Privacy Policy

The party responsible for data processing on this website (controller) is:

Robert-William Kaspar

c/o flexdienst – #11745

Kurt-Schumacher-Straße 76

67663 Kaiserslautern, Germany

Email: [email protected]

We collect and process the following categories of personal data, depending on how you use DealMonitor:

• Account data: email address, hashed password (or Google OAuth ID), preferred language
• Tracker data: product URLs, target prices, price history, shop domains
• Notification data: Telegram chat ID (if connected), push subscription endpoint (if enabled)
• Technical data: IP address (in server logs, not stored permanently), browser type, operating system
• Extension data: visited shop domains, detected price candidates

We process your data on the following legal bases under GDPR:

• Art. 6(1)(b) GDPR — Performance of a contract: processing necessary to provide the DealMonitor service (account management, price tracking, notifications)
• Art. 6(1)(a) GDPR — Consent: optional features such as Telegram notifications, web push notifications, and Google Analytics
• Art. 6(1)(f) GDPR — Legitimate interest: server logs for security, fraud prevention, and service improvement

Your data is used exclusively for the following purposes:

• Providing the price tracking service: scraping product pages, detecting prices, storing price history
• Sending notifications: email alerts, Telegram messages, and web push notifications when your target price is reached
• Account management: authentication, password reset, language preferences
• Service improvement: anonymous, aggregated statistics to improve price detection accuracy
• Affiliate links: we may embed affiliate links in product URLs. This does not affect your price and no personal data is shared with affiliate networks

All data is stored on servers located in Germany. We use the following security measures:

• All connections are encrypted via HTTPS/TLS
• Passwords are hashed using bcrypt (never stored in plain text)
• Database access is restricted and protected by strong credentials
• Server access is limited to authorized personnel only
• Regular backups are performed to prevent data loss

Only the following people or systems have access to your personal data:

• Robert-William Kaspar (operator of DealMonitor): full administrative access to the database and servers for maintenance, debugging, and answering data protection requests
• No other employees, contractors, or external persons have access to personal data
• Subprocessors (see the section "Data sharing with third parties") receive only the data strictly necessary for their function — Resend, for example, only receives the recipient email address, never your price history or tracker URLs
• The HTML snapshot the browser extension sends to our servers is only accessible to the automated ML detector process. The snapshot is discarded immediately after processing — no human staff member ever sees it

We do not sell, rent, trade, or market your personal data under any circumstances. DealMonitor is funded exclusively by affiliate commissions from online shops (no data transfer involved) and optional voluntary support. We use your data exclusively for the purpose stated in this privacy policy — tracking product prices for you. Data is never shared with advertising networks, data brokers, or credit reporting agencies.

We do not sell, rent, or trade your personal data. Data may be shared with the following third parties only as necessary:

• Google OAuth: if you sign in with Google, we receive only your email address from Google. We do not share data back with Google beyond what is needed for authentication
• Resend (email service): your email address is passed to Resend to deliver notification emails. Resend processes data under their own privacy policy
• Google Analytics: We use Google Analytics to collect anonymized usage data (page views, approximate location). No personal data is transmitted
• Telegram (optional): if you connect Telegram, your Telegram chat ID is stored to send price alerts. No other Telegram data is accessed

DealMonitor itself does not set any cookies. We use localStorage in your browser to store your authentication token and preferences (theme, language). This data never leaves your browser except when authenticating with our servers.

Google Analytics, if enabled by the site operator, may set cookies. These are used solely for anonymous usage statistics and can be blocked by your browser settings.

The DealMonitor browser extension has one single, clearly defined purpose: tracking product prices in online shops and sending associated notifications when a target price is reached. It is used for nothing else — no data resale, no advertising, no profiling. Every data collection described in the following sections serves exclusively this one purpose.

The DealMonitor browser extension helps you track prices across online shops. Below is a complete description of what data is collected, how it is used, stored, and shared.

