Privacy Policy

Effective Date: February 19, 2026

Carrot Cart Inc. D/B/A Dupe.com ("Dupe.com," "we," "us," or "our") provides a suite of online services, including a website, web application, mobile application, and a Google Chrome extension, collectively referred to as the "Services." These Services enable you to shop, save items from various online retailers to your carts, and engage with brand influencers.

This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information in connection with our Services. It also describes the rights and choices available to you regarding your information.

1. Information We Collect

We collect personal information that you provide directly to us, as well as information automatically collected when you interact with our Services.

a. Information You Provide to Us

• Account Information: When you create an account, we collect your first and last name, email address, and phone number.
• Shopping and Cart Information: We collect data related to the store websites you visit, products you add to your cart on those websites, and products you choose to bookmark.
• Interests and Preferences: Information about your shopping preferences and the influencers you choose to follow.
• Communications: Records of our correspondence with you, including inquiries and feedback.
• Marketing Data: Your preferences for receiving marketing communications and your engagement with those communications.

b. Information Collected Automatically

• Device Data: Information about the device you use to access our Services, such as operating system type and version, manufacturer and model, browser type, screen resolution, IP address, unique identifiers, language settings, and general location information (e.g., city or state).
• Online Activity Data: Details of your interactions with our Services, including pages or screens viewed, time spent on a page or screen, navigation paths, access times, and engagement with our emails.
• AI-Processed Data: When you use our search and deal-finding features, your search queries and conversation history are sent to third-party AI services for processing. These queries may include product descriptions, URLs, and image URLs you provide during your search session. We do not include your name, email address, or other personal identifiers in these requests.

2. Use of Personal Information

We use your personal information for the following purposes:

• Service Delivery: To provide, operate, and improve our Services; process payments and complete transactions; personalize your experience; communicate with you about our Services; and provide customer support.
• Research and Development: To develop new features, products, and services; and to create aggregated or anonymized data for analytical purposes.
• Direct Marketing: To send you promotional communications about special offers and new products or services. You can choose to opt out of these communications.
• Compliance and Protection: To comply with legal obligations; protect our rights, privacy, safety, or property, and that of others; enforce our terms and conditions; and prevent fraudulent or illegal activities.

3. Sharing of Personal Information

We may share your personal information with:

• Service Providers: Third-party vendors who perform services on our behalf, such as payment processing, data analysis, email delivery, hosting services, and customer service.
• Business Partners: Trusted partners with whom we collaborate to offer services, such as brand influencers and retailers.
• AI Service Providers: We use third-party artificial intelligence services to power our deal-finding and product search features. Specifically:
  • OpenAI: Receives your search queries and conversation history to generate structured product searches and match results. We have configured our integration so that OpenAI does not store or retain your data for model training (via their "store: false" parameter). No personal identifiers are included in these requests.
  • OpenRouter: May be used as an alternative AI routing service for the same purpose described above.
• Analytics and Infrastructure Providers: We use the following third-party services to operate, monitor, and improve our Services:
  • PostHog: Receives anonymous usage analytics and a temporary, non-identifiable user ID for product analytics purposes.
  • Datadog: Receives anonymized user identifiers for application performance monitoring and error tracking.
  • Sentry: Receives error and crash data for debugging purposes. Personally identifiable information is stripped before transmission.
  • Inngest: Receives chat messages and user identifiers for server-side background task processing.
  • IPinfo / GeoJS: Receives your IP address to determine your approximate geographic location (e.g., country) for service customization purposes.
• Legal Authorities: When required by law or to protect the rights and safety of Dupe, our users, or others.
• Corporate Transactions: In connection with a merger, sale, or acquisition of all or a portion of our company.

3a. Data Protection by Third Parties

We require that all third-party service providers who receive user data maintain security practices and data protection standards that are equivalent to or exceed our own. Our agreements with these providers include obligations regarding the confidentiality and security of your data, restrictions on how they may use your data, and requirements to delete data when it is no longer needed for the purposes for which it was shared.

For AI service providers specifically, we have configured our integrations to minimize data exposure. User search queries are processed via the OpenAI API and are not used for model training. Query data may be temporarily retained by OpenAI for up to 30 days for abuse monitoring purposes.

4. Your Rights and Choices

• Account Information: You may update or correct your account information by logging into your account settings.
• Marketing Communications: You can opt out of receiving promotional emails by following the unsubscribe instructions in those emails or by contacting us directly.
• Cookies and Tracking Technologies: Most web browsers are set to accept cookies by default. You can adjust your browser settings to remove or reject cookies, but this may affect the functionality of our Services.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, use, or disclosure. However, no method of transmission over the internet or electronic storage is completely secure.

6. International Data Transfers

Your information may be transferred to, and maintained on, computers located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ.

7. Children's Privacy

Our Services are not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected such information, we will take steps to delete it.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by revising the "Effective Date" at the top of this policy and, where appropriate, may provide additional notice (e.g., sending an email notification or providing a statement on our website).

9. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Carrot Cart Inc. D/B/A Dupe.com
1270 Ave of the Americas, 7th Fl 1013 (At Rockefeller Center)
New York, NY 10020, United States
legal@dupe.com