PriceSentry.io - AI-Powered Pricing Guardian

1. Controller Information

Data Controller: Umai Tech AB
Organization Number: [Swedish org. number]
Address: Stockholm, Sweden
Email: privacy@pricesentry.io
Data Protection Officer: dpo@pricesentry.io

PriceSentry.io ("we," "our," or "us") is an AI-powered pricing intelligence platform that monitors competitor prices through web scraping and provides automated analysis. This Privacy Policy explains how we collect, use, process, and disclose personal data when you use our services, in compliance with the General Data Protection Regulation (GDPR) and Swedish data protection law.

2. Personal Data We Process

2.1 Data You Provide Directly

Account Information: Email address, name, company name, password (hashed)
Product Data: Product names, categories, SKUs, your pricing information
Competitor Monitoring: URLs of competitor websites you want to monitor
Alert Preferences: Email addresses, Slack webhook URLs for notifications
Payment Information: Processed by Stripe (we store only subscription status and metadata)
Communication Data: Support requests, feedback, correspondence

2.2 Data We Collect Automatically

Technical Data: IP address, browser type, operating system, device identifiers
Usage Data: Pages visited, features used, time spent, click patterns
Performance Data: Error logs, response times, system performance metrics
Authentication Logs: Login attempts, session data, security events

2.3 Data from Third-Party Sources

Publicly Available Pricing Data: Competitor prices and product information from publicly accessible websites
OAuth Authentication: Profile information from Google when you sign in with Google
AI Processing Results: Analysis results from OpenAI and Anthropic (no personal data shared with these services)

3. Legal Basis for Processing

Purpose	Legal Basis (GDPR Art.)	Retention Period
Account management and authentication	Contract performance (6(1)(b))	Until account deletion + 30 days
Price monitoring and scraping	Legitimate interests (6(1)(f))*	Duration of subscription + 12 months
AI-powered analysis and insights	Contract performance (6(1)(b))	Duration of subscription + 12 months
Email and Slack notifications	Consent (6(1)(a))	Until consent withdrawn
Payment processing	Contract performance (6(1)(b))	7 years (tax requirements)
Security and fraud prevention	Legitimate interests (6(1)(f))	6 months
Legal compliance and tax	Legal obligation (6(1)(c))	7 years

*See Section 11 for detailed legitimate interests assessment

4. How We Use Your Personal Data

4.1 Core Service Provision

Monitor competitor prices through automated web scraping (respecting robots.txt and rate limits)
Generate AI-powered pricing insights and recommendations
Provide real-time price change alerts via email and Slack
Create analytics dashboards and trend analysis
Maintain user accounts and subscription management

4.2 Service Improvement

Analyze usage patterns to improve our algorithms and user experience
Monitor system performance and identify technical issues
Develop new features based on user behavior and feedback
Ensure service security and prevent fraudulent activities

5. Data Sharing and Third-Party Processors

We do not sell personal data. We share data only with the following processors under strict data processing agreements:

5.1 Essential Service Providers

Service Provider	Purpose	Data Transferred	Location	Safeguards
Supabase	Database and authentication	Account data, usage data	EU (Ireland)	GDPR compliance, EU hosting
Vercel	Web hosting and CDN	Technical data, logs	EU/US	DPA, EU hosting option
ScrapingBee	Web scraping infrastructure	URLs to scrape (no personal data)	EU/US	DPA, legitimate interests
OpenAI	AI analysis of pricing data	Anonymized pricing data only	US	DPA, data anonymization
Anthropic	AI analysis of pricing data	Anonymized pricing data only	US	DPA, data anonymization
Stripe	Payment processing	Payment and subscription data	EU/US	PCI DSS, adequacy decision
SendGrid	Email notifications	Email addresses, notification content	US	DPA, SCCs

5.2 Legal Disclosure

We may disclose personal data if required by Swedish or EU law, court orders, or to protect our rights, property, or safety, or that of our users or the public.

6. International Data Transfers

Some of our service providers are located outside the EU/EEA. We ensure adequate protection through:

EU Adequacy Decisions: Transfers to countries with adequacy decisions (UK, Canada)
Standard Contractual Clauses (SCCs): EU-approved contractual safeguards for US providers
Data Processing Agreements: Binding agreements with all processors
Data Minimization: Only necessary data is transferred, often anonymized
EU Hosting Preference: Primary data storage in EU data centers where possible

7. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR:

Right of Access (Art. 15)

Request copies of your personal data and information about how we process it.

