Privacy Policy

The party responsible for data processing on this website (controller) is:

Robert-William Kaspar

c/o flexdienst – #11745

Kurt-Schumacher-Straße 76

67663 Kaiserslautern, Germany

Email: [email protected]

We collect and process the following categories of personal data, depending on how you use DealMonitor:

• Account data: email address, hashed password (or Google OAuth ID), preferred language
• Tracker data: product URLs, target prices, price history, shop domains
• Notification data: Telegram chat ID (if connected), push subscription endpoint (if enabled)
• Technical data: IP address (in server logs, not stored permanently), browser type, operating system
• Extension data: visited shop domains, detected price candidates

We process your data on the following legal bases under GDPR:

• Art. 6(1)(b) GDPR — Performance of a contract: processing necessary to provide the DealMonitor service (account management, price tracking, notifications)
• Art. 6(1)(a) GDPR — Consent: optional features such as Telegram notifications, web push notifications, and Google Analytics
• Art. 6(1)(f) GDPR — Legitimate interest: server logs for security, fraud prevention, and service improvement

Your data is used exclusively for the following purposes:

• Providing the price tracking service: scraping product pages, detecting prices, storing price history
• Sending notifications: email alerts, Telegram messages, and web push notifications when your target price is reached
• Account management: authentication, password reset, language preferences
• Service improvement: anonymous, aggregated statistics to improve price detection accuracy
• Affiliate links: we may embed affiliate links in product URLs. This does not affect your price and no personal data is shared with affiliate networks

All data is stored on servers located in Germany. We use the following security measures:

• All connections are encrypted via HTTPS/TLS
• Passwords are hashed using bcrypt (never stored in plain text)
• Database access is restricted and protected by strong credentials
• Server access is limited to authorized personnel only
• Regular backups are performed to prevent data loss

We do not sell, rent, or trade your personal data. Data may be shared with the following third parties only as necessary:

• Google OAuth: if you sign in with Google, we receive only your email address from Google. We do not share data back with Google beyond what is needed for authentication
• Resend (email service): your email address is passed to Resend to deliver notification emails. Resend processes data under their own privacy policy
• Google Analytics: We use Google Analytics to collect anonymized usage data (page views, approximate location). No personal data is transmitted
• Telegram (optional): if you connect Telegram, your Telegram chat ID is stored to send price alerts. No other Telegram data is accessed

DealMonitor itself does not set any cookies. We use localStorage in your browser to store your authentication token and preferences (theme, language). This data never leaves your browser except when authenticating with our servers.

Google Analytics, if enabled by the site operator, may set cookies. These are used solely for anonymous usage statistics and can be blocked by your browser settings.

The DealMonitor browser extension operates with the following permissions and data handling:

• The extension activates on all shop pages except blacklisted domains (e.g. banking, financial services) — it does not monitor all browsing activity
• Detected price data and page URLs are sent to our servers for price tracking only
• The extension stores your authentication token locally in the browser
• No browsing history, keystrokes, or personal data outside of shop pages is collected
• You can uninstall the extension at any time to completely remove it

We retain your data for the following periods:

• Account data: retained as long as your account is active. Deleted within 30 days of account deletion
• Price history: retained as long as the associated tracker exists
• Server logs (IP addresses): automatically deleted after 14 days
• Orphaned data (trackers without active users): cleaned up automatically on a daily basis

As a user in the EU, you have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR): you can request a copy of all personal data we hold about you
• Right to rectification (Art. 16 GDPR): you can correct inaccurate data in your account settings
• Right to erasure (Art. 17 GDPR): you can delete your account at any time, which removes all associated data
• Right to data portability (Art. 20 GDPR): you can request your data in a structured, machine-readable format
• Right to restrict processing (Art. 18 GDPR): you can request that we limit processing of your data
• Right to object (Art. 21 GDPR): you can object to processing based on legitimate interest
• Right to withdraw consent: you can withdraw consent for optional features (e.g., Telegram, push notifications) at any time in your account settings

If you believe that our processing of your personal data violates data protection laws, you have the right to lodge a complaint with a supervisory authority. The competent authority for our location is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Rheinland-Pfalz

Postfach 30 40, 55020 Mainz, Germany

Website: www.datenschutz.rlp.de

DealMonitor is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided personal data to us, please contact us so we can delete it.

We work with carefully selected third-party providers, each processing only the data necessary for their function:

• Resend (Resend Inc., USA) — Email delivery for registration, price alerts, and password reset. Processes: email address. Privacy: https://resend.com/legal/privacy-policy
• Cloudflare (Cloudflare Inc., USA) — CDN, DNS, and DDoS protection. Processes: IP address, technical connection data. Privacy: https://www.cloudflare.com/privacypolicy/
• Google OAuth (Google LLC, USA) — Optional sign-in via Google account. Processes: email address (only when using Google sign-in). Privacy: https://policies.google.com/privacy
• Google Analytics (Google LLC, USA) — Anonymized usage statistics. Processes: anonymized IP address, page views. Privacy: https://policies.google.com/privacy
• Telegram Bot API (Telegram FZ-LLC, Dubai) — Optional price notifications via Telegram. Processes: Telegram chat ID (only when connected). Privacy: https://telegram.org/privacy
• PostgreSQL — Open-source database, self-hosted on our own servers in Germany. No data shared with third parties

We may update this privacy policy from time to time. The latest version is always available on this page with the date of the last update. We recommend reviewing it periodically. If we make significant changes, we will notify registered users by email.