Privacy Policy

This Privacy Policy describes how Saleoye ("we", "us", or "our") collects, uses, stores, and protects information when you use the Saleoye website at saleoye.com (the "Site") and the Saleoye Android application (the "App", and together with the Site, the "Service"). By using the Service, you agree to the practices described in this policy. If you do not agree, please discontinue use.

1. Who We Are

Saleoye is an independent platform that aggregates publicly available sale and discount listings from brands and retailers in Pakistan. We operate solely as a discovery tool. We do not sell products, process payments, or handle deliveries. We are not affiliated with any brand or vendor listed on the Service.

2. Information We Collect

2.1 Information You Provide Voluntarily

We collect personal information only when you choose to provide it:

• Account credentials — when you create an account in the App, we collect your email address (email / password sign-in) or your Google account profile data (name, email, profile photo, and Google user ID) if you choose Google Sign-In.
• Wishlist data — products you save in the App are stored on your device, and — when you are signed in — also synced to Google Cloud Firestore under your Firebase user ID so your Wishlist follows you across devices and survives a re-install. Guest (signed-out) Wishlists stay on the device only.
• Support messages — when you contact us by email, we receive your email address and the contents of your message.

We do not request or store your payment information, national identity number, date of birth, or any similarly sensitive personal data.

2.2 Information Collected Automatically by the App

When you use the App, the following data is collected:

• Crash and diagnostic data — via Firebase Crashlytics, including device model, operating system version, app version, and stack traces when the App crashes or hits an error. This is collected only in release builds and is used solely to diagnose and fix App stability issues.
• Push notification token — an anonymous, device-specific Firebase Cloud Messaging token, generated only after you opt into notifications. We use this token solely to deliver the broadcasts we describe in §3 below; we do not store these tokens in our own database. You can turn notifications off at any time from Profile → Notifications, which immediately stops future delivery.

SaleOye does not track individual users. Starting with version 1.1.0, the App sends two anonymous aggregate counters to our server, used only to rank editorial content shown to all users:

• Product-view counter — when you open a product detail screen, the server increments a click count for that product. This powers the “Sale stories” section on the Discover tab and the brand ranking on the Brands tab. No user ID, IP address, or device identifier is sent or stored.
• Search-trending counter — when you submit a search query, the query text and a counter are recorded. This powers the “Trending searches” list on the Search screen. The query text is stored, but is never linked to a user, device, or session.

Beyond those two anonymous counters, Crashlytics and Cloud Messaging remain the only Firebase data-collecting services in use.

2.3 Information Collected Automatically by the Site

When you visit the Site, we and our third-party partners may automatically collect:

• IP address and approximate geographic location.
• Browser type, version, language, and operating system.
• Pages visited, time on page, and navigation path.
• Referring URL (the page you visited before the Site).
• Anonymous, aggregated traffic metrics via Cloudflare Web Analytics (no cookies, no cross-site tracking).

2.4 Information from Third-Party Services

We plan to display advertisements on the Site via Google AdSense. Where AdSense is enabled, Google and its partners may independently collect data about your activity across the web to serve relevant ads, governed by Google's own Privacy Policy. The App does not currently display advertising.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide core features — account sign-in, your Wishlist (synced across your devices), search and filtering, and product discovery.
• To send opt-in broadcast announcements about notable sales, flash drops, or curated deal lists. These are app-wide broadcasts authored by Saleoye and delivered via Firebase Cloud Messaging to every device that has opted in. We do not run automated per-user notifications based on your Wishlist activity, browsing history, or behaviour.
• To respond to your enquiries and support requests.
• To diagnose App crashes and improve stability.
• To display relevant advertisements on the Site via Google AdSense (when enabled). The App does not display advertising.
• To comply with applicable laws and regulations.

We do not use your information for automated decision-making or profiling that produces legal or similarly significant effects.

4. How We Share Your Information

Saleoye does not sell, rent, or trade your personal information to any third party. We share information only in the limited circumstances below:

4.1 Infrastructure and Service Providers

We rely on the following providers to operate the Service. Each processes only the data needed for its function and is bound by its own privacy terms:

• Google Firebase — Authentication (email / password sign-in), Cloud Firestore (Wishlist sync for signed-in users), Cloud Messaging (opt-in broadcast notifications), and Crashlytics (crash reporting).
• Google Sign-In — used when you choose to sign in with a Google account.
• Cloudflare — static site hosting, content delivery, and aggregate web analytics for the Site, plus the Worker / D1 database that serves the public sale catalogue shown in the App.

