Skip to content
MyGlobalTote
← Back

Privacy Policy

Last updated: May 13, 2026

1. Introduction

MyGlobalTote ("we," "us," or "our"), operated by My Global Tote LLC, provides a personal shopping organization service that lets you save and organize products from across the web. This Privacy Policy explains what information we collect, how we use it, and the rights you have over it. This Policy applies when you use our Service, including our website, browser extension, and any related interfaces or tools we operate. Where specific processing activities require your consent, we will obtain it separately and in accordance with applicable law.

2. Information We Collect

  • Account information: email address and authentication credentials (including identifiers from third-party sign-in providers such as Google or Apple, if you choose to use them).
  • Saved items: product titles, prices, URLs, images, notes, folders, and timestamps you save to your tote.
  • Extension activity: when you use the MyGlobalTote browser extension, we receive the product page metadata you choose to save (URL, title, price, image). The extension requests access only to the active tab when you initiate a save action. It does not passively browse, collect browsing history, capture form data or keystrokes, or transmit pages you do not explicitly save.
  • Device & usage data: IP address, browser type, device identifiers, pages viewed, and interaction events used for security, debugging, and product analytics.
  • Cookies & similar technologies: used for session management and preferences. For details on the specific cookies we use, their purposes, and their durations, please see our Cookie Policy.
  • Information from third parties: If we receive personal data from third-party partners (such as affiliate network providers like Skimlinks), we will process that data in accordance with this Policy.

We do not intentionally collect sensitive personal information (such as racial or ethnic origin, health data, biometric data, or financial account numbers) unless a specific feature requires it and we provide you with a separate notice at the point of collection.

Our current sub-processor categories include: backend infrastructure (Supabase / Lovable Cloud), privacy-friendly product analytics (Plausible Analytics), affiliate link attribution (Skimlinks), and transactional email delivery. A current list of sub-processors is available upon request by contacting us at the email listed in Section 16 below.

3. How We Use Information

  • Provide, maintain, and improve the service (legal basis: performance of a contract).
  • Authenticate users and secure accounts (legal basis: performance of a contract; legitimate interest in security).
  • Communicate with you about your account, updates, or support requests (legal basis: performance of a contract; legitimate interest in customer service).
  • Send promotional or product communications where you have opted in (legal basis: consent; you may withdraw consent at any time via your account email preferences).
  • Generate aggregated, de-identified analytics about shopping trends, popular products, retailers, categories, and pricing patterns (legal basis: legitimate interest in understanding usage trends and improving our service).
  • Detect, prevent, and address fraud, abuse, and technical issues (legal basis: legitimate interest in maintaining security and integrity; legal obligation).
  • Comply with legal obligations, respond to lawful requests, and protect our rights (legal basis: legal obligation; legitimate interest).

4. Aggregated and De-Identified Data

We may compile aggregated, de-identified data derived from saved items and usage activity — for example, popular products, average price points, category trends, and retailer performance across our user base. We may license or otherwise make available this aggregated data to third parties (such as retailers, brands, market researchers, and analytics partners) for commercial purposes.

Aggregated data does not include your name, email, account identifier, IP address, or any other information that directly identifies you. We process this data using methods designed to render it anonymous within the meaning of applicable law, including removal of direct and indirect identifiers and aggregation to minimum thresholds, so that it cannot reasonably be used to re-identify any individual. In accordance with the California Consumer Privacy Act, we (a) have implemented technical safeguards that prohibit re-identification, (b) have implemented business processes that specifically prohibit re-identification, (c) have implemented business processes to prevent inadvertent release of de-identified information, and (d) make no attempt to re-identify the information.

