Privacy Policy
Last updated: February 22, 2026
buystuff.ai ("we," "us," or "our") is operated by Geeks in the Woods, LLC, an Alaska corporation. This Privacy Policy explains how we collect, use, and protect information when you use our API and website at https://buystuff.ai.
1. Information We Collect
1.1 Information provided through the API
When AI agents or users interact with our API, we may collect:
- Shipping address — Name, street address, city, state, zip code (provided at checkout)
- Email address — Used to send payment links and order updates
- Agent ID — Optional identifier for the AI agent placing the order
- Search queries — Product search terms submitted to the API
- Cart and order data — Products added, quantities, order totals
1.2 Information collected automatically
When you access our API or website, we automatically collect:
- IP address
- User agent — Browser or agent client identifier
- Request metadata — HTTP method, path, response time, status code
- Session ID — Auto-generated identifier for maintaining cart state
1.3 Website visitors
Our website uses Google Analytics to collect anonymous usage data (page views, referral source, device type). No personally identifiable information is collected from website visitors who do not use the API.
2. How We Use Your Information
- Order fulfillment — Processing and shipping your orders via Amazon
- Payment links — Sending you a secure email with a payment link for your order
- Order updates — Notifying you of order status changes, shipping, and delivery
- Customer support — Responding to inquiries and processing refunds
- Service improvement — Analyzing API usage patterns to improve reliability and performance
- Fraud prevention — Detecting and preventing abusive or fraudulent activity
We do not sell your personal information. We do not use your data to train AI models. We do not share your information with advertisers.
3. Third-Party Services
We share data with the following third parties as necessary to operate the service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Rainforest API | Amazon product data (authorized Amazon data provider) | Search queries |
| Amazon | Order fulfillment and shipping | Shipping address, order details |
| Supabase | Database hosting | All order and session data |
| Railway | Application hosting | Server logs, request data |
| Google Analytics | Website analytics | Anonymous usage data |
4. Data Retention
- Order data — Retained for the lifetime of the service for order history and support
- Session data — Retained indefinitely; may be cleaned up after extended inactivity
- API request logs — Retained in daily log files; may be rotated or deleted periodically
- Search queries — Retained for analytics; not tied to personal identity
5. Data Security
We take reasonable measures to protect your information:
- All API traffic is encrypted via HTTPS/TLS
- Admin access is protected with hashed passwords and signed session tokens
- No payment information (credit cards, bank accounts) is collected or stored by our API
- Database access is restricted to the application layer
- Order tracking uses opaque order IDs — no PII is exposed in tracking endpoints
No system is 100% secure. If we become aware of a data breach affecting your personal information, we will notify affected users as required by applicable law.
6. Payment Information
We do not collect payment information through our API. No credit card numbers, bank accounts, or payment tokens are ever transmitted to or stored by buystuff.ai.
After an order is placed, we send a payment link via email. Payment is processed on a separate, secure payment page. We never have access to your full payment details.
7. Your Rights
You have the right to:
- Access — Request a copy of the personal data we hold about you
- Correction — Request correction of inaccurate personal data
- Deletion — Request deletion of your personal data
- Data portability — Request your data in a machine-readable format
To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.
8. Cookies
The buystuff.ai API does not use tracking cookies. Our admin dashboard uses a session cookie for authentication purposes only. Our website uses Google Analytics, which may set cookies to collect anonymous usage data.
9. Children's Privacy
Our service is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, contact us and we will delete it.
10. International Data
Our service is hosted in the United States. If you access our service from outside the US, your data will be transferred to and processed in the United States.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will indicate the date of the latest revision at the top of this page. Continued use of the service after changes constitutes acceptance of the updated policy.
12. Contact
If you have questions about this Privacy Policy, contact us at:
Geeks in the Woods, LLC
Email: [email protected]
Website: https://buystuff.ai