Skip to main content

Privacy Policy

Last updated: April 4, 2026

1. Introduction

HabanoFinder ("we," "us," or "our") operates the website habanofinder.com (the "Service"). This Privacy Policy describes how we collect, use, store, and disclose your personal information when you use the Service.

We believe in transparency. This policy is written to give you a clear, honest understanding of what data we collect and why. By using the Service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

  • Account Information: When you create an account, we collect your email address and a password. Your password is stored using industry-standard one-way hashing and is never stored in plain text.
  • Profile Preferences: Alert preferences, saved searches, watchlist items, and newsletter opt-in status.
  • Reviews and Content: Text reviews, star ratings, and other content you submit about third-party retailers.
  • Communications: Information you provide when contacting us for support or inquiries.
  • Payment Information: If you subscribe to a premium plan, payment is processed by Stripe, a third-party payment processor. We do not store your full credit card number, CVV, or other sensitive payment details on our servers. Stripe may provide us with a partial card number (last four digits), card brand, and expiration date for your records.
  • Phone Number: If you opt in to SMS alerts, we collect your phone number to deliver text message notifications via Textbelt, a third-party SMS provider.

2.2 Information Collected Automatically

When you use the Service, we automatically collect the following information. We want to be upfront about this: our server logs and analytics systems record more than just page views.

IP Address Logging

We log your IP address with every request to our API and website. We use IP addresses for security (detecting abuse and unauthorized access), rate limiting (preventing automated misuse), and analytics (understanding geographic usage patterns). IP addresses in request logs are rotated and deleted after 90 days. IP addresses associated with your account (such as login history) are retained for the lifetime of your account.

Search Query Tracking

We log every search query you perform on the Service, including the search terms, filters applied (brand, price range, retailer, stock status), sort order, and result count. If you are logged in, this data is associated with your account. If you are not logged in, it is associated with your IP address and session. We use this data to improve search relevance, understand which cigars are most sought-after, and improve the Service.

Outbound Click Tracking

When you click a "Buy" or similar link that takes you to a third-party retailer website, we log that click before redirecting you. We record which product you clicked, which retailer, the listed price at the time of click, and the timestamp. We use this data to understand which retailers and products are most popular and to improve our comparison results.

Pageview Tracking

We track which pages you visit on the Service, including brand pages, cigar detail pages, retailer pages, and account pages. This helps us understand how users navigate the Service and which content is most valuable.

Login History

When you log in to your account, we record the login event including your IP address, user agent (browser and operating system information), and timestamp. We retain login history for the lifetime of your account. This data is used for security purposes, including detecting unauthorized access to your account.

API Request Logging

All requests to our API are logged. Logs include the request path, HTTP method, response status code, response time, your IP address, and your user agent string. These logs are used for performance monitoring, debugging, and security analysis. API request logs are automatically rotated and deleted after 90 days.

Device and Browser Information

With every request, your browser automatically sends us information including browser type and version, operating system, device type, screen resolution, and language preference. This information is included in our request logs and analytics data.

Cookies and Local Storage

We use cookies and browser local storage. See our Cookie Policy for full details. In summary, we use cookies for authentication session management, CSRF protection, and cookie consent tracking. We use browser localStorage to store your dark mode preference and authentication tokens.

3. Email Tracking

Emails we send you -- including in-stock alerts, price drop notifications, and newsletters -- may contain tracking technologies such as tracking pixels and tracked links. These allow us to determine whether an email was opened and which links within the email were clicked. We use this information to measure the effectiveness of our email communications and to improve future emails.

You can prevent email open tracking by configuring your email client to block remote images. You can avoid link tracking by copying and pasting URLs directly rather than clicking them. You may also unsubscribe from all non-essential emails at any time.

4. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Create and manage your user account
  • Send in-stock alerts, price drop notifications, and other requested email and SMS notifications
  • Send newsletters (only if you have opted in; you may unsubscribe at any time)
  • Process premium subscription payments through Stripe
  • Display and manage user-submitted retailer reviews
  • Analyze search queries, click patterns, and pageviews to improve search relevance, features, and user experience
  • Generate aggregate, non-identifying analytics (e.g., most-searched cigars, most-clicked retailers) to improve the Service
  • Enforce rate limits and prevent automated abuse of the Service
  • Detect, prevent, and address technical issues, fraud, or abuse
  • Protect the security of your account through login history monitoring
  • Comply with legal obligations

5. Data Sharing and Third-Party Services

We do not sell, rent, or trade your personal information to third parties. We share your information only with the following third-party service providers, who process it on our behalf:

  • Stripe (Payment Processing):If you subscribe to a premium plan, your payment information is transmitted directly to Stripe for processing. Stripe's use of your data is governed by their Privacy Policy.
  • Textbelt (SMS Delivery):If you opt in to SMS alerts, your phone number and alert content are transmitted to Textbelt for message delivery. Textbelt's use of your data is governed by their privacy policy.
  • Cloudflare Turnstile (Bot Protection):We use Cloudflare Turnstile to protect forms (such as registration and login) from automated abuse. Turnstile may collect and process information about your browser and interaction patterns to distinguish human users from bots. Cloudflare's use of your data is governed by their Privacy Policy.
  • Email Delivery: We use a third-party email service (Microsoft 365) to deliver transactional emails (alerts, account notifications) and newsletters.
  • Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request.
  • Protection of Rights: We may disclose information to protect the rights, property, or safety of HabanoFinder, our users, or the public.
  • Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.

