Privacy Policy

Last updated: March 31, 2026

Offer.love ("we", "us") operates the offer.love website, data.offer.love API/MCP server, and the Offer.love browser extension. This policy describes how we collect, use, and protect your information.

Information We Collect

Account Data

• Email address: Collected when you create an API key or sign in via OAuth.
• API keys: Generated identifiers used to authenticate your requests.

Personal Offer Data (Browser Extension & MCP)

When you use the Offer.love browser extension or the "Search My Offers" MCP tool, we process the following data that you choose to sync:

• Credit card offer details: Merchant name, offer title, offer terms/details, bank name, expiration date, and merchant logo URL.
• Card identifiers: Last 5 digits of your card number and card art image URL. These are used to help you identify which card an offer belongs to.
• Personal offers are stored locally in your browser (IndexedDB) and optionally synced to our servers via Firebase. Only you can access your personal offers through authenticated API calls.

Public Offer Data

Public credit card offers are aggregated from user contributions with personal identifiers (card numbers, card images) removed before storage. Public data includes: offer ID, merchant name/slug, offer title, offer details and terms, bank name, merchant logo URL, date added, and expiration date.

Usage & Analytics Data

• API/MCP request logs: Tool called, authentication tier, request parameters, timestamp, IP address, and network provider (ASN). Used to monitor usage, enforce rate limits, and prevent abuse.
• Visitor analytics: Page views, referrer URLs, IP addresses, and browser information.

How We Use Your Information

• To provide and maintain the service, including returning your personal offers when you search via the MCP tool or website
• To enforce rate limits and prevent abuse
• To aggregate anonymized public offer data for all users
• To improve the service and fix bugs
• To communicate service updates if you provided an email

Data Sharing

We do not sell your personal information. We may share data with:

• Cloudflare: Our hosting, CDN, and database provider (Workers, D1, KV), which processes requests on our behalf.
• Google Firebase: Used for authentication and personal offer sync/storage.
• AI platforms (ChatGPT, Claude, etc.): When you use our MCP server through an AI assistant, your search queries and results (including personal offer data if authenticated) are transmitted to the AI platform you are using. Refer to the respective platform's privacy policy for how they handle this data.
• Law enforcement: If required by law.

Data Retention

• Personal offers: Stored until you delete them or they expire. Expired offers are automatically cleaned after 2 days.
• API usage logs: Retained for up to 12 months for analytics and abuse prevention.
• Visitor data: Retained for up to 90 days.
• OAuth tokens: Retained until revoked.

You can request deletion of your account and all associated data by contacting us.

User Controls

• You can delete your API key at any time from the /myoffers page.
• You can stop syncing personal offers by uninstalling the browser extension.
• You can request full data deletion by emailing hello@offer.love.

Cookies

We do not use tracking cookies. We may use essential cookies for authentication (OAuth) and functionality purposes only.

Contact

For privacy questions, contact us at hello@offer.love.