Privacy Policy

Last updated: February 22, 2026

1. Information We Collect

Account information: When you register, we collect your email address, name, and a securely hashed password.

Email data (via Google OAuth): When you connect your Gmail account, we request read-only access to your email. We search for and process only purchase receipt and order confirmation emails. We extract product names, prices, store names, and order dates from these emails.

Product data: Products you choose to track, including URLs, prices, and price history.

Usage data: Basic server logs including IP addresses, timestamps, and page requests for security and reliability purposes.

2. Google API Data Access

Matchbox requests the following Google OAuth scopes:

  • Gmail read-only (gmail.readonly) — to search for and read purchase receipt emails

We only access emails matching purchase receipt patterns (e.g., order confirmations from known retailers). We do not read personal correspondence, drafts, sent mail, or attachments unrelated to receipts.

After extracting structured receipt data (product name, price, store, date), the raw email content is not retained in our database.

3. How We Use Your Data

  • Identify products you've purchased and their prices
  • Track current prices of those products on retailer websites
  • Alert you when prices drop below your purchase price
  • Display your purchase history and price tracking dashboard
  • Improve the accuracy of receipt parsing and price matching

4. How We Store Your Data

Your data is stored in a secured PostgreSQL database hosted on Supabase with row-level security enabled. OAuth tokens are encrypted at rest. All data transmission uses HTTPS/TLS encryption.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. We may share data only:

  • With infrastructure providers (Supabase, Railway) necessary to operate the service
  • If required by law, regulation, or legal process
  • To protect the safety and security of our users and service

6. Data Deletion

You can disconnect your Gmail account at any time from the Dashboard, which revokes our access to your email data. To delete your account and all associated data, contact us at the email below. We will process deletion requests within 30 days.

7. Google API Services User Data Policy

Matchbox's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, we:

  • Only use Google user data for the purpose of providing price-drop tracking functionality
  • Do not transfer Google user data to third parties except as necessary to provide the service, comply with law, or as part of a merger/acquisition with prior notice
  • Do not use Google user data for advertising or to build advertising profiles
  • Allow users to revoke access at any time

8. Changes to This Policy

We may update this policy from time to time. We will notify users of material changes via email or an in-app notice. Continued use of the service after changes constitutes acceptance.

9. Contact

For questions about this Privacy Policy or to request data deletion, contact us at privacy@matchbox.dev.