2 Minute Read

Have you ever wondered how coupon extensions get your discount codes?

Coupon scraping extensions often position themselves as user-generated databases born out of a consensual sharing of codes and promotions. 

But in reality, the “permissions” that coupon extension users are granting to the extensions to scrape and share codes are buried in the legalese of the extension’s data collection policies (as opposed to being granted via an affirmative opt in).

This likely means users are unknowingly granting extensions permission to share codes discovered/earned on their own while the app runs silently in the background.

Here is more detail on how some of the most popular coupon extensions get their data on coupon codes.



Honey’s language explaining how it collects coupon data is included in its Data and Privacy policy. Here is the specific language:


“We look for coupon codes that are manually entered to identify coupons we may have missed. These coupons are only shared with other users if the original user gives us explicit permission to do so.”


What this means is that when a shopper with a coupon extension is active on your webpage, the extension will scrape the codes they enter manually and add them to a continuously growing database.

Honey implies in its data collection policy that this is only done with the consent of the original coupon code provider.

But in reality, the consent is not gathered via an affirmative opt-in, and there is no consent from merchants, who are the originators of the codes (unless those merchants have joined Honey’s partner program). 

In the example below, we entered a non-existent coupon, QQQWERTTTY, at checkout to see if Honey would collect it. 

The fake, but original, coupon was automatically parsed out by Honey and submitted for tracking, without any indication of an affirmative opt in. 

This is the code that shows what is happening:



In line two of the above code, the “reason” that Honey provides for collecting and storing the data is:

"reason": "Identify working coupons that we can ask users to share, helping improve coupon inventory for other users. For more information, please visit www.joinhoney.com/data-and-privacy."


Honey submits this data to joinhoney.com, where it is then shared with all of the extension’s users.


CapitalOne Shopping

CapitalOne Shopping uses similar language in its privacy policy:



"We may collect ... the coupons that you used (including information regarding whether or not a coupon or coupon code is valid or effective). We may also collect information on coupons and other discounts that you found using our Services, even if you do not use such coupons, so that we may share this coupon and discount information with other users”


In this case, the term “using our Services” means installing their extension and allowing it to track your inputs in the background as you shop online. This kind of language makes it seem as though CapitalOne Shopping is providing shoppers the means (their coupon app) to discover and share coupons, when in reality it is the other way around.

CapitalOne is less descriptive than Honey in terms of what it shows in its code (ie. no “reason” is cited), but it also collected the fake coupon QQQWERTTTY we entered during our test with no opt in. 

Here’s the code snippet:


So What?

The complicated nature of user agreements and data collection policies aside, even if users do consent to coupon extensions scraping and sharing manually entered codes, they still are not receiving the consent of the ecommerce merchant that is the codes’ original creator, distributor, and owner. 

We believe that ecommerce businesses should have the ability to control their own discount strategies, and that means controlling who gets to use your discount codes. This is the problem that cleanCART has set out to solve.