5. How We Share Personal Information

We do not sell or rent personal information that identifies you. We share personal information only with:

  • Service providers (such as hosting, database, authentication, email, and analytics providers) under contract to process data on our behalf and subject to confidentiality obligations. A current list of sub-processor categories is available upon request.
  • Legal authorities when required by law, subpoena, court order, or governmental regulation, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a lawful government request.
  • Successors in connection with a merger, acquisition, reorganization, or sale of assets. In such an event, the acquiring entity will be bound by the terms of this Privacy Policy with respect to personal information collected prior to the transaction, or we will notify you and provide you with choices regarding your personal information before it is transferred and becomes subject to a different privacy policy.

6. Affiliate Links

Some outbound links on MyGlobalTote — including links on our Tote Team Picks page — are affiliate links, processed through partners such as Skimlinks. If you click one and make a purchase, we may earn a small commission at no additional cost to you. We may receive aggregated commission reports from these networks. These affiliate relationships are commercial arrangements governed by FTC endorsement guidelines and do not involve the sharing of your personal information with affiliate partners beyond what is described in Section 5 above. See our Affiliate Disclosure for full details.

7. Data Retention

We retain personal information for as long as your account is active or as needed to provide the service. Upon account termination or deletion, we delete or anonymize your personal information — including saved items and account records — typically immediately and in any event within 30 days, except where a longer retention period is required or permitted by applicable law for fraud prevention, legal compliance obligations, or the exercise or defense of legal claims.

Device and usage data (such as IP addresses and interaction events) is retained for 30 days following account termination or deletion, subject to the same exceptions described above.

Aggregated, de-identified data that no longer identifies or is reasonably linkable to any individual may be retained indefinitely.

Residual copies of deleted personal information may persist in encrypted backup systems for a limited period. We do not actively use backup copies for any purpose other than disaster recovery, and such copies are overwritten in the ordinary course of our backup rotation cycle.

8. Security

We use industry-standard safeguards including encryption in transit, row-level access controls, and authenticated APIs. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security. We maintain administrative, technical, and physical security measures designed to protect personal information against unauthorized access, destruction, loss, alteration, or misuse.

9. Your Rights — GDPR (EU/UK)

If you are in the European Economic Area or United Kingdom, you have the right to:

  • Access, correct, or delete your personal data.
  • Restrict or object to processing, including profiling. Where processing is based on our legitimate interests, you may object at any time and we will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
  • Data portability — receive a copy of your data in a structured, commonly used, and machine-readable format.
  • Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing that occurred before withdrawal.
  • Lodge a complaint with your local supervisory authority.

Our legal bases for processing are described alongside each processing purpose in Section 3 above.

We will respond to data subject access requests within one month of receipt. If a request is complex or we receive a high volume of requests, we may extend the response period by up to two additional months, in which case we will notify you of the extension and the reasons for it within the initial one-month period.

We believe that our processing of EU/UK personal data is occasional and small-scale in nature, and accordingly we have not appointed a representative under GDPR Article 27. We will reassess this determination as our user base evolves and will appoint a representative if and when required.

To exercise any of your rights, contact us at the email listed in Section 16 below.

10. Your Rights — CCPA/CPRA (California)

California residents have the right to:

  • Know what personal information we collect, use, and disclose, including the categories and specific pieces of personal information collected, the categories of sources, the business or commercial purposes for collection, and the categories of third parties with whom we share personal information.
  • Request deletion of personal information.
  • Correct inaccurate personal information.
  • Opt out of the "sale" or "sharing" of personal information. We do not sell personal information that identifies you; the aggregated, de-identified data we license to third parties is not "personal information" under the CCPA.
  • Limit the use of sensitive personal information.
  • Non-discrimination for exercising your rights.

California residents may also designate an authorized agent to submit requests on their behalf. To do so, you must provide the authorized agent with written permission and verify your identity directly with us, or the authorized agent must provide proof of power of attorney.

We will respond to verifiable consumer requests within 45 days of receipt. If we require additional time, we will notify you in writing within the initial 45-day period and may extend the response period by an additional 45 days.

To exercise any right, contact us at the email listed in Section 16 below.

