Privacy Policy
What we collect, what we don't, and who owns it
Effective July 1, 2026. Rialto Commerce LLC (“Aralto”) is the operator of this service and the legal party responsible for your data. Short version: you own your intent data, we hash what we can, and we never sell any of it.
What we collect
- Purchase intents. The text you (or your agent) submit, the structured version we parse from it, and the session id that ties your searches to your clicks. Intent data belongs to you; we use it to resolve offers and for nothing else.
- Clicks. When you follow an offer link we log the offer, the time, your browser's user-agent string, and a salted one-way hash of your IP address. We do not store raw IP addresses on clicks.
- Conversions. Affiliate networks report order id, order value, and commission when a tracked purchase happens. We never see your card number, checkout details, or shipping address — checkout happens entirely with the merchant.
- Account data. If you sign in: your email, and the payout email you choose for rebates.
What we don't do
- No sale or rental of personal data, ever.
- No transmission of your budget or willingness-to-pay to merchants or supply networks.
- No advertising trackers or third-party analytics pixels on this site.
- No storage of payment credentials — we are not in the payment flow.
Who we share with
Service providers that host our infrastructure (hosting, database, cache), and affiliate networks — which receive only a click reference id (never your identity) so purchases can be attributed. Aggregate payout totals are public by design; they contain no personal data.
Retention & your rights
Intents and clicks are kept while your account is active and for up to 24 months after, then deleted or anonymized. Ledger entries are retained as financial records. You can request a copy or deletion of your data at privacy@aralto.exchange; we answer within 30 days. Where GDPR or CCPA applies, you also have the rights to correction, portability, and to opt out of "sharing" — which we don't do in the first place.
Cookies
One first-party value in your browser's local storage holds your session id, and a cookie keeps you signed in if you create an account. That's the complete list.
Changes
We'll post changes here with a new effective date; material changes get a notice on the homepage.