Navigation
Store Reviews AI Tools Blog Categories
Sign in Join Free
Sign in Join Free
Home Privacy Policy
Data & privacy

Privacy Policy

What data we collect, why we collect it, who we share it with, and every right you have over it — explained in plain English, not legal boilerplate.

GDPR compliant CCPA compliant Amazon Associates requirements met Updated May 2026
Overview & controller information
Who is responsible for your data and the scope of this policy.
01

This Privacy Policy applies to trustedbuyerreport.com and all services operated under the Trusted Buyer Report brand ("we", "us", "our"). It explains how we collect, use, share, and protect your personal information when you visit our site, use our AI tools, submit a review, subscribe to our newsletter, or contact us.

Data controller: Trusted Buyer Report  ·  Contact: privacy@trustedbuyerreport.com

Plain-English summary: We collect only what we need, we don't sell your personal data to third parties, you can request deletion at any time, and affiliate tracking only happens if you click a link and have accepted marketing cookies.
If you…We collect…Legal basis (GDPR)
Browse the siteIP address, browser type, pages visited, referrer URLLegitimate interest
Create an accountName, email, hashed password, account activityContract
Subscribe to newsletterEmail address, subscription date, open/click eventsConsent
Submit a reviewName/username, review text, rating, timestampConsent
Contact usName, email, message content, enquiry typeContract
Click an affiliate linkClick event, referral cookie (via affiliate network)Consent
Use AI toolsSearch query text, tool interaction logsLegitimate interest
Data we collect
Every category of personal information we collect, and exactly how we obtain it.
02
Automatically collected — all visitors
  • Log data: IP address, browser type and version, operating system, referring URL, pages visited, time spent, error logs. Retained for 90 days. Used for security, analytics, and abuse prevention.
  • Device data: Screen resolution, device type (desktop/mobile), language setting. Used to serve the correct layout and improve site performance.
  • Analytics data: Aggregated page-view and session data via Google Analytics 4 (anonymised IP). Used to understand which content is useful and improve the site.
Provided by you — registered users
  • Account data: First and last name, email address, bcrypt-hashed password, profile photo (optional), account creation date.
  • Review data: Store or product reviews you submit, star ratings, verified-purchase flag (if you connect a purchase receipt), and any photos you attach.
  • Newsletter data: Email address, subscription date, and whether you open or click emails (via ESP tracking pixel, which you can opt out of).
  • Contact data: Name, email, subject, and message body when you use our contact form.
From third-party sources
  • Affiliate networks: Click-through and purchase confirmation events from Amazon Associates, ShareASale, CJ, Impact, Rakuten, Walmart, and eBay Partner Network. This data is used solely to attribute commissions.
  • Social login (optional): If you choose to sign in via Google or Apple, we receive your name, email, and profile picture from that provider. We do not receive your social media password.
We do not collect payment card information. If a purchase is made through an affiliate link, the transaction is handled entirely by the retailer — we never see your payment data.
How we use your data
The specific purposes for which each type of data is processed.
03
PurposeData usedLegal basis
Operate and serve the websiteLog data, device dataLegitimate interest
Manage your user accountAccount data, activity logContract performance
Publish your reviewsReview data, usernameConsent
Send newsletterEmail address, send/open dataConsent
Respond to contact enquiriesContact form dataContract performance
Attribute affiliate commissionsClick events, referral cookieConsent
Improve AI tools & searchAnonymised query logsLegitimate interest
Fraud prevention & securityIP address, log dataLegal obligation
Comply with legal requestsAny data specified in requestLegal obligation

We do not use your data for automated decision-making that produces legal or similarly significant effects. Our AI tools analyse store data — not individual user profiles.

Cookies & tracking technologies
What cookies we set, which are essential, and how to manage your preferences.
04

We use cookies and similar tracking technologies (local storage, pixel tags) on this site. Strictly necessary cookies are set automatically. All other categories require your consent via the cookie banner shown on your first visit.

Strictly necessary
Always on
Session cookie (authentication), CSRF token (security), cookie-consent preference. These cannot be disabled as the site will not function without them. No personal data leaves the site.
Cookies set: laravel_session, XSRF-TOKEN, cookie_consent · Expires: session / 2 hours / 1 year
Analytics
Requires consent
Google Analytics 4 — anonymised page-view and engagement data. IP addresses are truncated before storage. Used to understand how visitors use the site so we can improve content.
Cookies set: _ga, _ga_* · Expires: 2 years · Third party: Google LLC
Marketing & affiliate tracking
Requires consent
Affiliate referral cookies set by Amazon Associates, ShareASale, CJ, Impact, Rakuten, Walmart Affiliate, and eBay Partner Network when you click an affiliate link. These cookies attribute your purchase to our referral so we receive the correct commission. If you decline this category, affiliate links still work but we may not receive commission.
Cookies set: tag=trustedbuy* and network-specific cookies · Expires: 24 hours – 90 days (varies by network)
Functional / preferences
Requires consent
Stores your site preferences such as dark/light mode toggle, recently viewed stores, and saved comparison selections. No data is shared with third parties.
Storage: localStorage · Expires: persistent until cleared
You can change your cookie preferences at any time. Use the "Cookie settings" link in the footer, or clear your cookies in your browser settings. Withdrawing consent does not affect the lawfulness of processing based on consent before its withdrawal.
Amazon Associates — privacy requirements
Disclosures required by the Amazon Associates Operating Agreement and Amazon's privacy guidelines.
05
Amazon Associates Program — Required Privacy Disclosure REQUIRED BY AMAZON OA
Trusted Buyer Report is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate, Trusted Buyer Report earns from qualifying purchases.

Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates. Amazon collects data through its own tracking mechanisms when you visit Amazon.com via a link on this site. This data collection is governed by Amazon's Privacy Notice , not this policy.
How Amazon Associates tracking works
  • When you click a link to Amazon.com on this site, a referral tag (e.g. tag=trustedbuy-20) is appended to the URL.
  • Amazon sets a 24-hour session cookie on Amazon.com. If you purchase within that session, we receive a commission of 1–10% depending on the product category.
  • We receive aggregated commission data from Amazon — we do not receive your name, address, payment details, or any personally identifiable information about your purchase.
  • Amazon's tracking operates under Amazon's own privacy policy. If you are an Amazon Prime member or logged-in user, Amazon's privacy terms apply to data Amazon collects about your behaviour on its platform.
California residents: Amazon may engage in "cross-context behavioural advertising" as defined by CCPA/CPRA. You can opt out via amazon.com/adprefs or via the NAI opt-out tool.
Third-party sharing
Every third party that receives your data, what they receive, and why.
06
Third partyData sharedPurposePrivacy policy
Google Analytics 4 Anonymised usage data, truncated IP Site analytics Link
Amazon Associates Referral click events Affiliate attribution Link
ShareASale / CJ / Impact / Rakuten / Walmart / eBay Referral click events Affiliate attribution See each network's policy
Email service provider (ESP) Email address, send/open events Newsletter delivery Varies by provider
Hosting / CDN provider IP address (log data) Site delivery & security Varies by provider
Law enforcement / courts As specified in legal request Legal obligation N/A

We do not sell your personal data to data brokers, advertising networks, or any other third parties for their own commercial use. This applies to all users, including California residents under CCPA.

Data retention
How long we keep each category of data and why.
07
Data categoryRetention periodReason
Server log data90 daysSecurity monitoring, abuse prevention
Account data (active)Life of account + 30 daysService delivery
Account data (deleted)30 days then purgedAccount recovery window
Published reviewsIndefinite unless deletion requestedPublic editorial record
Newsletter subscriptionsUntil unsubscribe + 14 daysUnsubscribe confirmation
Contact form messages24 monthsCorrespondence record
Affiliate click dataAs required by network (typically 90 days)Commission attribution
Analytics data14 months (GA4 default)Trend analysis
Legal hold dataAs required by lawLegal obligation

You may request early deletion of your personal data at any time — see §9 GDPR rights and §10 CCPA rights. Note that published reviews credited to your account will be anonymised (not deleted) to preserve the integrity of our editorial record, unless there is a legal basis for full deletion.

