The Short Version: We collect data to power your price intelligence experience. We never sell your personal information to third parties. We use industry-standard security. You have full control over your data.
R.E.A.L. SmartScan is operated by ThingkTangk Labs ("we," "us," or "our"). We are an AI-powered price comparison and commerce platform headquartered in the United States. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website and services.
Data Controller: ThingkTangk Labs is the data controller responsible for your personal information under applicable privacy laws.
| Purpose | Data Used | Legal Basis (GDPR) |
|---|---|---|
| Providing the Service and processing purchases | Account info, payment info, purchase history | Contractual necessity |
| Price intelligence and deal recommendations | Search queries, behavioral analytics, purchase history | Legitimate interests |
| Prime recommendations and personalization | Search history, saved products, price alert activity | Legitimate interests / Consent |
| Price alert notifications | Email address, alert preferences | Contractual necessity / Consent |
| Subscription management and billing | Account info, payment data, subscription status | Contractual necessity |
| Security and fraud prevention | Device data, IP address, behavioral patterns | Legitimate interests / Legal obligation |
| Platform analytics and improvement | Behavioral analytics, device data, error logs | Legitimate interests |
| Customer support | Account info, communications, purchase history | Contractual necessity |
| Legal compliance | All relevant data as required | Legal obligation |
We share your data only with service providers that help us operate the platform. All processors are bound by data processing agreements requiring them to protect your information:
| Provider | Purpose | Data Shared | Privacy Policy |
|---|---|---|---|
| Stripe, Inc. | Payment processing | Name, email, billing address, payment method | stripe.com/privacy |
| Supabase | Database & authentication | Account profiles, search events, purchase records, alert data | supabase.com/privacy |
| PostHog | Product analytics | Anonymized behavioral events, device info | posthog.com/privacy |
| Sentry | Error tracking | Error logs, browser/device info (no PII unless in stack trace) | sentry.io/privacy |
| Resend | Transactional email | Email address, notification content | resend.com/privacy |
| Akamai / Linode | Video & media storage (SmartCast) | Uploaded media files associated with SmartCast Pro account | linode.com/legal-privacy |
| SerpAPI | Price & product data | Search query strings (no account identifiers) | serpapi.com/privacy |
We do not sell, rent, or lease your personal information to any third party for their own marketing purposes.
| Cookie / Technology | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| ph_* | PostHog | Product analytics — tracks anonymous usage events to improve the product | Analytics | 1 year |
| sentry-* | Sentry | Error tracking — helps identify and fix bugs | Error tracking | Session |
| sb-* (Supabase auth) | Supabase | Authentication token — keeps you logged in | Strictly necessary | Session / Persistent |
| sessionStorage: cookies | SmartScan | Cookie consent preference | Functional | Session |
When you first visit our site, we display a cookie consent banner. You may accept or decline analytics cookies. Strictly necessary cookies (authentication) cannot be disabled without impacting core functionality. You can also manage cookies through your browser settings at any time.
We respect browser-level "Do Not Track" signals to the extent technically practicable. When we detect a DNT signal, we disable non-essential analytics tracking.
In addition to the service providers listed above, we may share your information in the following circumstances:
We do not share, sell, or rent your personal information to advertisers, data brokers, or any third parties for their own marketing or commercial purposes.
| Data Type | Retention Period | Reason |
|---|---|---|
| Search event logs | 90 days | Personalization and analytics |
| Price alert history | 90 days after alert expires or is deleted | Audit trail |
| Order records (SmartScan Direct) | 7 years | Legal and tax compliance |
| Subscription billing records | 7 years | Legal and tax compliance |
| Account profiles | Until deletion requested + 30-day grace period | Account recovery |
| SmartCast content | Until deleted by user or 30 days after account closure | Platform operations |
| Error and security logs | 30 days | Security and debugging |
| Analytics events | 12 months (anonymized after 90 days) | Product improvement |
We implement industry-standard technical and organizational measures to protect your personal information, including:
Despite these measures, no method of electronic transmission or storage is 100% secure. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable regulators as required by law.
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):
Request disclosure of the categories and specific pieces of personal information we have collected about you, our sources, purposes, and any third parties with whom we've shared it.
Request deletion of your personal information, subject to certain exceptions (e.g., legal obligations, security purposes).
Request correction of inaccurate personal information we maintain about you.
Opt out of the "sale" or "sharing" of your personal information. We do not sell your data — see Section 11.
Limit our use of sensitive personal information to permitted purposes.
Exercise your CCPA rights without facing discrimination in service quality or pricing.
To exercise your California rights, contact us at privacy@real-smartscan.com with the subject line "California Privacy Request." We will respond within 45 days.
If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR) and applicable national laws:
Request a copy of the personal data we hold about you and information about how we process it.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
Request that we restrict processing of your personal data under certain circumstances.
Receive your personal data in a structured, machine-readable format and transfer it to another controller.
Object to processing based on legitimate interests, including profiling for direct marketing.
For international data transfers, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards as required under GDPR Chapter V.
To exercise your GDPR rights, contact our Data Protection contact at privacy@real-smartscan.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.
We do not sell, rent, lease, or share your personal information with third parties for their own commercial purposes. This includes selling data to advertisers, data brokers, or any other third party that would use your information to target you with advertising on other platforms.
We share data with service providers (listed in Section 4) solely to operate our platform. These arrangements are not considered "sales" under CCPA/CPRA because data sharing is for our operational purposes only, under contracts that prohibit the service providers from using your data for their own commercial purposes.
Because we do not sell personal information, there is no opt-out mechanism required. If you have any concerns about how your data is used, please contact privacy@real-smartscan.com.
Our Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected information from a child under 13, please contact us immediately at privacy@real-smartscan.com and we will promptly delete such information.
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date at the top of this page and notify you by email or through a prominent notice in the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes your acceptance of the updated policy.
Privacy Contact:
R.E.A.L. SmartScan — ThingkTangk Labs
Email: privacy@real-smartscan.com
General Support: support@real-smartscan.com
Subject line for data requests: "Privacy Request — [Your Request Type]"
We will acknowledge receipt of your request within 5 business days and respond fully within the timeframes required by applicable law (45 days for CCPA, 30 days for GDPR).