Privacy policy

Last updated: 4 May 2026

Who we are

Order-Bot is operated by Luke Durrant (contact@lukedurrant.com), an Australian sole trader. “We”, “us” and “our” in this policy refer to Order-Bot.

What this policy covers

• The Order-Bot website at au.openorder.bot
• The Order-Bot Price Compare browser extension (Chrome, Firefox, Safari)
• The Order-Bot API at au.openorder.bot/api/*

Data we collect

Account data

When you create an account we collect:

• Email address (used for login and account recovery)
• Password (stored hashed, never in plaintext — handled by Supabase Auth)
• Optional postcode (used to show postcode-specific prices)

Saved orders and lists

When you use the “Save cart” feature, the contents of that cart (product names, quantities, retailer) are stored against your account so you can re-open them later.

Browsing data captured by the extension

When you visit a supported retailer’s product, search or cart page (Woolworths, Coles, Aldi) and have the extension installed, the extension reads the publicly displayed product, price and pack data from that page and sends it to the Order-Bot API. This data is associated with your Order-Bot account (when signed in) and used to:

• show you the cross-retailer price comparison you requested
• improve the price-history dataset that other shoppers see when they visit the same product page

The extension does not collect:

• any data outside the retailer hosts and openorder.bot listed in the extension’s manifest
• form data, passwords, payment details, or anything you enter on a retailer site
• cookies from any retailer site
• your full browsing history

Server logs

Standard request logs (URL, IP address, user-agent, timestamp) are retained for 30 days for diagnostic and abuse-prevention purposes. They are not shared with third parties.

Telemetry

We use Mixpanel to track aggregated, anonymised product-usage events (e.g. “comparison panel rendered”, “cart saved”). We do not send Mixpanel any personally-identifiable information beyond a per-user pseudonymous ID.

How we use your data

• To operate the comparison and save-cart features you’ve asked for
• To improve the cross-retailer price dataset that powers the same features for other shoppers
• To detect and prevent abuse of the service
• To contact you about your account if you’ve asked us to (account recovery, service-affecting issues)

We do not use your data for behavioural advertising. We do not sell your data.

Where data is stored

All Order-Bot data is stored with Supabase, hosted in the ap-southeast-2(Sydney) region. Telemetry is sent to Mixpanel (United States).

Sharing with third parties

• Supabase — provides our database and auth. Privacy policy.
• Vercel — hosts the Order-Bot web app and API. Privacy policy.
• Mixpanel — aggregated product analytics only. Privacy policy.

We don’t share your data with any other third parties.

Your rights

You can:

• Request a copy of all data we hold about you
• Correct or update your data
• Delete your account and all associated data

Email contact@lukedurrant.com to make any of these requests. We’ll respond within 30 days.

Cookies and similar technologies

The Order-Bot website uses a single first-party authentication cookie set by Supabase when you sign in. The extension reads that cookie (and only that cookie) when sending API requests on your behalf. We do not use third-party tracking cookies.

Changes to this policy

We may update this policy from time to time. Material changes will be announced on the Order-Bot website. The “last updated” date at the top of this page reflects the most recent change.

Contact

Privacy questions or data requests: contact@lukedurrant.com