Privacy Policy

Effective date: June 30, 2026 Controller: CompatKit (operated by Randy Vera, rjvera@gmail.com) Contact for privacy matters: privacy@compatkit.com

Plain English: We log compatibility searches to improve the database and understand what gear questions people actually have. We don't track who you are, don't sell your personal data, and delete anonymous logs after 90 days. If you make an account, you can delete it and everything linked to it at any time.

What We Collect

Anonymous visitors (no account required)

When you search for a compatibility pair, we log:

• The query type (e.g., "pair check")
• The product slugs you searched (e.g., "sony-fx3" and "sony-tough-g-series")
• Whether we returned a result or a miss
• Your country (country-level only, derived from IP — not the IP address itself)
• The referring domain (e.g., "claude.ai") — not the full URL or path
• Response time in milliseconds

We do not collect: your IP address, device type, browser fingerprint, name, or email.

We do not set tracking cookies. Session grouping is by time window only.

Legal basis (GDPR): Legitimate interest (Article 6(1)(f)). We have a genuine interest in understanding which compatibility questions are being asked so we can prioritize research and close data gaps. This interest is not outweighed by your rights: the data is country-level and product-level only, contains no identifying information, and expires automatically after 90 days.

Consent: On your first visit, we ask for your consent before logging begins. If you decline, we log nothing.

Registered users (if you create an account)

In addition to the above:

• Email address (authentication only — never displayed publicly or shared)
• Saved gear setups (products you add to your setup)
• Query history linked to your account

Legal basis (GDPR): Contract performance (Article 6(1)(b)) — we need your email to provide the account service you requested.

API callers

• Hashed API key (not the raw key — the hash is a one-way identifier)
• Same query fields as anonymous visitors, plus query volume per key

How We Use It

To improve the database. Query patterns show us what combinations people research and where our database has gaps. A high volume of "no result" queries for a product pair tells us to research that pair next.

Aggregate signals sold to brands and retailers (future, not yet live). We may sell anonymized, aggregated signals to gear brands. Examples: "500 searches involved your microphone this month" or "60% of queries about your camera returned a compatible result." We will never sell individual user data, individual query histories, or any data that identifies a person.

Data Retention

| Data type | Retention | |---|---| | Anonymous query logs | 90 days, then automatically deleted | | User account data | Until you delete your account | | Saved gear setups | Deleted immediately when account is deleted | | API key hashes | Retained for security auditing (12 months after key is revoked) |

The 90-day expiry on anonymous query logs is enforced automatically. You do not need to request it.

Your Rights

All visitors (GDPR, if you're in the EU/UK/EEA)

• Right to erasure: You can request deletion of any data we hold about you. See "How to Exercise Your Rights" below.
• Right to access: You can request a copy of the data we hold linked to your account or session.
• Right to portability: You can request your saved setup data in a machine-readable format (JSON).
• Right to object: You can object to processing based on legitimate interest. We will stop processing your data unless we can demonstrate compelling legitimate grounds.
• Right to withdraw consent: If you consented to query logging, you can withdraw that consent at any time. Withdrawal does not affect logs already written.

California residents (CCPA)

• Right to know: You can request disclosure of the categories of personal information we collect and how we use it.
• Right to delete: You can request deletion of personal information we have collected about you.
• Right to opt out of sale: We do not sell personal information. Aggregate, anonymized signals are not personal information.

How to Exercise Your Rights

Email privacy@compatkit.com with the subject line "Privacy Request" and describe what you want (deletion, access, export). We will respond within 30 days. For account deletion, you can also delete your account directly from your account settings page — all linked data is removed immediately via cascading delete.

We do not charge a fee for privacy requests. We may ask you to verify your identity before acting on a request.

Third Parties

We do not share personal data with any third party for their own use.

Infrastructure vendors (data processors, not controllers):

• Supabase (database hosting) — processes data on our behalf under a data processing agreement
• Vercel (website hosting) — processes web requests on our behalf

Product links on this site are plain, unaffiliated retailer links. No affiliate tracking cookies are set by this site.

Cookies

We do not use tracking or advertising cookies. We may use a single session cookie if you log in to your account. This cookie is strictly necessary for the account service and does not require consent under ePrivacy rules.

Changes to This Policy

If we make material changes, we will update the effective date at the top of this page and (for registered users) send a notification email at least 30 days before the change takes effect.

Contact

For questions about this policy or to exercise your rights:

Email: privacy@compatkit.com Response time: Within 30 days