When you click through to a third-party retailer website from HabanoFinder, you leave our Service. We are not responsible for the privacy practices of those third-party sites and encourage you to read their privacy policies.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account Data: Retained until you delete your account or request deletion.
  • Search History and Click Data: Retained indefinitely to improve the Service, provide personalized results, and generate aggregate analytics. You may request deletion at any time.
  • Pageview and Analytics Data: Retained indefinitely in aggregate form. Individual pageview records associated with your account are deleted upon account deletion.
  • Login History: Retained for the lifetime of your account. Deleted upon account deletion.
  • API Request Logs: Automatically rotated and deleted after 90 days.
  • Server Logs (access logs, error logs): Automatically rotated and deleted after 90 days.
  • Reviews: Published reviews remain visible even after account deletion, but will be anonymized (author name removed).
  • Payment Records: Retained as required by applicable tax and financial regulations.
  • Email Tracking Data: Open and click tracking data from emails is retained indefinitely in aggregate form.

After account deletion, we may retain certain anonymized or aggregated data that can no longer be used to identify you.

7. Data Security

We implement reasonable technical and organizational security measures to protect your personal information, including:

  • Encryption of data in transit using TLS/SSL (HTTPS)
  • One-way hashing of passwords using industry-standard algorithms
  • Access controls limiting who can access personal data
  • Regular security reviews and updates
  • Rate limiting to prevent brute-force attacks on authentication endpoints

However, no method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee its absolute security.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

8.1 All Users

  • Access: Request a copy of the personal information we hold about you, including search history, click data, login history, and analytics data associated with your account.
  • Correction: Request that we correct inaccurate or incomplete personal information.
  • Deletion: Request that we delete your personal information, including search history, click tracking data, login history, and pageview data. Upon receiving a verified deletion request, we will delete your personal data within 30 days, except where retention is required by law. Anonymized aggregate data (which cannot identify you) may be retained.
  • Opt-Out of Email Tracking: Configure your email client to block remote images to prevent open tracking. Copy and paste URLs rather than clicking tracked links.
  • Opt-Out of Newsletters: Unsubscribe from newsletters and marketing communications at any time using the unsubscribe link in any email.
  • Opt-Out of SMS Alerts: Disable SMS alerts in your account settings or reply STOP to any SMS message.
  • Account Deletion: Delete your account through your account settings or by contacting us. This will trigger deletion of all personal data associated with your account per the retention schedule above.

To exercise any of these rights, contact us at a@ronschlegel.com. We will respond within 30 days.

8.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to know what personal information we collect, use, and disclose about you. This includes the categories described in Section 2 (account data, search queries, click data, IP addresses, device information, login history, and pageview data).
  • The right to request deletion of your personal information.
  • The right to opt out of the sale of your personal information. We do not sell your personal information.
  • The right to non-discrimination for exercising your privacy rights.

To exercise your CCPA rights, contact us at a@ronschlegel.com. We will respond to verifiable consumer requests within 45 days.

8.3 European Economic Area Residents (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

  • Legal Basis: We process your personal data based on your consent (account creation, newsletter opt-in, SMS opt-in), contractual necessity (providing the Service), and legitimate interests (improving the Service, security, fraud prevention, and analytics).
  • Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format. This includes your account data, search history, click data, and reviews.
  • Right to Object: You have the right to object to processing of your personal data based on legitimate interests, including analytics and tracking described in this policy.
  • Right to Restrict Processing: You have the right to request that we restrict processing of your personal data under certain circumstances.
  • Supervisory Authority: You have the right to lodge a complaint with a supervisory authority in your member state.

To exercise your GDPR rights, contact us at a@ronschlegel.com. We will respond within 30 days.

9. Children's Privacy

The Service is not intended for use by anyone under the legal tobacco purchasing age in their jurisdiction. We do not knowingly collect personal information from minors. If we become aware that we have collected personal information from a minor, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in the United States, where our servers are located. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in a country where data protection laws may differ from those in your jurisdiction. Third-party services we use (Stripe, Textbelt, Cloudflare) may also process your data in jurisdictions outside your own.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page with a revised "Last updated" date. For significant changes, we may also notify registered users by email.

Your continued use of the Service after any changes constitutes acceptance of the revised Privacy Policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

HabanoFinder Privacy Inquiries
Email: a@ronschlegel.com