Privacy Policy

Last updated: April 18, 2026

About this policy This policy explains what information CartLens collects when you use our service, how we use it, who we share it with, and the choices you have. If you have questions after reading it, please reach out through our contact form.

1. Who we are

CartLens ("we", "us", "our") is a tool that helps people categorize and analyze their own Amazon purchase history for budgeting, tax, and financial planning purposes. CartLens consists of a web application at cartlens.app and a Chrome browser extension. This privacy policy explains what information we collect, how we use it, and the choices you have.

2. Information we collect

We collect only what is needed to provide the service:

Account information — your name and email address, provided when you sign in with Google.
Amazon order data — when you run a scan, the CartLens extension reads your own Amazon order history from Amazon's website, using your own authenticated Amazon session. The data we receive includes product names, prices, dates, order numbers, shipping costs, taxes, and the Amazon product identifier (ASIN). We do not receive your Amazon login credentials, payment information, shipping addresses, or any other account details.
Categorization data — categories you assign to purchases, either manually or through CartLens's automated categorization feature.
Approximate location — when estimating sales tax, we use your approximate location (city and state) derived from your IP address. This is not used for any other purpose and is not stored in a way that tracks you over time.
Basic usage information — standard web logs such as browser type and timestamps, which help us diagnose problems and maintain the service.

3. How your Amazon data is accessed

CartLens does not scrape Amazon without your involvement. Here is how it works:

You install the CartLens extension and sign in to Amazon yourself, using your own Amazon account.
When you click "Scan" in the CartLens web app or extension, the extension reads your order history pages using your existing browser session — the same pages you could view yourself by visiting your Amazon orders page.
The extension extracts the specific order details listed above and sends them to your CartLens account.
You can stop or cancel a scan at any time from within the app.

CartLens is not affiliated with, endorsed by, or sponsored by Amazon. Amazon is a trademark of Amazon.com, Inc.

4. How we use your information

We use the information we collect to:

Provide the CartLens service — displaying your purchases, calculating spending summaries, generating tax reports, and supporting categorization.
Authenticate you and keep your account secure.
Improve the service — for example, making categorization more accurate or fixing bugs.
Communicate with you about the service, when necessary (for example, to notify you of important changes).

5. How your data is stored and protected

Your data is stored in Supabase, a cloud database platform. We use row-level security, which means your data is only accessible through your authenticated account. Data is encrypted in transit (HTTPS) and at rest.

The CartLens extension stores a short-lived session token in your browser's local storage so it can communicate with your account. This token is not shared with third parties.

6. Data sharing

We do not sell your personal data. We share your information only in the limited circumstances described below:

Service providers. We use third-party services to operate CartLens. These providers process data only as necessary to deliver the service and are bound by their own privacy terms:
- Supabase — database and authentication hosting (privacy policy)
- Vercel — web application hosting (privacy policy)
- Google — sign-in and authentication (privacy policy)
- Anthropic — AI-assisted purchase categorization (privacy policy)
Aggregated and de-identified data. We may share aggregated or de-identified information — for example, overall spending trends across all CartLens users — with partners for research, analytics, or product development. This type of data cannot reasonably be used to identify you.
Business transfers. If CartLens is acquired, merged with, or reorganized into another business, your information may be transferred as part of that transaction. If this happens, we will notify you and the new owner will be required to honor this privacy policy (or give you notice and an opportunity to choose before applying a new one).
Legal requirements. We may disclose information if required by law, court order, or valid government request, or to protect the rights, safety, or property of CartLens or others.

7. Your rights and choices

You have several choices about your data:

Access. You can view all of your stored data by signing in to your CartLens account.
Export. You can export your order data as a CSV file from within the app at any time.
Deletion. You can request permanent deletion of your account and all associated data by contacting us through our contact form. We will complete the deletion within 30 days.
Correction. You can correct or update your information within the app, or request corrections through the contact form.

8. Your California privacy rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you additional rights:

The right to know what personal information we collect, use, and share about you.
The right to request deletion of your personal information.
The right to correct inaccurate personal information.
The right to opt out of the sale or sharing of your personal information. CartLens does not sell personal information. If this ever changes, we will provide a "Do Not Sell or Share My Personal Information" option and notify you before any change takes effect.
The right to limit the use and disclosure of sensitive personal information.
The right not to be discriminated against for exercising these rights.

To exercise any of these rights, please use our contact form. We will verify your identity before processing your request. We will respond within 45 days.

9. Data retention

We retain your data for as long as your account is active. If you delete your account, we will remove your data within 30 days. Some information may be retained for longer periods if required by law or for legitimate business purposes such as fraud prevention or dispute resolution.

10. Children's privacy

CartLens is not directed at children under 13, and we do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

11. International users

CartLens is operated from the United States, and your information will be processed in the United States. If you are accessing CartLens from outside the U.S., please be aware that data protection laws in the U.S. may differ from those in your country.

12. Changes to this policy

We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, for significant changes, notify you through the app or by email before the changes take effect. Continued use of CartLens after a change takes effect means you accept the updated policy.

13. Contact

If you have questions about this privacy policy or how your data is handled, please reach out through our contact form. We will get back to you promptly.

CartLens is an independent product and is not affiliated with Amazon.com, Inc.