Privacy policy

Last updated: 2026-05-03

BuyOrSwipe collects clicks, IP-derived hashes, Telegram identifiers, and (in a future release) email addresses. This places the site within scope of GDPR, UK GDPR, and CCPA depending on your location.

Important: SHA-256 hashing of an IP with a static salt does not anonymize that IP under EU regulator guidance (EDPB Opinion 5/2014, recently reaffirmed). We treat hashed IPs as personal data and protect them accordingly.

Data we collect

When you click an outbound affiliate link from a comparison page, we record: the page id, the source (e.g. web, telegram_channel), any UTM parameters present in the URL, your User Agent string, the HTTP referrer, a SHA-256 hash of your IP address salted with IP_HASH_SALT, and a timestamp. When you interact with our Telegram bot or channel we record your Telegram user id and your subscription state. We do not collect precise location data and we do not run device fingerprinting.

Why we collect it

We use click data to verify which comparisons drive engagement, to detect abuse (e.g. bot-driven clicks that would inflate affiliate metrics), and to compute affiliate revenue attribution. We use Telegram identifiers to deliver the channel/bot service you opted into and to honour /stop requests. The legal basis is legitimate interest for click attribution (affiliate revenue tracking) and consent for any non-essential storage on EU/UK visitors.

Retention

Rows in the clicks table are auto-deleted after 13 months by a daily retention cron (/api/cron/retention). When you run /stop in our Telegram bot, we mark your subscription is_active = false immediately and keep the row for 30 days for audit purposes; the same retention cron then hard-deletes it. Email addresses (when introduced) will be subject to suppression-list and unsubscribe-link controls described below.

Cookie policy

Visitors detected as being inside the EU, the EEA, or the UK (geo-detected server-side from the Vercel x-vercel-ip-country request header — 31 countries total) see a non-blocking consent banner at the bottom of the page on their first visit. The banner has two buttons of identical size, padding, and font weight — Accept and Reject — and only their colors differ. We treat Accept and Reject as equal-weight choices, in line with EDPB and CNIL guidance against pre-checked or visually weighted defaults. Visitors outside those 31 countries do not see the banner and do not receive its JavaScript bundle at all.

When a visitor clicks Accept or Reject we write a single first-party cookie named consent_v1 with the value accepted or rejected. The cookie is scoped to this site only (no Domain attribute, so it never leaves the apex), uses SameSite=Lax and Secure, and has a maximum lifetime of 365 days when accepted or 180 days when rejected. The shorter rejected lifetime follows the UK ICO guidance to re-prompt opted-out visitors no more than every six months so the choice is not made permanent without re-affirmation.

Click-attribution writes happen server-side when you click an outbound affiliate link, and three personal-data fields in that row — the SHA-256 hash of your IP address, your User Agent string, and your HTTP referrer — are gated by the same consent rule. For EU/UK visitors we write all three only when consent_v1=accepted is present; before consent, or when consent_v1=rejected, all three fields are stored as NULL. For visitors outside the EU/UK 31-country set we write all three on a legitimate-interest basis (affiliate revenue tracking and abuse detection), and we still document it here for transparency.

We do not set any other non-essential cookies. We do not run analytics cookies, advertising cookies, social-media cookies, or device fingerprinting of any kind. The non-cookie row in the clicks table — page id, traffic source, UTM parameters, and the click timestamp — is written for every visitor regardless of consent state because it carries no visitor-identifying data on its own.

Your rights

Depending on where you live, you may have the right to access, correct, port, or delete the personal data we hold about you, and to object to or restrict our processing. To exercise any of these rights, email us at webmaster@buyorswipe.com (this is the canonical contact for all data-subject requests; please include the word "privacy" in the subject line so it routes to the right queue). You can also reach us via our About page. We will respond within 30 days. A full self-service data-subject-access portal is on our v2 roadmap; v1 handles requests by email.

Email capture (future feature)

When we introduce email capture in a future release, we will use double opt-in, an unsubscribe link in every message, and a maintained suppression list for users who have opted out.

Contact for data requests

For data requests or any privacy-related question, email webmaster@buyorswipe.com. This address is monitored by the operator and is the primary path for GDPR, UK GDPR, and CCPA requests; our About page lists the same address as a secondary reference.