Data collected by the extension:

When you click the extension icon on a product page, the extension reads the current page's DOM (HTML structure) to detect price information. The following data is collected and sent to our servers:

• Product page URL — to identify the product being tracked
• Page HTML content — a snapshot of the page DOM, used for ML-based price detection on our server. This is processed immediately and not stored permanently
• Detected price candidates — prices found in the page, including their position in the DOM (CSS selectors)
• Page title — used as the product name for your tracker
• Your authentication token — to associate the tracker with your account

The extension does NOT collect or transmit:

• Browsing history or visited URLs (data is only sent when you actively click the extension icon)
• Passwords, form inputs, or payment information
• Data from banking, financial, or healthcare websites (these are blacklisted and the extension does not activate on them)
• Keystrokes or mouse movements
• Personal files or downloads
• Data from browser tabs you are not actively tracking

So you know exactly when the extension is actually active, here is a technical clarification:

• The extension's content script is technically loaded on every website you visit due to the `<all_urls>` permission. However, it remains passive — it does NOT read or transmit any data unless you actively click the extension icon
• Only your deliberate interaction (clicking the icon or confirming in the extension popup) starts price detection. Only then is the HTML snapshot of the current page transmitted over an encrypted HTTPS connection to api.dealmonitor.app
• In the background, the extension only runs a token-refresh alarm to keep your DealMonitor login session alive. This alarm transmits ONLY your authentication token to api.dealmonitor.app — never page content, URLs, or any other browser data
• On banking, financial, healthcare, and government websites the extension does not activate at all (domain blacklist). The icon appears greyed out and creating a tracker is not possible there

The extension requests the following browser permissions and uses them exclusively as described:

• Host permissions (<all_urls>) — DealMonitor is a universal price tracker that works on any online shop worldwide. A domain whitelist would break that product promise, so we have deliberately chosen not to use one. Instead we protect users through a layered model: (1) The extension is loaded on every page, but is passive by default — it transmits no data. (2) Data collection is only activated after the user explicitly accepts the in-product disclosure dialog. (3) Sensitive domains (banking, finance, health, government) are fully excluded via a blocklist. (4) Even after activation, each concrete data collection happens only through your active click on the extension icon or the tracker-creation popup — never in the background.
• storage — Stores your authentication token and user preferences (language, theme) locally in your browser. This data never leaves your device unless you authenticate with our API
• activeTab — Allows the extension to access the content of the currently active tab when you click the extension icon. No background access to other tabs
• scripting — Injects the price detection script into the current page to read product prices from the DOM
• alarms — Used for periodic session token refresh (authentication keepalive). No user data is collected via alarms
• cookies — Reads the DealMonitor website cookie to synchronize your login session between the website and the extension. No third-party cookies are read or modified

Extension data is handled as follows:

• Local storage: your authentication token and preferences are stored in the browser's local storage. You can clear this by uninstalling the extension
• Server transmission: when you create a tracker, the page URL, HTML snapshot, and detected prices are sent to our servers via encrypted HTTPS connection
• Data retention: the HTML snapshot is processed for price detection and then discarded. Only the extracted price, product name, and URL are stored permanently as part of your tracker
• Data sharing: extension data is not shared with any third party. It is sent exclusively to DealMonitor servers (api.dealmonitor.app) hosted in Germany
• Removal: uninstalling the extension removes all locally stored data. Server-side trackers can be deleted in your DealMonitor dashboard or by deleting your account

As required by the Chrome Web Store Developer Program Policies, we disclose below for each standardized data category whether the DealMonitor browser extension collects it:

