Privacy Policy

Account Information

• Email address
• Hashed password (if using email signup) or OAuth provider ID (Google or GitHub)
• Display name and avatar URL (if provided by your OAuth provider)

Billing Information

Payments are processed entirely by Stripe. We store your Stripe customer ID, subscription status, and credit balance. We never store credit card numbers, bank details, or other payment instrument data on our servers.

API Usage Logs

Each API request generates a log entry containing:

• Timestamp of the request
• Product URL you sent to the API
• Retailer detected from the URL
• HTTP status code returned
• Response time (duration in milliseconds)
• Credits consumed

Request Metadata

• IP address (used for rate limiting and abuse prevention)
• User agent string
• API key used (identified via SHA-256 hash for authentication; your full key is encrypted at rest using AES-256)

Analytics

We use Umami, a privacy-friendly analytics tool, to understand how visitors use our website. Umami does not use cookies, does not collect personal data, and does not track users across sites. We do not use Google Analytics, tracking pixels, or any advertising trackers.

• We do not store credit card numbers or bank details (Stripe handles all payment data)
• We do not log the price data returned in API responses
• We do not track your browsing history or activity outside of PriceFetch
• We do not use advertising cookies or third-party tracking pixels

• Provide and maintain the PriceFetch API service
• Authenticate your API requests
• Track credit usage and process billing
• Enforce rate limits and prevent abuse
• Display your usage history in your dashboard
• Send transactional emails (account verification, billing receipts)
• Debug and resolve technical issues

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

We rely on the following third-party services to operate PriceFetch. Each processes data only as necessary to provide their service:

When you delete your account, we remove your personal data and API keys. Billing records are retained as required by law but are disassociated from your identity where possible.

We use a single HTTP-only session cookie to keep you logged in. We do not use advertising cookies, tracking cookies, or any third-party cookie-based analytics.

• API keys are encrypted at rest using AES-256-GCM. A SHA-256 hash is stored separately for fast authentication lookups. Your full key is retrievable from your dashboard but never stored in plaintext.
• All traffic is encrypted via HTTPS/TLS, both to our website and API.
• CORS is restricted to pricefetch.dev in production.
• Passwords are hashed using Supabase Auth's bcrypt implementation.
• Database access is protected by Row Level Security (RLS) policies.

If you discover a security vulnerability, please report it to security@pricefetch.dev.

• Access your data through your dashboard.
• Correction — update your account information from your dashboard settings.
• Deletion — delete your account and associated data by contacting us.
• Export your usage data from the dashboard logs page.

To exercise any of these rights, contact us at privacy@pricefetch.dev.

We may update this privacy policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and notify registered users via email.

Your continued use of PriceFetch after changes are posted constitutes acceptance of the updated policy. Please also review our Terms of Service.

For privacy-related questions or requests, contact us at privacy@pricefetch.dev or use our contact form.