Privacy Policy

1.1 The controller within the meaning of the General Data Protection Regulation (GDPR) and other data protection provisions is: Data Illusion Studios, Konfuziusweg 12, 59494 Soest, Germany. Contact: Via the contact form at /legal/contact.

1.2 This Privacy Policy informs you about the type, scope, and purpose of the collection and processing of personal data when using the online service Undercut Price Monitor (hereinafter "Service").

2.1 We process personal data on the following legal bases:

• Art. 6(1)(a) GDPR — Consent of the user
• Art. 6(1)(b) GDPR — Performance of a contract or pre-contractual measures
• Art. 6(1)(c) GDPR — Compliance with a legal obligation
• Art. 6(1)(f) GDPR — Legitimate interests

3.1 Account Data (Registration)

• Email address
• Hashed password (never stored in plain text)
• Full name (optional)
• Company name (optional)
• Preferred language and timezone

3.2 Usage Data

• Product names, prices, and URLs you enter
• Competitor URLs and associated settings
• Collected price data and notification history
• Notification settings and preferences

3.3 Technical Data (Automatically Collected)

• IP address (not permanently stored)
• Browser type and version
• Operating system
• Date and time of access

3.4 Contact Form and Feedback

When you contact us via the contact form or the feedback widget, the message content is forwarded to our email address. No personal data (such as email address or IP address) is transmitted along with the message. The communication is anonymous.

3.5 Anonymous Error Reporting

To improve our Service and fix technical issues quickly, Undercut Price Monitor automatically sends anonymous error reports when technical problems occur. These reports contain only:

• The error message and technical stack trace
• The page and route where the error occurred
• Timestamp of the error
• Browser type (user agent) and screen size
• An anonymous, randomly generated session hash (not traceable to your identity)

No personal data (such as email address, name, or IP address) is included in these reports. Error reports are sent exclusively to our development team and are used solely for debugging purposes. The legal basis for this is Art. 6(1)(f) GDPR (legitimate interest in the technical stability and improvement of the Service).

3.6 Usage Activities and Analytics

To improve the Service and detect technical issues early, we collect certain usage activities of authenticated users. These include:

• Manual and automatic price checks (timestamp, result, method used)
• File imports and exports (format, number of products)
• Creation of products and competitors
• Changes to notification settings

This data is linked to your user ID and is used exclusively for analysis and improvement of the Service. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in improving and ensuring the functionality of the Service).

3.7 Anonymous Page Views

We collect anonymous page views to analyze the usage of our website. The following data is collected:

• Visited page (URL path)
• Visitor country (derived from server infrastructure, not from IP address)
• Language setting and screen width
• Anonymous session hash (not traceable to your identity, generated per browser session)
• Authentication status (whether logged in or not, without user identification)

No cookies are used for page analytics. The IP address is not stored. This data is evaluated exclusively in aggregate. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in analyzing website usage).

3.8 Payment and Subscription Data

When you subscribe to a paid plan, the following data is processed:

• Stripe customer ID (stored in your profile)
• Subscription status, plan, billing period, and expiration dates
• Trial period information (trial start and end dates)
• Cancellation and refund status

Credit card numbers, bank details, and other payment information are not stored by the Provider. This data is processed exclusively by Stripe Inc. (see Section 5.2). The legal basis is Art. 6(1)(b) GDPR (contract performance).

We process your data exclusively for the following purposes:

• Provision and operation of the Service (contract performance)
• Authentication and account management
• Price monitoring and notifications
• Communication related to the Service
• Technical security and abuse prevention
• Improvement of the Service (based on aggregated, anonymized data)

5.1 We do not sell, rent, or trade your personal data under any circumstances.

5.2 We use the following data processors to provide the Service:

• Supabase Inc. — Database hosting and authentication (headquartered in USA; data processing based on EU Standard Contractual Clauses)
• Vercel Inc. — Web hosting and application delivery (headquartered in USA; data processing based on EU Standard Contractual Clauses)
• Resend Inc. — Sending email notifications (headquartered in USA; data processing based on EU Standard Contractual Clauses)
• Stripe Inc. — Payment processing for paid subscriptions (headquartered in USA; data processing based on EU Standard Contractual Clauses). The following data is transmitted to Stripe: email address, your internal user ID, and the selected plan information. Payment data (credit card number, bank details) is processed and stored exclusively by Stripe — the Provider does not have access to this data. The legal basis is Art. 6(1)(b) GDPR (contract performance).

5.3 Transfer to third countries only takes place on the basis of appropriate safeguards pursuant to Art. 46 GDPR (in particular EU Standard Contractual Clauses) or on the basis of an adequacy decision by the EU Commission pursuant to Art. 45 GDPR.

6.1 We use technically necessary cookies that are required for the operation of the Service and authentication. These cookies do not contain personal data and are deleted at the end of the session or after a defined period.

6.2 We do not use marketing or advertising cookies. No data is shared with advertisers or third-party analytics services.

6.3 When you first visit our website, a consent banner is displayed through which you can grant or refuse your consent to the following optional processing categories:

• Analytics — anonymous page view tracking and visitor statistics (see Section 3.7)
• Usage Analytics — tracking of feature usage such as price checks, imports, and exports (see Section 3.6)
• Error Reporting — automatic anonymous error reports (see Section 3.5)

6.4 The optional categories are only activated after your explicit consent (legal basis: Art. 6(1)(a) GDPR). Your consent is stored in your browser's local storage and can be revoked at any time by clearing your browser data.

6.5 Mere inaction or ignoring the consent banner does not constitute valid consent. The optional processing activities will not be carried out in this case.

7.1 Your account data is stored for the duration of the contractual relationship and irrevocably deleted within 30 days after deletion of your account.

7.2 Price histories are stored according to the respective plan (currently: 90 days in the Free plan). Older data is automatically and irrevocably deleted.

7.3 Statutory retention obligations (e.g., tax law obligations under AO, HGB) remain unaffected.

8.1 We implement industry-standard technical and organizational measures to protect your personal data, in particular:

• Encryption of data transmission via TLS/SSL
• Database encryption at rest
• Secure password storage through hashing (bcrypt)
• Strict access control through Row Level Security (RLS)
• Regular security updates of deployed software

8.2 Despite these measures, absolute security cannot be guaranteed. In the event of security vulnerabilities becoming known, affected users will be informed immediately.

You have the following rights under the GDPR:

• Right of Access (Art. 15 GDPR) — You have the right to request information about the personal data we process.
• Right to Rectification (Art. 16 GDPR) — You have the right to request the correction of inaccurate data or the completion of incomplete data.
• Right to Erasure (Art. 17 GDPR) — You have the right to request the deletion of your personal data, provided no statutory retention obligations exist. You can delete your account and all associated data at any time via the account settings.
• Right to Restriction of Processing (Art. 18 GDPR) — You have the right to request the restriction of processing of your data under certain conditions.
• Right to Data Portability (Art. 20 GDPR) — You have the right to receive your data in a structured, commonly used, and machine-readable format.
• Right to Object (Art. 21 GDPR) — You have the right to object to the processing of your data at any time if the processing is based on Art. 6(1)(f) GDPR.
• Right to Withdraw Consent (Art. 7(3) GDPR) — If processing is based on consent, you may withdraw this consent at any time with effect for the future.

To exercise your rights, please contact us via the contact form at /legal/contact.

12.1 We reserve the right to adapt this Privacy Policy to accommodate changes in the legal situation or when the Service or data processing changes.

12.2 The current version applies at all times. The date of the last update is stated at the top of this page.