research, improving the Service, and business operations. Aggregate data is not subject to the restrictions in this policy because it does not identify you.

4. Cookies & Local Storage

We use a minimal number of cookies, strictly for functionality:

• sid: A secure, HTTP-only session cookie that keeps you signed in. Contains a random token, not personal data. Expires on sign-out or extended inactivity.
• adm: Administrative authentication cookie, used only by site administrators.
• Session storage: Brief browser-side cache of account status for performance. Never leaves your browser; cleared when you close the tab.

We do not use any third-party tracking cookies, analytics platforms (e.g., Google Analytics), advertising cookies, or fingerprinting technologies. We do not track you across other websites.

5. Do Not Track

Some browsers transmit "Do Not Track" (DNT) signals. Because we do not track users across third-party websites and do not use any third-party tracking technologies, we do not need to respond differently to DNT signals. Our privacy practices are the same regardless of your DNT setting.

6. Third-Party Services

We share limited data with the following third parties solely to operate the Service:

• Stripe (privacy policy), Payment processing. Stripe receives your payment information directly.
• Discord (privacy policy), Authentication and community. We receive your Discord user ID and username.
• Resend (privacy policy), Transactional email delivery.
• Railway (privacy policy), Infrastructure hosting and database services.

We do not share your information with any other third parties except as described in this policy.

7. Disclosure for Legal Reasons

We may disclose your information if we believe in good faith that disclosure is necessary to:

• Comply with a law, regulation, legal process, or governmental request.
• Enforce our Terms of Service or other agreements.
• Protect the rights, property, or safety of Jigged, Inc., our users, or the public.
• Detect, prevent, or address fraud, security, or technical issues.
• Respond to an emergency involving danger of death or serious physical injury.

We will make reasonable efforts to notify you of such disclosure unless prohibited by law or court order.

8. Business Transfers

If Jigged, Inc. is involved in a merger, acquisition, bankruptcy, reorganization, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.

9. Data Retention

• Account data (email, name, ZIP, Discord link), retained while your account is active.
• Search history, retained for the duration of your subscription.
• Server logs (IP addresses, request data), retained up to 90 days, then deleted.
• Billing records (Stripe customer ID, subscription status, payment events), retained as required for accounting and legal compliance.

Upon account deletion, we will delete your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes).

10. Data Security

• All data in transit is encrypted via HTTPS/TLS.
• Session cookies use httpOnly and secure flags.
• We use passwordless magic-link authentication, no passwords are stored.
• Database credentials are stored as environment variables with restricted access.
• Rate limiting is applied to all sensitive endpoints.

No method of transmission or storage is 100% secure. We take reasonable steps to protect your data, but we cannot guarantee absolute security.

11. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate or incomplete data.
• Delete your account and associated personal data.
• Export your data in a portable format.
• Opt out of non-essential communications.

To exercise any of these rights, email support@instoresteals.com. We will respond within 30 days.

California Residents (CCPA): You have the right to know what personal information we collect and how it is used, request deletion, and opt out of the sale of personal information. We do not sell your personal information. We will not discriminate against you for exercising these rights. Email us with the subject "CCPA Request."

12. Children's Privacy

The Service is not intended for anyone under 18. We do not knowingly collect information from anyone under 18. If we learn we have collected data from someone under 18, we will delete it promptly. Contact support@instoresteals.com if you believe a minor has provided us information.

13. Changes to This Policy

We may update this Privacy Policy at any time. We will update the "Last updated" date and make reasonable efforts to notify you of material changes. Continued use constitutes acceptance.

14. Contact

Jigged, Inc.
Email: support@instoresteals.com
Website: instoresteals.com