BoughtList

Privacy policy

Written in plain language, on purpose. If anything here is unclear, tell us and we'll fix the wording.

What we store

Your email address, your purchases (date, brand, kind, store, price, warranty, notes), your custom categories and any files you attach (photos, invoices). Nothing else.

Where we store it

In Frankfurt, Germany, on Supabase (Postgres and object storage), which runs on AWS. This is an infrastructure fact — not a claim about compliance or a selling point.

Who we work with

Supabase — database, authentication and file storage. Resend — transactional email (account confirmations, warranty reminders you opt in to). Open- and click-tracking is turned off. Stripe — payments (only on our /billing pages). We never see your card details.

What we never do

No AI on your data. No trackers, ads or pixels. No newsletters. No selling or sharing your data. No log-in with Google, Apple, Facebook or Microsoft. No IP addresses in logs.

Your controls

Export everything (JSON, CSV, all attachments) in one click, on any plan. Delete your account and every file, permanently, from the account page. No forms to fill in, no reason required.

Cookies

None. The app uses essential session storage in your browser to keep you signed in. Marketing pages set nothing at all.

Contact

Questions or requests? Email support@boughtlist.com.