Privacy Policy

1. Who We Are

I Forgot The Coupons ("the Service", "we", "us") is operated by Hayper, LLC. This policy covers the I Forgot The Coupons website (iforgotthecoupons.com), iOS and Android apps, and the Chrome extension. We share a backend with our sister product I Forgot The List — anything you delete here is also deleted there.

If you are a California resident, see Section 8 (California Privacy Rights).

2. Information We Collect

• Account information: Email address and name when you create an account.
• Authentication identifiers: Tokens from our identity provider (WorkOS AuthKit).
• Store connection data: When you connect your Fred Meyer loyalty account, we access your digital coupons and purchase history through their website on your behalf. We never see or store your store password.
• Purchase history: Items, prices, store, and dates from your grocery receipts.
• Coupon activity: Which coupons are clipped to your loyalty card and which are redeemed.
• Device and usage data: Cookies, analytics events, and crash logs — see Section 3.

3. Analytics and Tracking

On the website, analytics is handled by Google Tag Manager (container GTM-TQSZ4BK7), which deploys Google Analytics 4 (G-GFRLCG8ZNW). The mobile apps use PostHog for product analytics.

On the web, neither Google Tag Manager nor Google Analytics loads until you grant analytics consent. You can change your choice any time from the Your Privacy Choices page or the "Do Not Sell or Share My Personal Information" link in the footer.

Cross-domain measurement is configured so visits between iforgotthecoupons.com and our sister site iforgotthelist.com count as a single session.

What we capture when consent is granted:

• Page views and referrer / source-medium (so we can see organic traffic, direct, and cross-domain hops).
• Feature events (e.g. store connected, coupon clipped, receipt imported).
• A pseudonymous device identifier so we can stitch sessions together.

We do not use Meta, TikTok, or Google Ads pixels. We do not deploy device fingerprinting.

4. Cookies

The website uses these cookies:

• iftc_consent — records your privacy preferences. Strictly necessary. 1-year lifetime.
• session, has_session — keep you signed in (if applicable). Strictly necessary. 30-day lifetime.
• _ga, _ga_GFRLCG8ZNW — Google Analytics 4. Distinguishes users and stitches sessions across iforgotthecoupons.com and iforgotthelist.com. Loaded only after consent. Up to 2 years.

5. Third-Party Data Recipients

• Google (Tag Manager + Google Analytics 4) — web analytics. Page views, referrer, source/medium, events, IP, user agent — only with consent. Used to understand organic traffic and cross-domain flow between iforgotthecoupons.com and iforgotthelist.com.
• PostHog — mobile product analytics. Not loaded on the web today.
• WorkOS — authentication. Receives email and sign-in events.
• Resend — transactional email.
• Stripe — payments for paid plans.
• Apple, Google — in-app subscription processing on mobile.
• RevenueCat — App Store / Google Play subscription state.
• Railway, Netlify — hosting. All stored data is encrypted at rest.
• Anthropic, OpenAI — AI features. Item names you process via AI are not used by the provider to train models.
• Fred Meyer (and other connected stores) — receive only your own credentials, used to act on your behalf on their site.

We do not sell your personal information, share it with advertisers, or rent it to data brokers.

6. Data Retention

• Account data — kept while your account is active.
• Purchase history and clipped coupons — kept until you delete them or your account.
• Session tokens — expire after 30 days of inactivity.
• Analytics events — up to 7 years in PostHog.
• Account deletion audit records — retained 7 years for legal recordkeeping.

7. Your Rights

You can:

• Access and export your data — sign in and visit Your Privacy Choices to download a JSON copy of your account data.
• Delete your account and data — from the mobile app, or sign in and use Your Privacy Choices. If you can't sign in, request deletion via the account deletion form.
• Withdraw or change consent — open Your Privacy Choices or the footer link any time.
• Disconnect store integrations — from app settings.

Authenticated deletion is immediate; the form-based path for non-signed-in users is processed within 7 business days.

8. California Privacy Rights (CCPA / CPRA)

California residents have the following rights:

• Right to know what we collect (Section 2), who we share it with (Section 5), and how we use it (Section 2).
• Right to access your data via the export tool.
• Right to delete your data via the deletion tool.
• Right to correct inaccurate data — contact privacy@iforgotthecoupons.com.
• Right to opt out of "sale" or "sharing" — use the Do Not Sell or Share My Personal Information link in the footer. We don't sell data for money, but analytics tags routed through third parties may meet California's broad definition of "share" — opting out turns those off.
• Right to non-discrimination — we will not charge you a different price or provide a different level of service for exercising your privacy rights.

We do not knowingly sell or share the personal information of consumers under 16.

9. Children's Privacy

The Service is not intended for users under 13 years of age. If you believe a child has provided us with personal information, contact us at privacy@iforgotthecoupons.com and we will delete it.

10. Data Security

• All data in transit uses TLS/HTTPS.
• Database is encrypted at rest.
• Session tokens use HMAC signing; JWTs are validated server-side.
• Access to production data is limited to authorized personnel.

11. Changes to This Policy

We may update this policy. Material changes will be announced in the app or by email. The "Last Updated" date at the top of this page always reflects the current version.

12. Contact

• Privacy questions: privacy@iforgotthecoupons.com
• General support: info@iforgotthecoupons.com

I Forgot The Coupons and I Forgot The List are both by Hayper, LLC.