Security measures
Technical and organisational measures we take to protect your data.
08
  • All data transmitted between your browser and our servers is encrypted with TLS 1.3 (HTTPS enforced site-wide).
  • Passwords are hashed with bcrypt (cost factor 12) — we never store plaintext passwords and cannot retrieve them.
  • Database access is restricted to application-layer processes; no direct external database access is permitted.
  • All internal staff access to personal data is role-based and logged. Only staff with a legitimate operational need can access user data.
  • Automated security scanning and dependency updates are run on a weekly schedule.
  • Backups are encrypted at rest using AES-256 and stored in a geographically separate region.
If you believe you have found a security vulnerability, please disclose it responsibly by emailing security@trustedbuyerreport.com before public disclosure. We aim to acknowledge reports within 48 hours.
Your rights under GDPR (EU & UK)
Rights under Regulation (EU) 2016/679 and UK GDPR. These apply to all EU and UK residents.
09
Right of Access (Art. 15)
Request a copy of all personal data we hold about you, including what it is, how it is used, and who it is shared with. We respond within 30 days.
Email privacy@trustedbuyerreport.com
Right to Rectification (Art. 16)
Request correction of inaccurate personal data. You can update most account data directly in your profile settings without contacting us.
Profile settings or email us
Right to Erasure (Art. 17)
Request deletion of your personal data. We will action this within 30 days. Published reviews will be anonymised unless you have a specific legal basis for full deletion.
Email privacy@trustedbuyerreport.com
Right to Restriction (Art. 18)
Request that we pause processing of your data while a dispute is being resolved (e.g. while you contest accuracy of data we hold).
Email privacy@trustedbuyerreport.com
Right to Portability (Art. 20)
Receive your personal data in a structured, machine-readable format (JSON or CSV) to transfer to another service. Applies to data you provided and we process by automated means.
Email privacy@trustedbuyerreport.com
Right to Object (Art. 21)
Object to processing based on legitimate interest at any time, including for direct marketing. We will stop processing unless we have compelling legitimate grounds.
Email privacy@trustedbuyerreport.com
We respond to all GDPR requests within 30 days (extendable to 90 days for complex requests with notice). There is no charge for submitting a request. If you are unsatisfied with our response, you have the right to lodge a complaint with your national data protection authority — for EU residents: find your DPA → For UK residents: ICO →
Your rights under CCPA / CPRA (California)
Rights under the California Consumer Privacy Act (as amended by CPRA). These apply to California residents.
10
Right to Know
Cal. Civ. Code § 1798.100
  • Categories of personal information collected
  • Sources from which it was collected
  • Business purpose for collection
  • Third parties with whom it is shared
Right to Delete
Cal. Civ. Code § 1798.105
  • Request deletion of personal information we hold
  • We will respond within 45 days (extendable to 90)
  • We will instruct service providers to delete your data
  • Certain exceptions apply (legal obligation, security)
Right to Opt-Out of Sale
Cal. Civ. Code § 1798.120
  • We do not sell personal information
  • No opt-out needed — no data sale occurs
  • Affiliate click data is shared, not sold (no compensation for the data itself)
Right to Non-Discrimination
Cal. Civ. Code § 1798.125
  • Exercising your CCPA rights will not result in different pricing
  • You will not receive a lower level of service
  • You will not be denied goods or services
To submit a CCPA request, email privacy@trustedbuyerreport.com with the subject line "CCPA Request". We will verify your identity before processing. Authorised agents may submit requests on your behalf with written authorisation.
Children's privacy — COPPA
Our site is not directed at children under 13.
11

This site is intended for users aged 13 and older. We do not knowingly collect personal data from children under 13 (or under 16 in the EU/UK where applicable). If we become aware that we have inadvertently collected personal data from a child under the applicable age threshold, we will delete it promptly.

If you believe a child has provided us with personal information, please contact us immediately at privacy@trustedbuyerreport.com.

Changes to this policy
How we notify you when this policy is updated.
12

We review this Privacy Policy at minimum every 6 months and whenever there is a material change to our data practices. The version number and effective date at the top of this page always reflect the current version.

For material changes — changes that affect how we use your personal data in a significant way — we will notify registered users by email at least 14 days before the change takes effect. Continued use of the site after the effective date constitutes acceptance of the revised policy.

Non-material changes (grammar, formatting, clarifications that do not alter the substance of our data practices) will be updated without individual notification, though the version number will increment.

Contact & data requests
How to exercise your rights or raise a privacy concern.
13
Privacy & data requests
Access, deletion, correction, portability, GDPR/CCPA requests
privacy@trustedbuyerreport.com
Security vulnerabilities
Responsible disclosure of security issues
security@trustedbuyerreport.com
Version 3.0 · Effective 1 May 2026 · Next review: November 2026 Affiliate disclosure
Editorial Independence
Scores are finalized before any affiliate link is placed
Data-Driven Analysis
Our research tools detect patterns — named humans write every verdict
Verified Shopper Community
Every community review is from a confirmed real purchase
Full Methodology Published
Read how we score — every criterion is public

Smarter shopping, weekly

New store reviews, buying guides, and research-backed insights delivered to your inbox. No spam, no fluff.

Honest research.
Smarter shopping. Every time.

Trusted Buyer Report was built on one belief: shoppers make better decisions when the research behind a recommendation is honest, methodical, and transparent. Every score on this site is earned through data — not a payment. Our editorial team includes consumer advocates, former retail buyers, and category-specialist researchers who test claims independently before anything goes live. Affiliate commissions fund our work — but are never applied before scores are locked.

No paid rankings, ever Human-verified editorial Updated every 90 days FTC compliant Named editors on every article
Editorial
About our team Review methodology Affiliate disclosure Corrections policy AI ethics policy
Legal
Privacy policy Terms of service Cookie policy

Affiliate Disclosure: As an Amazon Associate I earn from qualifying purchases. Trusted Buyer Report also participates in other affiliate programs. When you click a link on our site and make a purchase, we may earn a commission at no additional cost to you. This helps fund our independent editorial team. Our scores and editorial recommendations are finalized before any affiliate link is applied and are never influenced by commercial relationships. Read our full disclosure →  ·  Research Disclosure: Where our research tools assist in content preparation, this is clearly labeled. All such content is reviewed and signed off by a named human editor before publication. Read our editorial standards →