BuyAnything
Sign In
VendorsGuidesHow It WorksAboutContact

Privacy Policy

Last updated: April 10, 2026

1. Information We Collect

Public surface (no account required): When you search without an account, we do not store your search queries. We log clickout events (which products you click through to buy) with anonymized data including: merchant domain, affiliate handler used, browser user-agent, and a hashed IP address. We do not associate this data with any personal identity.

Registered accounts: When you create an account, we collect your phone number (for authentication), and any information you provide in your procurement requests. Your search history and vendor interactions are stored to provide the workspace experience.

Optional inbox connections: If you connect Gmail or Outlook, we store connection status and provider-derived receipt or vendor activity signals so we can improve recommendations, purchase memory, and future automation. We do not expose your inbox contents directly to vendors.

2. How We Use Your Information

  • • To provide search results from retail APIs and our vendor network
  • • To facilitate introductions between you and vendors (when you request a quote)
  • • To track affiliate clickouts for revenue attribution (anonymized for non-logged-in users)
  • • To improve our search ranking and recommendation algorithms
  • • To communicate with you about your account and requests

3. Affiliate Links & Third-Party Services

Some links on BuyAnything are affiliate links. When you click through to a retailer (e.g., Amazon, eBay), the retailer may collect information about your visit according to their own privacy policy. We may earn a commission on qualifying purchases at no additional cost to you. See our Affiliate Disclosure for details.

4. Data Sharing

We do not sell your personal information. We share data only in these limited circumstances: with vendors you explicitly request an introduction to, with service providers necessary to operate the platform (hosting, email delivery), with PivotNorth-owned services that collectively deliver BuyAnything (see section 5), and when required by law.

5. PivotNorth Platform Services

BuyAnything is part of the PivotNorth platform. Several of our internal services process your data to power the features you see:

  • Event Hub — Routes shopping events (searches, clicks, purchases, endorsements) between our services so your history and recommendations stay consistent across the platform.
  • Serendipity Engine — Builds a relationship and recommendation graph from events you generate and from shared vendor knowledge across PivotNorth apps. Used to power recommendations and vendor discovery.
  • ConnectionFinder (ingestor service) — Handles any third-party account connections you authorize (such as Gmail or Outlook) and centralizes third-party data processing. Governed by its own privacy policy, which applies in addition to this one when you connect an account.

When you create a BuyAnything account, you may also be recognized by other PivotNorth-owned services you use in the future, so that your recommendation history is consistent. This cross-service recognition is limited to PivotNorth-owned services and does not share your data with external third parties outside the sub-processors listed in section 6.

6. Sub-Processors

We use the following third-party service providers to operate BuyAnything. Each processes data on our behalf under a data processing agreement:

  • Railway — Compute and hosting infrastructure. Data at rest is encrypted.
  • PostgreSQL hosting (Railway-managed) — Primary database. Encrypted at rest.
  • Stripe — Payment processing for completed purchases. Governed by Stripe's privacy policy.
  • Clerk — Authentication and user account management. Governed by Clerk's privacy policy.
  • Anthropic (Claude API) — Language model used for query understanding, result ranking, and recommendation logic. Anthropic does not train on our API traffic and discards prompt and completion data within 30 days. Governed by Anthropic's privacy policy.
  • Search and data providers — We query external search APIs (SerpAPI, Rainforest, ScaleSerp, SearchAPI, eBay Browse, Ticketmaster, Google Custom Search, and others depending on request type) to return relevant results. These providers see only the query text, not your account identity.

The complete current list of sub-processors is maintained in our internal compliance documentation and updated when vendors are added or removed. Material changes will be communicated before they take effect.

7. Cookies

We use a secure session cookie (platform_session) for authentication. We use the Skimlinks script for universal affiliate link conversion. No tracking cookies are used for non-logged-in users beyond what is necessary for affiliate attribution.

8. Vendor Privacy

Vendor contact information (email addresses, phone numbers) is never displayed on public pages. Only business name, description, and website URL are shown publicly. Contact is facilitated through our platform, not by exposing vendor PII.

9. Your Rights

You have the right to request a copy of the personal data we hold about you, request correction of inaccurate data, request deletion of your account and associated data, and request that we stop processing your data. To exercise any of these rights, email privacy@buyanything.ai. We respond to verified requests within 30 days.

If you are in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under GDPR, including the right to lodge a complaint with your local data protection authority. If you are in California, you have rights under the CCPA including the right to know what personal information we have collected and the right to request deletion.

10. Contact

For privacy questions, contact us at privacy@buyanything.ai.