Effective date: July 12, 2026. Scour is operated by Justin Sheshagiri Rao ("we", "us"), based in Ontario, Canada.
Account information. Your email address, an optional display name, and your password. Passwords are stored only as salted scrypt hashes — we never store or see the plaintext. Session tokens are stored hashed.
Your Scours. The buying terms you define: product links or searches, price targets, condition and variant preferences, check cadence, and the resulting price observations and alert history.
Locations you enter. For local Scours, the locations you save (a label and coordinates) and the search radius you choose. We never collect background or device GPS location — only what you type in.
Notification data. Your notification preferences and, if you enable push alerts in the mobile app, an Expo push token that lets us deliver them.
Usage metering. A monthly counter of searches, used to enforce plan quotas.
No advertising, no sale or sharing of personal data for marketing, no tracking across other apps or websites, no third-party analytics or crash-reporting SDKs, and no auto-purchasing. Scour v1 has no payments, so we hold no payment information.
Resend delivers our alert and account emails, so it processes your email address and the content of those alerts.
Retailer and search providers (Google Shopping via Serper, eBay, Etsy, Kroger, and stores you paste links from) receive the product queries your Scours generate, and — for local Scours — the coordinates of the location you saved. These queries are not tied to your identity with those providers.
Geoapify geocodes location text you enter and finds nearby stores.
Expo routes push notifications to your device when you enable them.
Your data lives in our application database hosted with Railway, our infrastructure provider.
Your data is kept while your account exists. Deleting your account (iOS app: Profile → Delete account, or by emailing us) permanently removes your account, Scours, locations, notification tokens, and alert history. Operational logs (which may include your email address and request metadata) are retained for up to 30 days, then deleted.
Questions or requests (access, correction, deletion): [email protected].