11. Your Rights — Other U.S. State Privacy Laws

Residents of states with applicable comprehensive privacy laws (including but not limited to Virginia, Colorado, Connecticut, Texas, Oregon, and Montana) may have similar rights to access, correct, delete, and port their personal data, and to opt out of certain processing activities. We are committed to honoring the privacy rights available to you under the laws of your state of residence. To exercise any applicable right, contact us at the email listed in Section 16 below, and we will respond within the timeframe required by your state's law.

12. Children

The service is not directed to children under 13 (or under 16 in the EEA), and we do not knowingly collect their information. If we become aware that we have collected personal information from a child under the applicable age threshold, we will take prompt steps to delete that information. If you believe we have inadvertently collected information from a child, please contact us at the email listed in Section 16 below.

13. International Transfers

We are based in the United States. If you access our service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States and other countries where our service providers operate. These countries may have data protection laws that differ from those of your jurisdiction.

Where required by applicable law, we rely on appropriate transfer mechanisms recognized under the GDPR and UK GDPR to safeguard personal data transferred outside the European Economic Area or United Kingdom, including but not limited to Standard Contractual Clauses approved by the European Commission (and, for UK transfers, the UK International Data Transfer Addendum), adequacy decisions, and other lawful transfer mechanisms as applicable. You may request a copy of the applicable transfer mechanism by contacting us at the email listed in Section 16 below.

14. Browser Extension

The MyGlobalTote browser extension (available for Chrome and other Chromium-based browsers) is an optional companion tool that lets you save products from any online store to your tote with one click. This section describes how the extension handles your data, in addition to the general practices described above.

What the extension stores locally on your device:

  • Authentication session: after you sign in through the extension popup, your MyGlobalTote session token (issued by our backend) is stored using the browser's chrome.storage.local API so you remain signed in between visits. The token is sent only to MyGlobalTote's backend and is removed when you sign out.
  • Your preferences: the extension's settings (such as auto-save, prompt-after-checkout, and auto-remove toggles) are stored locally on your device and are not transmitted to us.

What the extension sends to MyGlobalTote:

  • Product details you choose to save: when you click the save button on a product page, the extension reads the product name, price, image URL, and the page URL from the active tab and sends them to your MyGlobalTote account so they appear in your dashboard.
  • Purchase confirmations: if you choose to mark items as purchased after checkout, the extension sends the corresponding item IDs and the source domain to your account.

What the extension does NOT do:

  • It does not read or transmit your browsing history.
  • It does not capture form data, passwords, payment details, or keystrokes.
  • It does not read pages in the background — page content is only read when you explicitly trigger a save or when the on-page save button is rendered on a recognized product page.
  • It does not sell your data, share it with advertisers, or use it for advertising or behavioral profiling.
  • It does not inject ads or modify merchant pages beyond rendering the MyGlobalTote save button.

Permissions we request and why:

  • storage — to keep you signed in and remember your extension preferences locally.
  • activeTab — to read product information from the tab you are actively viewing when you click save.
  • scripting — to inject the save button and the product-extraction logic into merchant pages.
  • host_permissions: <all_urls> — because users save products from many different online stores, the extension must be able to operate across any merchant domain. It does not run analytics or tracking on the sites it has access to.

You can uninstall the extension at any time from your browser's extensions page, which also removes all locally stored extension data. Removing the extension does not delete your MyGlobalTote account or any items already saved to your tote — to delete those, use the account-deletion controls in your dashboard or contact us at the address in Section 16 below.

15. Changes to This Policy

We may update this Policy from time to time. Material changes will be posted on this page with a new "Last updated" date, and where reasonably practicable we will notify you of material changes by email or in-app notification. Your continued use of the service after the effective date of any updated Policy constitutes your acceptance of the revised terms. We encourage you to review this Policy periodically.

16. Contact

Questions or privacy requests:
My Global Tote LLC
Dallas, Texas
info@myglobaltote.com

This Privacy Policy is available in alternative formats upon request.