Do you store my payment card number?

No. Stripe handles payment details and card storage. Oyster List stores billing metadata such as plan, invoice, and customer references.

Do you sell personal information?

Oyster List is a subscription and report business. This policy is built around operating the product, not selling personal information.

What happens if I use Oyster List AI chat?

Your prompt and chat context are sent to Together AI so Oyster List can generate the response you requested.

How can I stop digest or alert emails?

You can manage digest settings inside your account, and recurring emails should include an unsubscribe path where applicable.

Do you use Google Analytics?

Yes. Oyster List loads Google Analytics on public pages to measure traffic and usage. You can opt out by installing the Google Analytics Opt-out Browser Add-on or by blocking analytics cookies in your browser.

Privacy Policy

How Oyster List collects, uses, discloses, and safeguards information related to visitors, account holders, and customers.

Overview

This Privacy Policy applies to Oyster List and the services offered at oysterlist.com. It describes the information we collect, how we use it, the parties to whom it may be disclosed, the methods used for those disclosures, and the security practices we use to protect it.

Oyster List is operated by Aurdal ENK. This page should be read together with our Terms of Service. If you have a privacy question or want to make a request about your information, use our contact page or email [email protected].

Effective Date

April 23, 2026

Operator

Aurdal ENK

Business Location

Norway

Privacy Email

[email protected]

Contact Page

Contact Oyster List

Information We Collect

Account and contact details

Email address, name, avatar URL, and invitation email addresses when you sign up, log in, or manage a team.

Billing and transaction records

Plan tier, billing cycle, invoice metadata, billing details, purchase history, and Stripe customer or subscription references. Full card numbers and CVC values are handled by Stripe, not stored by Oyster List.

Product activity and preferences

Tracked places, shortlists, saved comparisons, alerts, fit profiles, digest settings, team membership, and download history.

Session, device, and usage signals

Hashed session identifiers, user-agent strings, first-party analytics events, anonymized meter identifiers, rate-limit data, and aggregated traffic measurements collected through Google Analytics.

How We Use Information

Create accounts, verify email ownership, and keep you signed in.

Process subscriptions, one-time purchases, invoices, renewals, cancellations, and customer billing portal actions.

Deliver transactional emails such as magic links, team invitations, billing notices, alerts, and recurring digests.

Operate product features including saved lists, comparisons, downloads, tracked places, and team access controls.

Prevent abuse, enforce rate limits, investigate suspicious activity, and maintain security logs and audit trails.

Measure product usage such as paywall hits, signup flow, checkout flow, and similar first-party conversion events.

Respond to support, compliance, or legal requests.

Disclosure Recipients and Methods

We do not need every provider to receive every data type. When disclosure happens, it is limited to the information reasonably needed for the specific service or legal purpose.

Stripe

Information Disclosed

Email address, purchase context, customer and subscription identifiers, invoice and billing details.

Method of Disclosure

Hosted checkout and billing portal pages, plus API and webhook exchanges between Oyster List and Stripe.

Why

To collect payment, manage subscriptions, and issue invoices.

Resend

Information Disclosed

Email address and the transactional email content needed to send login links, invitations, alerts, and billing emails.

Method of Disclosure

Server-to-server API calls from Oyster List to the email delivery provider.

Why

To deliver account, billing, and product emails.

Together AI

Information Disclosed

Prompts and conversation context submitted through Oyster List AI chat features.

Method of Disclosure

Server-side API requests to the AI model provider.

Why

To generate chat responses requested by the user.

Google Analytics

Information Disclosed

Pageviews, referrer, approximate location derived from IP, device and browser characteristics, and interaction events on oysterlist.com.

Method of Disclosure

Google Analytics tag (gtag.js) loaded in the browser, which sends measurement data to Google.

Why

To measure traffic, understand how pages are used, and improve the product.

Team owners and admins

Information Disclosed

Name, email, team role, billing seat context, and team-related downloads or usage associated with the workspace.

Method of Disclosure

Controlled access inside Oyster List account and admin pages.

Why

To administer shared subscriptions and team workspaces.

Infrastructure and service providers

Information Disclosed

Operational data needed to host the site, store files, deliver traffic, and monitor service health.

Method of Disclosure

Access through hosting, database, storage, and delivery infrastructure used to operate Oyster List.

Why

To run the product securely and reliably.

Authorities, courts, and advisers

Information Disclosed

Information required to comply with law, enforce rights, investigate fraud, or respond to valid legal process.

Method of Disclosure

Direct legal disclosures or secure document sharing when legally required.

Why

Compliance, dispute handling, and security response.

Stripe's own processing of payment information is governed by Stripe's Privacy Policy.

Cookies, Local Storage, and Similar Technology

oyster_session

HTTP-only cookie

Keeps signed-in users authenticated. In production it is set with secure and same-site protections.

oyster_meter_id

Local storage plus first-party cookie

Supports the anonymous access meter and helps the app recognize the current browser.

chat_remaining

First-party cookie

Tracks remaining free AI chat usage for unauthenticated or non-paid sessions.

If you block essential cookies or local storage, some Oyster List features such as login persistence, anonymous access metering, and free chat limits may stop working correctly.

Security Practices

Magic-link tokens and session tokens are hashed before being stored in the database.

Production session cookies are HTTP-only, same-site, and marked secure.

Session metadata stores a rotating hash of the client IP rather than the raw IP address in session records.

Anonymous meter fallback uses a monthly-rotated anonymized IP bucket instead of persistent raw IP storage.

Payments are handled through Stripe-hosted checkout and billing pages over HTTPS, and Oyster List does not store full card numbers or CVC values.

Admin tools are role-restricted, and higher-risk admin actions are logged in an audit trail.

Retention and Control

Magic-link tokens expire after 15 minutes and are single-use.

Session records expire after 30 days unless a new session is created.

Account, billing, invoice, analytics, and audit records may be retained as needed for operations, tax/accounting obligations, fraud prevention, and dispute handling.

If you ask us to delete your account, we may retain limited records required to comply with law or defend against abuse or chargebacks.

To request access, correction, or deletion, or to ask about digest preferences or account closure, contact us through the contact page.

Privacy Policy

Overview

Information We Collect

Account and contact details

Billing and transaction records

Product activity and preferences

Session, device, and usage signals

How We Use Information

Disclosure Recipients and Methods

Stripe

Resend

Together AI

Google Analytics

Team owners and admins

Infrastructure and service providers

Authorities, courts, and advisers

Cookies, Local Storage, and Similar Technology

oyster_session

oyster_meter_id

chat_remaining

Security Practices

Retention and Control

Frequently Asked Questions