Privacy Policy
Tautvydas Bagocius, trading as Neuroon ("Neuroon", "we", "us", "our") — a company incorporated in Spain — operates the ShopSmart browser extension. This Privacy Policy explains what information we collect, how we use it, how we share it, and the choices you have about it.
At a glance:
- We do not sell your personal data.
- We do not track your general browsing history.
- We do not read pages outside of product pages you visit.
- Price comparison runs inside your browser — data stays on your device.
- We use affiliate links (Skimlinks) to monetize clicks you initiate. This never affects the price you pay.
- If you sign in, we process your email to provide your account.
1. Who we are
Data controller: Tautvydas Bagocius, trading as Neuroon
Privacy contact: privacy@neuroon.ai
EU supervisory authority: Agencia Española de Protección de Datos (AEPD) — aepd.es
2. Information collected locally on your device
When you visit a product page, the ShopSmart content script detects:
- Product name, price, currency, image URL
- Brand, category, SKU (if available)
- Store domain and page URL
This information stays on your device and is used to:
- Query a trust score for the store (we send the domain only — public information)
- Fetch alternative offers via affiliate network APIs (we send product name and currency)
- Optionally fetch AI purchase advice (premium only — we send product name, price, currency)
3. Information we receive on our backend
- Trust score: store domain only (public data)
- Price comparison: product name and currency. No URL, no personal identifiers
- AI advice (premium): product name, price, currency
- Click tracking: when you click an alternative in our sidepanel, we record the store name, prices, and affiliate referral link for commission attribution
- Anonymous telemetry: success rates and latencies of our price engine. No personal identifiers, no URLs, no product names
4. Account and subscription
If you sign in with Google, we receive your email, Google sub-identifier, name, and profile picture. We use this only to identify your account. Payments are processed by Stripe — we never see or store your payment card details. See Stripe's privacy policy.
5. Affiliate partners
When you click an alternative offer in ShopSmart, you are redirected through an affiliate network (primarily Skimlinks) to the merchant. The affiliate network sets tracking cookies on the merchant's domain. You can opt out by disabling affiliate monetization in ShopSmart's settings. See Skimlinks' privacy policy.
6. What we do NOT collect
- We do not read pages that are not product pages
- We do not track your browsing history
- We do not collect keystrokes, clicks, or mouse movements outside our UI
- We do not sell, rent, or trade personal data for marketing
- We do not inject advertising into pages you visit
- We do not override affiliate cookies set by other publishers
7. Legal basis (GDPR)
- Trust score: legitimate interest (core service, no personal data)
- Price comparison: legitimate interest (non-identifying product data)
- AI advice: contract performance (subscription)
- Click tracking: legitimate interest (commission attribution)
- Account: contract performance
- Telemetry: legitimate interest (service quality)
8. Data retention
- Product queries: cached up to 7 days
- Click tracking: 24 months
- Account data: active account + 30 days after deletion
- Payment data: as required by Spanish tax law (6 years)
- Telemetry: 90 days, then aggregated and anonymized
9. Who we share data with
- Stripe — payment processing
- Hetzner — hosting infrastructure (EU)
- Google Cloud — AI services (Gemini API, premium features)
- Skimlinks — affiliate link monetization
- Legal authorities if required by valid legal process
10. International transfers
Primary infrastructure is hosted in the EU (Hetzner, Germany/Finland). Some providers may process data outside the EEA under Standard Contractual Clauses or adequacy decisions (Stripe: US; Google Cloud: US; Skimlinks: UK).
11. Your rights
If you are in the EEA, UK, Switzerland, or California, you can: access, correct, delete, export your data; object to processing; restrict processing; withdraw consent. Email privacy@neuroon.ai — we respond within 30 days.
12. Children
ShopSmart is not directed to children under 16. We do not knowingly collect personal data from children under 16.
13. Security
TLS 1.2+ in transit, AES-256 at rest, multi-factor authentication for backend access, least-privilege principle, 24/7 monitoring. No system is 100% secure.
14. Changes to this policy
We may update this policy. Material changes will be notified via the extension UI. Continued use constitutes acceptance.
15. Contact
Privacy: privacy@neuroon.ai
Support: support@neuroon.ai