Haulist← Back

Privacy Policy

Last updated: 16 May 2026

This is the privacy policy for Haulist ("we", "us"). We try to keep it short and in plain English. If anything is unclear, email us at privacy@haulist.app.

What we collect

  • Account details — your email address, username, and an encrypted password (or a Google/Apple sign-in token if you use social login).
  • Items you save — the URLs you add, plus the title, image, description, price, and currency we read from those pages, and any notes, tags, or folders you add yourself.
  • Price history — when we periodically re-check an item's price, we store the price over time so we can tell you about drops.
  • Preferences — your settings, notification choices, push subscription tokens (if you opt in), and basic profile info.
  • Diagnostic data — when something goes wrong in the app, we capture the error and (if enabled) a short session replay so we can fix it. This may include the pages you visited inside Haulist and the actions you took, but we mask form inputs.

We don't collect special-category data, and we don't ask for payment details.

Why we use it

  • To run the service: let you sign in, save items, and view your list.
  • To notify you about price drops you've opted in to.
  • To send essential account email (sign-up confirmation, password resets).
  • To monitor errors and keep the app working.

The legal basis for most of this is performing our contract with you (giving you the service you signed up for). For diagnostics it is our legitimate interest in keeping the app reliable.

How we store it

Your data is stored in our managed backend (Lovable Cloud, which runs on Supabase). It's encrypted in transit (HTTPS/TLS) and at rest. Row-level security rules mean only you can read your own items.

Third parties we share data with

We only share what's needed for the service to work:

  • Supabase (Lovable Cloud) — database, authentication, and file storage.
  • Resend — sends transactional email (account confirmations, password resets, price-drop alerts). Receives your email address and the message we're sending.
  • Sentry — error monitoring and optional session replay. Receives error reports and, if replay is enabled, a recording of your in-app activity with form inputs masked.
  • Google / Apple — only if you choose social sign-in, in which case they confirm your identity to us.

We don't sell your data and we don't use it to train advertising models.

Cookies and tracking

We use a small number of cookies and similar storage:

  • Auth session — keeps you signed in.
  • Preferences — remembers things like your theme.
  • Sentry session replay — records in-app activity tied to errors. Form inputs are masked. You can ask us to disable this for your account.

We don't use third-party advertising or cross-site tracking cookies.

How long we keep it

We keep your data for as long as your account is active. If you delete your account, we delete your items, folders, preferences, and profile, and remove your login. Diagnostic logs are kept for up to 90 days.

Your rights

Under UK and EU GDPR you can:

  • Access the data we hold about you.
  • Export your data in a portable format (JSON).
  • Correct anything that's wrong.
  • Delete your account and all associated data.
  • Object to or restrict certain processing.
  • Complain to your local data-protection regulator (e.g. the ICO in the UK).

You can export or delete your data yourself from Settings, or email us at privacy@haulist.app.

International transfers

Some of our providers (e.g. Sentry, Resend) may process data outside the UK/EU. Where they do, we rely on appropriate safeguards such as Standard Contractual Clauses.

Children

Haulist isn't intended for children under 16. Please don't sign up if you're younger than that.

Changes

If we make material changes to this policy, we'll update the date above and notify you by email or in-app.

Contact

For any privacy question or data request, email privacy@haulist.app.