Privacy Policy

1. Introduction & Scope

Shop Genius ("we", "us", "our") operates shopgenius.app, a free price comparison platform that helps shoppers in Southeast Asia find the best deals across Lazada, Shopee, AliExpress, and other e-commerce platforms.

This Privacy Policy applies to all personal information collected through our website, including account registration, product search, community features, newsletter subscription, and any other interactions with our services.

This policy was last updated in February 2026. We encourage you to review it periodically to stay informed about how we protect your data.

2. Information We Collect

2.1 Information You Provide

When you create an account or interact with our services, we may collect the following:

• Account Data: Name, email address, and password (securely hashed using bcrypt — we never store passwords in plaintext)
• Profile Preferences: Language, country, currency, and avatar image (optional)
• Social Login: If you sign in with Google, we receive your email address, name, Google ID, and profile picture from Google OAuth
• Contact Form: Name, email address, subject, and message when you reach out to us
• Community Tips: Author name, tip content, product or store URLs, and images you share in our community section
• Site Feedback: Your rating (1–5 stars) and optional comments submitted through our feedback feature
• Newsletter: Email address, provided only through explicit opt-in

2.2 Automatically Collected Information

When you visit or use Shop Genius, we automatically collect:

• Device & Browser: Device type, operating system, browser type, screen size, and IP address
• Usage Data: Pages viewed, search queries, products clicked, and session duration
• Location: Country detected from your IP address (via CloudFlare headers) — we do not collect precise GPS location
• Referral Data: How you found us (search engine, direct link, social media, or other referral source)

2.3 Image Uploads

When you use our visual product search feature:

• Images are temporarily processed and sent to an AI service for product identification
• Images are deleted immediately after processing — they are never permanently stored
• Uploaded images are not used for any purpose other than performing your visual search

3. Legal Bases for Processing

Under the General Data Protection Regulation (GDPR) Article 6 and similar privacy laws, we process your personal data based on the following legal grounds:

3.1 Performance of a Contract

Processing necessary to provide you with our services:

• Account creation and management
• Product search, comparison, and price tracking
• Saving favorites and personalized recommendations
• Responding to your support requests

3.2 Consent

Processing based on your explicit opt-in consent:

• Newsletter subscription and marketing emails
• Analytics cookies (Google Analytics)
• Social login via Google OAuth

You may withdraw consent at any time (see Section 8: Your Rights).

3.3 Legitimate Interest

Processing necessary for our legitimate business interests, balanced against your rights:

• Internal analytics and service improvement
• Security monitoring, fraud prevention, and abuse detection
• Optimizing search algorithms and product rankings

3.4 Legal Obligation

Processing required to comply with applicable laws:

• Responding to law enforcement or court orders
• Maintaining financial and tax records as required by regulation

4. How We Use Your Information

4.1 Core Service Delivery

• Searching and comparing products across Lazada, Shopee, AliExpress, and other platforms
• Tracking prices and notifying you of deals on your favorite products
• Providing personalized product recommendations
• Displaying results in your preferred currency and language

4.2 AI-Powered Processing

• Google Gemini: Optimizes and refines your search queries for better results
• Cognee: Powers our knowledge graph for smarter product recommendations
• AI services process search queries and product data only — not your personal account information

4.3 Account Management

• Authenticating your identity and maintaining session security
• Storing your preferences (language, country, currency, theme)
• Processing password resets and account recovery

4.4 Analytics & Improvement

• Understanding usage patterns and feature popularity
• Improving search accuracy and product scoring algorithms
• Monitoring site performance and resolving technical issues

4.5 Communication

• Responding to support inquiries and contact form messages
• Sending service-related updates (e.g., account security notifications)
• Newsletter delivery — only if you have explicitly opted in

4.6 Security & Fraud Prevention

• Detecting and preventing brute force attacks and automated abuse
• Bot detection via Google reCAPTCHA v3
• Rate limiting and IP-based security measures

5. Cookies & Tracking Technologies

5.1 Essential Cookies (Always Active)

These cookies are necessary for Shop Genius to function and cannot be disabled:

Cookie	Purpose	Duration
sg_sid	Session ID — keeps you logged in and maintains your session	1 year
sg_rv	Returning visitor marker — recognizes repeat visits	2 years
CSRF token	Form security — protects against cross-site request forgery	Session

All essential cookies are set with HttpOnly, Secure, and SameSite=Lax flags for maximum security.

5.2 Preference Storage (localStorage)

• shopGeniusTheme — Stores your dark/light mode preference locally in your browser

5.3 Analytics

• Google Analytics: We use Google Analytics (ID: G-3KT8D1HP38) via gtag.js to understand site usage in aggregate
• Internal Analytics: We track page views and visitor sessions with bot-filtering to measure real usage patterns

5.4 Managing Cookies

You can control or delete cookies through your browser settings. Most browsers allow you to:

• View and delete existing cookies
• Block third-party cookies
• Block cookies from specific sites
• Block all cookies

Please note that disabling essential cookies may prevent some features from working correctly, including login and session management.