• Personally identifiable information — Yes: your email address is collected when you create a DealMonitor account. The extension itself does not collect additional PII such as name, address, age, or identification numbers
• Health information — No: no heart rate data, medical history, symptoms, diagnoses, or treatments are collected
• Financial and payment information — No: no transactions, credit card numbers, credit ratings, financial statements, or payment history are collected. Banking and financial domains are on a blacklist and the extension does not activate on them
• Authentication information — Yes: your DealMonitor authentication token is stored locally in browser storage to maintain your session across browser restarts. No passwords, PINs, or security questions are collected. The extension does not read authentication data from other websites
• Personal communications — No: no emails, SMS, chat messages, or other personal communication content is collected
• Location — No: the extension does not collect GPS coordinates, region, or points-of-interest data. Your IP address is only captured server-side in short-lived server logs (see the Data retention section)
• Web history — No: the extension does not collect a list of websites you visit. Data is collected only for pages where you actively click the extension icon or confirm as a tracker. No background monitoring of your browsing history occurs
• User activity — No: no network monitoring, no tracking of clicks, mouse movements, scroll events, or keystrokes
• Website content — Yes: when you click the extension icon or create a tracker, the extension reads the visible page DOM (HTML structure, text, image URLs, hyperlinks) of the current product page. This snapshot is transmitted solely to our servers for ML-based price detection and discarded after processing — only the extracted price, product name, and URL are stored permanently

We expressly confirm the following Chrome Web Store policies:

• We do not sell or transfer user data to third parties, outside of the approved use cases described in this privacy policy (e.g., Resend for email delivery, Google OAuth for optional sign-in)
• User data is used or transferred exclusively for the single purpose of the extension — tracking product prices in online shops and related notifications. Data is not used for unrelated purposes
• User data is not used or transferred to determine creditworthiness or for lending purposes
• No human reads user data — except in the following narrow cases: (a) when the user explicitly consents, (b) when necessary for security purposes (e.g. investigating abuse) or to comply with applicable law, or (c) when the data has been anonymised and used solely for aggregated internal statistics.

We retain your data for the following periods:

• Account data: retained as long as your account is active. Deleted within 30 days of account deletion
• Price history: retained as long as the associated tracker exists
• Server logs (IP addresses): automatically deleted after 14 days
• Orphaned data (trackers without active users): cleaned up automatically on a daily basis

As a user in the EU, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): you can request a copy of all personal data we hold about you
• Right to rectification (Art. 16 GDPR): you can correct inaccurate data in your account settings
• Right to erasure (Art. 17 GDPR): you can delete your account at any time, which removes all associated data
• Right to data portability (Art. 20 GDPR): you can request your data in a structured, machine-readable format
• Right to restrict processing (Art. 18 GDPR): you can request that we limit processing of your data
• Right to object (Art. 21 GDPR): you can object to processing based on legitimate interest
• Right to withdraw consent: you can withdraw consent for optional features (e.g., Telegram, push notifications) at any time in your account settings

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. The competent authority for our location is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Postfach 30 40, 55020 Mainz, Germany

Website: www.datenschutz.rlp.de

DealMonitor is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data to us, please contact us so we can delete it.

We work with carefully selected third-party providers, each processing only the data necessary for their function:

• Resend (Resend Inc., USA) — Email delivery for registration, price alerts, and password reset. Processes: email address. Privacy: https://resend.com/legal/privacy-policy
• Cloudflare (Cloudflare Inc., USA) — CDN, DNS, and DDoS protection. Processes: IP address, technical connection data. Privacy: https://www.cloudflare.com/privacypolicy/
• Google OAuth (Google LLC, USA) — Optional sign-in via Google account. Processes: email address (only when using Google sign-in). Privacy: https://policies.google.com/privacy
• Google Analytics (Google LLC, USA) — Anonymized usage statistics. Processes: anonymized IP address, page views. Privacy: https://policies.google.com/privacy
• Telegram Bot API (Telegram FZ-LLC, Dubai) — Optional price notifications via Telegram. Processes: Telegram chat ID (only when connected). Privacy: https://telegram.org/privacy
• PostgreSQL — Open-source database, self-hosted on our own servers in Germany. No data shared with third parties

We may update this privacy policy from time to time. The latest version is always available on this page with the date of the last update. We recommend reviewing it periodically. If we make significant changes, we will notify registered users by email.