Counterthing
Sign in Sign up

Privacy Policy

Last updated: July 13, 2025

Welcome to Counterthing ("we," "us," or "our"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application and services (collectively, the "Service"). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the Service.

Information We Collect

We may collect information about you in a variety of ways. The information we may collect via the Service includes:

  • Account Information: When you register for an account, we collect personal information such as your email address and a hashed password. You may also provide other optional information on your account page.
  • Connected Service Information: If you choose to connect third-party services (like Google, Etsy, Microsoft Entra ID, Xbox Live), we collect authentication information necessary to maintain the connection. This typically includes access tokens, refresh tokens (if applicable), and your unique identifier (UID) on that service. Depending on the service and permissions granted, we may also access basic profile information (like name or nickname) or specific data required for widget functionality (e.g., YouTube subscriber counts, Etsy sales data, Etsy review data, Etsy listing counts, Etsy revenue, Etsy views, Etsy favorites, Etsy open orders data, Xbox Live gamertag/XUID). For users connecting via Xbox Live where an email is not provided, we generate a placeholder email address based on your Xbox UID solely for account creation purposes within our Service.
  • Device Information: If you pair a physical device with our Service, we collect the device's unique identifier, a secret key for API authentication, and any configuration settings you provide (like name, timezone, brightness, text color preferences). When your device interacts with our API, we may also collect its IP address and user agent string.
  • Widget Data: We store information about the widgets you create, including their type and configuration (e.g., Instagram username, Etsy shop name).
  • Usage Data: We automatically collect information about how you interact with the Service, such as the pages you visit, features you use, actions you take (like creating or reordering widgets), your IP address, browser type, operating system, and access times. We may use cookies or similar technologies for session management and analytics.
  • Location Information (Indirect): Certain data obtained from connected services (e.g., Etsy order details for the map feature) may contain location information like shipping addresses. We may process this information in an aggregated or anonymized form to provide features like the map visualization. We do not directly collect your precise geolocation unless explicitly required for a feature and consented to by you.

How We Use Your Information

Having accurate information permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Service to:

  • Create and manage your account.
  • Authenticate you and maintain your session.
  • Connect and interact with third-party services as you direct.
  • Fetch and display data from connected services for your configured widgets.
  • Pair, configure, and manage your connected devices.
  • Receive and process data submitted by your devices via our API (e.g., numerical values, error messages).
  • Provide features like the order map (using aggregated/anonymized data where applicable).
  • Monitor and analyze usage and trends to improve the Service.
  • Provide customer support and respond to your requests.
  • Maintain the security and integrity of our Service.
  • Comply with legal obligations.

Sharing Your Information

We do not sell your personal information. We may share information we have collected about you in certain situations:

  • With Third-Party Services: When you explicitly authorize us to connect to a third-party service, we share the necessary information (like authentication requests) with that service to establish the connection. We only access data as permitted by you and the respective service's API. We do not share your Counterthing password with these services.
  • With Service Providers: We may share your information with third-party vendors, service providers, contractors, or agents who perform services for us or on our behalf and require access to such information to do that work (e.g., web hosting, data analysis, email delivery, customer service).
  • By Law or to Protect Rights: If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation.
  • Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
  • Aggregated or Anonymized Data: We may share aggregated or anonymized information that does not directly identify you.

Data Security

We use administrative, technical, and physical security measures to help protect your personal information. We use industry-standard practices like HTTPS for data transmission and hashing for passwords. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse.

Data Retention

We will retain your personal information for as long as your account is active or as needed to provide you the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Information related to connected services (like tokens) is retained until you disconnect the service.

Your Data Rights

You have certain rights regarding your personal information:

  • Access and Correction: You can access and update most of your account information through your account settings page.
  • Disconnecting Services: You can disconnect third-party services at any time via your account settings page. This will remove our access tokens for that service.
  • Account Deletion: You may request to delete your account by contacting us. Please note that deleting your account will result in the deletion of your associated data, subject to our retention policies for legal or operational needs.
  • Depending on your location, you may have additional rights (e.g., under GDPR or CCPA). Please contact us to exercise these rights.

Third-Party Services

Our Service allows you to connect to third-party services like Google, Etsy, and Microsoft (including Xbox Live and Entra ID). Your use of these services is subject to their respective terms and privacy policies. We encourage you to review their policies.

Children's Privacy

Our Service is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided us with personal information, we will take steps to delete such information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have questions or comments about this Privacy Policy, please contact us at: support@counterthing.com