6. Third-Party Services & Data Sharing

6.1 Service Providers

Service	Data Shared	Purpose
Google Gemini API	Search queries, product images	AI-powered search optimization
Cognee	Product data, interaction patterns	Knowledge graph & recommendations
Google Analytics	Usage data (anonymized)	Site analytics & performance
Google reCAPTCHA v3	Behavioral signals	Bot & abuse detection
MailerLite	Email address, name	Newsletter delivery
Google OAuth	Email, name, profile picture	Social login authentication

6.2 E-Commerce Platforms (Affiliate Links)

When you click a "Buy Now" or product link, you are redirected to the retailer (Lazada, Shopee, or AliExpress) through an affiliate link. Here is how this works:

• These platforms collect their own data under their respective privacy policies
• We earn commissions on qualifying purchases — this is how we fund Shop Genius as a free service
• We record click data (product, platform, timestamp, and country) for analytics purposes
• We do not share your personal account information with these platforms

6.3 Legal & Governmental Disclosure

We may disclose your information when required by law, court order, or governmental regulation, or when necessary to:

• Comply with legal obligations
• Protect our rights, property, or safety
• Prevent fraud, abuse, or security threats
• Protect the safety of our users or the public

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred to the new owner. We will notify you of any such change and any choices you may have regarding your data.

7. Data Retention

We retain your data only as long as necessary for the purposes described in this policy. Below are our specific retention periods:

Data Type	Retention Period
Active user accounts	While account is active
Deleted account data	30–90 days (backup window)
Search history	14 days
Visitor sessions & page views	24 months
Security events & logs	12 months
Password reset tokens	1 hour
Contact messages	12 months
Affiliate & commission data	As required by financial regulations
Newsletter subscribers	Until unsubscribed
Community tips	While the product or store is listed

When data reaches its retention limit, it is securely deleted or anonymized so it can no longer be associated with you.

8. Your Rights

Depending on your location and applicable privacy laws (including GDPR, PDPA, and other regional frameworks), you have the following rights over your personal data:

8.1 Right of Access

You can request a copy of all personal data we hold about you by contacting us at shopgenius.app@gmail.com.

8.2 Right to Correction

You can update your profile information — including name, email, language, country, and currency — directly from your account settings at any time.

8.3 Right to Deletion

You can request the deletion of your account and all associated data. Email shopgenius.app@gmail.com and we will process your request within 48 hours.

8.4 Right to Data Portability

You can request an export of your favorites and search history in a machine-readable format.

8.5 Right to Opt-Out

• Unsubscribe from newsletters using the link included in every email
• Disable analytics cookies via your browser settings

8.6 Right to Object

You may object to processing based on legitimate interest. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.

8.7 Right to Withdraw Consent

Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing performed before the withdrawal.

To exercise any of these rights, contact us at shopgenius.app@gmail.com. We will respond within 48 hours.

9. Data Security

We implement robust technical and organizational measures to protect your personal data:

• Password Protection: All passwords are hashed using bcrypt — they are never stored or transmitted in plaintext
• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS, with HSTS enforced
• Security Headers: Content Security Policy (CSP) headers prevent cross-site scripting and content injection attacks
• Access Controls: Role-based access control ensures only authorized personnel can access personal data
• Brute Force Protection: Automated detection and blocking of brute force login attempts with IP-based rate limiting
• Circuit Breaker: Automatic failsafe that protects the system when external services experience issues
• Safe Serialization: JSON-only cache serialization prevents PHP object injection vulnerabilities
• Backups: Encrypted daily database backups with 14-day retention
• Monitoring: Security event logging and anomaly detection for proactive threat identification

10. Children's Privacy

Shop Genius is not intended for users under 13 years of age. We do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at shopgenius.app@gmail.com. We will promptly delete any such data from our systems.

11. International Data Transfers

Shop Genius primarily serves Southeast Asia, including Thailand, Indonesia, Malaysia, the Philippines, Singapore, and Vietnam.

Your data may be processed on servers located outside your country of residence. Additionally, some of our third-party service providers (such as Google and MailerLite) may process data in the United States or European Union.

Where data is transferred internationally, we ensure appropriate safeguards are in place, including contractual protections and compliance with applicable data transfer frameworks.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or best practices.

• Material Changes: We will provide at least 30 days advance notice via email or a prominent notice on our website before significant changes take effect
• Non-Material Changes: Minor updates (clarifications, formatting) take effect immediately upon posting

Changes will always be posted on this page with an updated "Last Updated" date. We encourage you to review this page periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, we are here to help: