Privacy, in plain English.

Who we are.

Scoutr is a consumer intelligence platform for DTC ecommerce stores. We scrape public reviews, forums, social and search signal across 15+ sources and turn it into a decision-ready report in about 15 minutes.

Scoutr is operated from Australia. This policy applies to the Scoutr website at scoutr.world, the Scoutr platform, and everything connected to them.

What we collect from you.

Two categories: things you give us directly, and things collected automatically when you use the site.

• Your name and email address (when you create an account, pay, or contact us)
• Your password — stored hashed, never in plain text, never seen by us
• The URL of the store you want Scoutr to analyse
• Any message you send us by email or through the contact form

Payment card details are handled entirely by Stripe. We never see them, store them, or process them — Stripe sends us only the confirmation that a charge succeeded.

• IP address, browser type, device, and operating system
• Pages you visit on the site and the actions you take
• Referring site (where you came from)
• Cookie identifiers for analytics and advertising — see cookies and advertising & analytics below for details

Why we need it.

Personal information is used for the following purposes:

• To run your account — log you in, deliver the reports you've paid for, keep your dashboard working
• To send you the reports and intelligence briefings you're subscribed to
• To respond when you email us with a question or problem
• To improve the product — which pages people find confusing, which flows drop off, what's working
• To measure the effectiveness of our advertising — so we know which ads bring in customers and which don't
• To detect fraud, abuse, or security incidents
• To comply with legal obligations we're subject to

The public data Scoutr reads.

The core of what Scoutr does is read publicly-available consumer content — reviews on Amazon and Trustpilot, discussions on Reddit, comments on YouTube and Instagram, search trend data from Google, competitor product pages, and a handful of other open public sources.

This scraped content is about brands and categories, not about you as a Scoutr user. It's material the people who wrote it made publicly visible to the world. Scoutr doesn't access private messages, closed communities, authenticated content, or anything behind a login wall.

The scraped data and your account data are entirely separate. This policy governs your account data; the scraped data is governed by the terms of the platforms it came from.

When you connect a third-party account.

Scoutr lets you connect accounts you own on third-party platforms (for example, your TikTok, Instagram, Facebook, Shopify store, Klaviyo, or Mailchimp account) so we can read your own brand-level data and improve the intelligence we generate for you. You start each connection. You can revoke it any time.

• You click Connect next to the platform in your Scoutr settings
• You're redirected to the platform's official login (OAuth) — you sign in directly with them, never with us
• The platform shows you exactly what permissions Scoutr is asking for, and you approve or deny
• If you approve, the platform sends Scoutr a token that lets us call their API on your behalf, scoped to only what you authorised
• We never see your platform password

Scoutr requests the minimum data needed to produce useful intelligence. We don't request advertising, billing, or messaging permissions. Specifically:

• TikTok — basic profile info (handle, display name, avatar), follower and engagement counts, and your published videos with their captions and metadata. Read-only.
• Meta (Instagram & Facebook) — your business account profile, your published posts and Reels, captions, comments on your own posts, and basic engagement metrics on your own content. Read-only.
• Shopify — your store profile, product catalogue, and aggregated order analytics. No individual customer PII or order line items beyond what we need to understand sales trends.
• Klaviyo — your account profile (account ID, organisation name) and the ability to create draft email campaigns in your account. We do not download or read your subscriber lists, profiles, segments, or campaign performance metrics. Scopes requested: accounts:read campaigns:write.
• Mailchimp — your account profile (account ID, data centre prefix) and the ability to create draft campaigns in your Mailchimp account. We do not download or read your audiences, subscribers, or campaign performance metrics.
• Google Ads — your Google Ads accessible customer IDs and account metadata, your campaigns, ad groups, ads, keywords, search terms reports, auction insights, and aggregated performance metrics (impressions, clicks, cost, conversions). When you ask Scoutr to publish, we create paused, zero-budget campaigns that you must activate inside Google Ads yourself before any spend happens. Scoutr never spends your budget without your explicit activation. Scope requested: https://www.googleapis.com/auth/adwords. We do not access any other Google product (Gmail, Drive, Calendar, etc).

Connected-platform data is used exclusively to generate intelligence for your Scoutr account — understanding your brand voice, identifying what content has worked, and drafting marketing copy in your style. Specifically, we do not:

• Use it to train AI models for other customers or for any general-purpose use
• Combine it with other customers' data
• Sell it, rent it, or share it with anyone except the sub-processors named below
• Post anything to the platform on your behalf without an explicit, separately-confirmed action from you

Connected-platform data is processed through the same sub-processors listed in Section 06: Amazon Web Services (storage), and Anthropic (synthesis — brand-level content only, never login credentials or tokens).

Connected-platform data is retained for as long as the connection is active and for 30 days after you disconnect, after which it is deleted along with the associated OAuth tokens. You can request immediate deletion at any time.

You can disconnect a platform at any time from your Scoutr Settings › Integrations page. You can also revoke Scoutr's access directly from the platform itself — for example, in your TikTok settings, your Meta Business Suite, your Shopify admin, your Klaviyo account, or your Mailchimp account. Doing either one will stop further data flow immediately. Within 30 days of disconnection we delete all data we received from that platform along with the access token.

The full list of API endpoints Scoutr calls, with the scopes each requires, is documented on our data handling page. We've published this so reviewers and security-conscious customers can see exactly what we do and don't access.

When you connect a third-party account, Scoutr processes the data we receive in accordance with that platform's developer terms and our agreement with them — including the TikTok Developer Terms of Service, the Meta Platform Terms, the Shopify Partner Program Agreement and mandatory compliance webhooks, the Klaviyo Developer Terms, and the Mailchimp API Terms of Use. If any of those terms require us to delete data, revoke access, or notify you, we will.

Who we share with.

We don't sell, rent, or trade your personal information. Specific data is shared with specific service providers who need it to do their job for us:

We'll also share information where we're legally required to — court order, law enforcement request, or similar. If Scoutr is acquired by another company in the future, your data may transfer as part of that deal; you'd be notified before anything changed.

Advertising & analytics.

Scoutr runs paid advertising on Meta (Facebook and Instagram) and uses Google Analytics to understand how people use the site. Both of these set cookies and send data to their respective platforms.

We use the Meta Pixel on our site. It sends event data to Meta (page views, pricing page views, checkout starts, purchases) so we can measure which ads bring in actual customers and optimise our campaigns.

We have Automatic Advanced Matching enabled. This means when you're logged into Scoutr, certain customer information (your email address, name, and similar) is hashed with SHA-256 in your browser before it's sent, and the hash is shared with Meta so they can match the event to a Meta user. The raw data never leaves your browser unencrypted — Meta only ever sees a one-way hash.

We also use the Meta Conversions API, which sends purchase events from our server directly to Meta (to improve attribution accuracy given browser-level privacy controls). The same hashing applies.

We use GA4 to understand site usage — which pages people visit, where they come from, what they click. GA4 uses anonymised identifiers and IP truncation. We don't combine it with personal account data.

You can opt out of Meta advertising in your Meta ad preferences, and of GA4 via browser settings, the Google Analytics opt-out add-on, or "Do Not Track" browser signals which we respect for analytics.

Cookies.

Scoutr uses cookies for three reasons:

• Essential cookies — log you into your account, keep you logged in, protect against CSRF attacks. Required for the site to work.
• Analytics cookies — set by Google Analytics (_ga, _ga_*) so we can understand site usage anonymously.
• Advertising cookies — set by the Meta Pixel (_fbp, _fbc) so we can measure ad effectiveness.

You can clear or block cookies through your browser settings. Blocking essential cookies will prevent you from using your Scoutr account.

How long we keep it.

Your account data is kept while your account is active. If you close your account, we delete your personal information within 30 days, except where we're legally required to keep it longer (for tax, accounting, or fraud-prevention purposes — receipts generally need to be held for 5 years under Australian tax law).

Report data depends on what you purchased:

• $97 Report — your generated report is retained for 12 months from delivery date, or until you request deletion
• Intelligence subscription — 12 months of historical intelligence is retained while your subscription is active, and for 30 days after cancellation so you can export if you want to

You can request earlier deletion at any time — see your rights.

How we protect it.

We take security seriously and use standard practices including:

• TLS encryption for all data in transit
• Encryption at rest for stored account data and reports
• Passwords hashed with bcrypt (never stored in plain text)
• PCI-compliant payment processing via Stripe — we never see card details
• Limited internal access — only the people who need access to run the service have it

No internet service is perfectly secure. If you believe your account has been compromised, email hello@scoutr.world straight away and we'll act on it.

What you can ask us to do.

Depending on where you live, you have some or all of the following rights over your personal data:

• Access — get a copy of the personal data we hold about you
• Correction — fix data that's wrong or incomplete
• Deletion — ask us to delete your data
• Portability — get your data in a machine-readable format
• Objection — object to processing based on our legitimate interests
• Restriction — ask us to limit how we process your data in certain cases

To exercise any of these, email hello@scoutr.world. We'll respond within 30 days. We don't charge for it.

If you're in Australia and think we've mishandled your data, you can also complain to the Office of the Australian Information Commissioner. EU/UK users can complain to their national data protection authority.

Children.

Scoutr is a tool for businesses. It's not designed or intended for anyone under 16. We don't knowingly collect data from children. If you believe a child's data has ended up with us, email hello@scoutr.world and we'll delete it.

International users.

Scoutr is operated from Australia. If you're using Scoutr from the EU, UK, US, or elsewhere, your personal data will be transferred to and processed in Australia and in the United States (where some of our service providers are based, including AWS, Stripe, Meta, Google, and Anthropic).

Australia is recognised under GDPR Article 45 via the "adequate protection" standard for certain transfers, and our US-based processors operate under Standard Contractual Clauses or equivalent transfer mechanisms where required.

Changes to this policy.

We'll update this policy when something material changes — a new service provider, a new data practice, a legal change we need to reflect. When that happens, we'll update the "Last updated" date at the top and, for changes that affect you meaningfully, we'll email you at least 14 days before they take effect.

Continuing to use Scoutr after a policy update means you accept the updated policy. If you don't, you can close your account and we'll delete your data per Section 8.

Questions? Ask.

If something here is unclear, you want to exercise a right, or you've got a privacy concern, write to us. A real human reads it.