Contact: privacy@pricesentry.io | Response time: 30 days

Right to Rectification (Art. 16)

Correct inaccurate personal data or complete incomplete data.

Available in dashboard settings or email us

Right to Erasure (Art. 17)

Request deletion of your personal data (with certain exceptions).

Account deletion available in settings

Right to Restrict Processing (Art. 18)

Request limitation of processing in certain circumstances.

Contact privacy@pricesentry.io

Right to Data Portability (Art. 20)

Receive your data in a structured, machine-readable format.

Export available in dashboard or contact us

Right to Object (Art. 21)

Object to processing based on legitimate interests or for direct marketing.

Notification settings or email privacy@pricesentry.io

Right to Withdraw Consent

Withdraw consent for processing based on consent.

Available in notification preferences

How to Exercise Your Rights: Email privacy@pricesentry.io or use the data rights form in your account settings. We will respond within 30 days and may request identity verification for security.

8. Data Security and Technical Measures

We implement comprehensive technical and organizational measures to ensure data security:

8.1 Technical Safeguards

Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
Access Controls: Role-based access, multi-factor authentication, regular access reviews
Network Security: Firewalls, intrusion detection, secure API endpoints
Database Security: Row-level security policies, encrypted connections, audit logging
Password Security: Bcrypt hashing, strong password requirements

8.2 Organizational Measures

Staff Training: Regular GDPR and data protection training
Data Minimization: Collect and retain only necessary data
Privacy by Design: Privacy considerations in system design
Incident Response: Documented procedures for data breaches
Regular Audits: Internal security assessments and external reviews

9. Cookies and Tracking

We use cookies and similar technologies to provide and improve our services:

Category	Purpose	Retention	Consent Required
Strictly Necessary	Authentication, security, core functionality	Session/30 days	No
Functional	User preferences, language settings	12 months	Yes
Analytics	Usage statistics, performance monitoring	24 months	Yes
Marketing	Currently not used	N/A	N/A

You can manage cookie preferences through our cookie consent banner or browser settings. Disabling necessary cookies may affect site functionality.

10. Data Retention Policy

We retain personal data only as long as necessary for the purposes collected:

Active Accounts: For the duration of your subscription
Deleted Accounts: 30 days grace period, then permanent deletion
Pricing Data: 12 months after subscription ends (for analytics)
Payment Records: 7 years (Swedish tax law requirements)
Support Communications: 3 years after resolution
Security Logs: 6 months
Website Analytics: 24 months

11. Legitimate Interests Assessment

For web scraping activities, we rely on legitimate interests (GDPR Art. 6(1)(f)) based on:

Balancing Test Results:

Our Interests: Providing competitive pricing intelligence services
Necessity: Web scraping is essential for real-time price monitoring
Public Benefit: Market transparency and fair competition
Data Subject Impact: Minimal - only public pricing data collected
Safeguards: Respect robots.txt, rate limiting, no personal data collection from scraped sites

12. Data Breach Notification

In case of a data breach affecting personal data, we will notify the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) within 72 hours and affected individuals without undue delay if there is a high risk to their rights and freedoms.

13. Children's Privacy

Our services are not intended for individuals under 16 years old. We do not knowingly collect personal data from children under 16. If we become aware of such data collection, we will delete it promptly.

14. Automated Decision-Making

We use automated processing for price analysis and alert generation. This does not involve profiling or decisions that significantly affect you legally. You can request human review of any automated decisions through privacy@pricesentry.io.

15. Supervisory Authority

You have the right to lodge a complaint with the Swedish Data Protection Authority (Integritetsskyddsmyndigheten) if you believe we have violated your data protection rights. Contact them at imy@imy.se or +46 8 657 61 00.

16. Changes to This Policy

We may update this Privacy Policy to reflect legal changes or service improvements. Material changes will be communicated via email or prominent notice on our website at least 30 days before taking effect.

17. Contact Information

General Privacy Inquiries

Email: privacy@pricesentry.io
Response Time: 5 business days

Data Protection Officer

Email: dpo@pricesentry.io
Response Time: 30 days (GDPR requests)

Company Address

Umai Tech AB
Stockholm, Sweden
Org. Nr: [Swedish organization number]

Emergency Contact

For urgent data breach concerns:
Email: security@pricesentry.io