Legal

Privacy policy

Short version: SupplierSpy does not track you. No cookies for advertising, no third-party analytics, no shared visitor data. This page spells out exactly what happens.

Last updated: 17 April 2026

What we collect

Practically nothing that identifies you personally. Here is the complete list of data our systems touch when you visit:

  • Standard web-server access logs (kept by Cloudflare, our hosting provider, by default). This includes IP address, user agent, URL requested, and timestamp. We use these only for operational purposes — making sure the site is up and catching abuse.
  • Outbound supplier-link clicks. When you click a link to a supplier's website, we append UTM parameters (utm_source=supplierspy, utm_medium=referral, utm_campaign=benchmark) so the destination site knows the traffic came from us. We do this so suppliers can see SupplierSpy-referred traffic in their own analytics — we do not receive or store any click data back, and we do not get paid for these clicks.
No cookies. SupplierSpy does not set cookies for tracking, advertising, or personalization. If your browser is storing a cookie for supplierspy.com, it is almost certainly from Cloudflare's bot-defence layer, not from us.

What we do not do

  • No third-party analytics. No Google Analytics, no Plausible, no Fathom, no Segment, no Mixpanel, no Meta Pixel — nothing.
  • No advertising networks. No ads means no ad trackers.
  • No visitor-data sharing. We do not sell, rent, or share your IP or any server-log data with suppliers, advertisers, data brokers, or AI training providers.
  • No email newsletter. There isn't one yet. If we ever start one, it will be opt-in only and on a separate subdomain.
  • No user accounts. You cannot sign up for SupplierSpy. There is nothing to sign up for.
  • No fingerprinting. We do not run canvas, audio, or device-level fingerprinting scripts.

Legal basis (GDPR / UK-GDPR)

For EU and UK visitors, the legal basis we rely on is legitimate interest for the minimal access logs Cloudflare keeps by default — we cannot responsibly run a website without a basic operational log. No other processing takes place on our side, so no other legal basis is needed.

Cloudflare is our data processor for hosting and log retention. Their own privacy policy governs how long those logs are retained and under what conditions they can be disclosed.

Your rights

You can ask for a copy of any data we hold about you (almost certainly: none), request deletion, or lodge a complaint. Because we don't maintain identity-linked records, most requests are answered with "we don't have anything tied to you" — but the door is open.

Write to hello@supplierspy.com. Include enough context (rough visit date, IP if you know it) so we can check the Cloudflare logs. Expect a reply within 30 days.

Changes to this policy

If the privacy model changes — for example if we add an opt-in newsletter — we will update this page and bump the "Last updated" date. Previous versions are preserved in the public git history at github.com/DB-Shadow/supplierspy_com.

About Terms of use How we score