4.2 Advertising Partners

The Site plans to use Google AdSense to serve advertisements. When AdSense is active, Google may use cookies to serve ads based on your prior visits to this and other websites. You can opt out of personalised advertising via Google's Ads Settings at adssettings.google.com.

4.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or governmental authority, or if we believe in good faith that such disclosure is necessary to protect the rights, property, or safety of Saleoye, our users, or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email or a prominent notice before your information is transferred and becomes subject to a different privacy policy.

5. Cookies and Similar Technologies

Website: the Site itself does not set first-party advertising or tracking cookies. When Google AdSense is enabled, AdSense and its partners may set cookies to deliver and measure ads. Cloudflare Web Analytics is cookie-free.

App: the App does not use browser cookies. It stores small amounts of preference data on your device (such as your onboarding state, sort preference, notification preference, and which brands you follow for alerts) using Android's local storage. Brand follows are also registered as anonymous Firebase Cloud Messaging topics, with no link to your identity. Once you are signed in, the App uses Firebase SDK identifiers (your Firebase user ID and, if you opt into notifications, your Cloud Messaging token) to operate Wishlist sync and notification delivery.

You can control browser cookies through your browser settings. For more information on Google advertising cookies, visit policies.google.com/technologies/ads.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this policy:

• Account credentials — retained by Firebase Authentication until you delete your account from Profile → Delete account or by emailing us. Account deletion removes your Firebase user record and your synced Wishlist.
• Wishlist data — stored on your device, plus (when signed in) under your Firebase user ID in Cloud Firestore. Retained until you remove items, sign out, uninstall the App, clear App storage, or delete your account.
• Push notification token — held by Firebase Cloud Messaging while notifications are on. Turning the toggle off in Profile → Notifications immediately unsubscribes the device. We do not retain a copy of the token in our own database.
• Support messages — retained for up to 12 months for reference.
• Crash data — retained by Firebase Crashlytics under Google's default retention window (typically up to 90 days for individual crash reports).
• Web analytics data — retained in aggregated form by Cloudflare under its own retention policy.

You may request deletion of your personal data at any time by contacting us at hello@saleoye.com. We respond within 14 business days and complete verified account deletions within 30 days.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access — request a copy of the personal data we hold about you.
• Correction — request correction of inaccurate or incomplete data.
• Deletion — request erasure of your personal data and account. Account deletion is also available from within the App at Profile → Delete account.
• Withdrawal of Consent — turn off push notifications at any time from Profile → Notifications; sign out to stop Wishlist sync; or delete your account from your Profile to remove all of the above. The App does not send marketing emails.
• Objection — object to certain types of data processing.

To exercise any of these rights, email us at hello@saleoye.com with the subject "Privacy Request". We will verify your identity before processing the request.

8. Data Security

We take reasonable technical and organisational measures to protect your personal information against unauthorised access, loss, misuse, or alteration. These include:

• HTTPS / TLS encryption for all data transmitted between your device and our servers, and between our App and Firebase.
• Firebase Security Rules restricting access to user data so that, by default, only the signed-in owner of the data can read or write it.
• Restricted access to production systems — only authorised team members can access them.
• Regular review of our data collection and storage practices.

No method of transmission or storage is completely secure. While we work to protect your information, we cannot guarantee absolute security.

9. Children's Privacy

Saleoye is not directed at children under the age of 13, and we do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child under 13, please contact us at hello@saleoye.com and we will delete the data promptly.

10. Third-Party Links and Vendor Websites

The Service contains links to external brand and vendor websites. Once you tap or click a product link and leave Saleoye, this Privacy Policy no longer applies. Any purchase, account, or data handling on a vendor's site is governed by that vendor's own policies. We are not responsible for the privacy practices or content of those websites.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we do, we will revise the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

For significant changes, we will post an in-App or in-Site notice before the change takes effect.

12. Contact Us

If you have any questions, concerns, or requests related to this Privacy Policy, contact us: