Privacy Policy

1. Who we are

DodoPicks ("DodoPicks," "we," "our," "us") operates the website at https://dodopicks.com.

To contact us about this policy or exercise your privacy rights: privacy@dodopicks.com.

2. What this policy covers

This policy describes how we collect, use, and share information when you use the DodoPicks website or API.

3. Information we collect

3.1 Information you provide

• Search queries and conversation answers. What you tell us you're shopping for and your answers to our clarifying questions.
• Saved items. Products you save to your list.
• Account information. When you sign in with a third-party provider (Google, Apple, or X), we receive your name and email address from that provider. We also store any optional preferred-retailer setting you set.
• Communications. Email, support requests, and feedback you send us.

3.2 Information collected automatically

• Technical information. IP address, browser type, device type, operating system, language preference.
• Usage information. Pages viewed, features used, click-throughs to retailers, session timestamps.
• Cookies and similar technologies. Session cookies needed for the product to function; persistent cookies for sign-in. See Section 9 for details.

3.3 Information from third parties

• OAuth providers. When you sign in via Google, Apple, or X, those providers send us your name and email address (and an opaque user identifier). Apple may forward a private relay email instead of your real address; that relay address is what we receive.
• LLM providers. When we use a large language model to generate a recommendation, we send your conversation to the model provider (currently Google, Anthropic, SambaNova, or Groq depending on availability). They process it under their own privacy terms.
• Image and product-data providers. When we search for product images or product listings, we send queries to providers such as SerpAPI, scrape.do, ScrapingBee, and Exa. We do not send your personal information — only product names and category terms.
• Affiliate networks. When you click a buy link, the affiliate network (for example, Amazon Associates) may receive standard tracking parameters to attribute the referral.

3.4 What we don't collect

• We don't collect government IDs.
• We don't collect health information.
• We don't knowingly collect information from children under 13.
• We don't collect payment information — purchases happen at the retailer, not here.

4. How we use information

• Provide the service: answer your questions, generate recommendations, deliver product images, route to retailers.
• Improve the service: build our internal knowledge graph, analyze which recommendations land, debug.
• Communicate: respond to support requests, send important service notices (rare; no marketing without opt-in).
• Security & legal: protect against abuse; comply with applicable law.

5. Legal basis (for users in the EU/UK)

We process your data under the following legal bases:

• Contract: to provide the service you've requested.
• Legitimate interests: to improve and secure the service.
• Consent: for any uses requiring it (e.g. marketing emails).
• Legal obligation: when we must comply with law.

6. Sharing of information

We share information only:

• With service providers acting on our behalf (LLM, hosting, analytics, scraping, error tracking, rate-limiting). Each is bound by contract to use the data only as we direct.
• With affiliate networks when you click a buy link (standard referral tracking).
• For legal reasons when required to comply with law, court order, or to protect rights and safety.
• In a business transfer (acquisition, merger), with notice to users.

We do not sell your personal information. We do not share for cross-context behavioral advertising.

7. Data retention

8. Your rights

Depending on your location, you may have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information.
• Delete your information.
• Object to or restrict certain processing.
• Portability — receive your information in a machine-readable format.
• Withdraw consent where processing is based on consent.
• Opt out of "sales" or "sharing" of personal information (we don't do this, but you can confirm).
• Non-discrimination for exercising your rights.

To exercise any right, email privacy@dodopicks.com. We'll respond within 30 days (or as required by applicable law).

If you're in the EU/UK and we don't resolve your concern, you can lodge a complaint with your local supervisory authority.

9. Cookies

We use cookies for:

• Strictly necessary — session management, sign-in state, security, CSRF protection. Always on.
• Analytics — to understand aggregate usage. Configurable in browser settings; we do not use cross-site tracking cookies.

We do not use advertising cookies.

10. Security

• All data is transmitted over TLS.
• Production data is encrypted at rest.
• Access to production data is limited to authorized personnel.
• We follow industry-standard practices including least-privilege access, multi-factor authentication for all admin accounts, and incident-response procedures.

No system is perfectly secure. If you believe your account has been compromised or you've identified a vulnerability, email security@dodopicks.com.

11. International transfers

We are based in the United States. If you are outside the US, your information will be transferred to and processed in the US.

12. Children

DodoPicks is not directed to children under 13 (or 16 where stricter laws apply). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

13. Changes to this policy

We may update this policy. Material changes will be announced at least 30 days in advance via email (for account holders) or a prominent notice on the site.

14. Contact

DodoPicks Email: privacy@dodopicks.com