Privacy Policy

1. Data We Collect

We collect the following information when you use PriceOwl:

• Account information: email address and encrypted password
• Monitoring data: product URLs and competitor store URLs you add
• Price data: historical price records scraped from the URLs you provide
• Usage data: subscription plan, feature usage, and access logs

When monitoring URLs, our scraping service may incidentally encounter third-party content that contains personal data (for example, user reviews or seller names). This data is not stored persistently — only structured price and product information (price, title, availability) is retained.

2. How We Use Your Data

We use the data we collect to provide and improve the PriceOwl service, including running scheduled price checks, sending price change alerts, and managing your subscription. We do not sell your data to third parties.

3. Third-Party Services

We work with the following third-party providers to operate our service:

• Supabase — database, authentication, and file storage (EU/US)
• OpenAI — AI-powered price extraction from product pages
• Resend — transactional email delivery for alerts
• Paddle — payment processing and subscription management
• Railway — application hosting and infrastructure

Each provider processes data according to their own privacy policies and applicable data protection laws.

4. Data Retention

• Active accounts: personal data retained while your subscription is active
• After account deletion: email and credentials deleted within 30 days; price history deleted within 90 days
• Server access logs: retained for 30 days
• Database backups: retained for up to 30 days

5. Your Rights

You have the right to access, correct, or delete your personal data at any time. You can export your data or request account deletion by contacting us. We will respond to all requests within 30 days.

6. Children's Privacy

PriceOwl is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will delete it promptly.

7. GDPR & CCPA Rights

For EU/EEA residents (GDPR): You have the right to access, rectification, erasure, restriction of processing, data portability, and objection to processing of your personal data. Our legal bases for processing are: contract performance (account and subscription data), legitimate interest (analytics and security), and consent (marketing emails).

For California residents (CCPA): You have the right to know what personal information we collect and how it is used, to request deletion, to opt out of sale (we do not sell personal information), to correct inaccurate information, and to non-discrimination for exercising your rights.

To exercise any of these rights, email [email protected] with “Privacy Request” in the subject line. We will respond within 30 days.

8. Cookies

We use the following types of cookies:

• Essential cookies (no consent required): session management, authentication tokens, and security. These are required for the Service to function.
• Analytics cookies (consent required in EU): we currently use only Supabase's built-in analytics. We do not use third-party advertising trackers.

You can disable non-essential cookies in your browser settings. Disabling essential cookies will prevent you from logging in to the Service.

9. Data Security & Breach Notification

We protect your data using industry-standard security measures: TLS encryption in transit, encrypted storage via Supabase, and strict access controls.

In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the breach, consistent with our obligations under GDPR. The notification will describe the affected data and the remediation steps we are taking.