PricePandaBack to home

Privacy policy

Last updated: May 31, 2026

Last updated: 26 May 2026

This policy explains what data PricePanda collects, why, and what you can do about it. PricePanda is operated by Volsted Media OÜ(registry code 17472855), an Estonian private limited company with its registered office at Sepapaja tn 6, Lasnamäe linnaosa, 15551 Tallinn, Estonia. If anything is unclear, emailhello@price-panda.com.

1. Who we are (data controller)

The data controller for personal data processed through PricePanda is:

  • Volsted Media OÜ
  • Registry code: 17472855
  • Sepapaja tn 6, Lasnamäe linnaosa, 15551 Tallinn, Harju maakond, Estonia
  • Email: hello@price-panda.com

2. What we collect

We collect only what we need to run the service.

Account data

  • Email address, required to sign in and to send price alerts.
  • A hashed password if you choose email/password sign-in. We never see your plaintext password.
  • Your name and the name of your business (optional, used in the UI and on invoices).
  • Two-factor authentication state (you opt in; we store the encrypted secret).

Service data

  • The store URL you add and the competitor URLs you ask us to track.
  • The product titles, prices, and images we scrape from those public pages.
  • Matches and decisions you make in the app (confirm / decline a match, notification rules, etc.).

Technical data

  • Standard server request logs: IP address, user agent, request time, response code. Kept for up to 30 days for security and abuse prevention.
  • Error and crash logs to help us fix bugs. Stripped of personal data where practical.

Billing data

  • Billing email, plan, and invoice history. We do not store full payment card details, Stripe handles that.
  • VAT number (if you provide one) and billing country.

3. What we don't collect

We do not run third-party advertising trackers, behavioural analytics, or session replays. We do not sell your data to anyone, ever.

4. Why we process it (legal basis under GDPR)

  • Contract performance, to provide the service you signed up for (scraping, matching, alerts, billing).
  • Legitimate interest, to keep the service secure (rate limits, abuse detection) and to improve the product based on aggregated usage.
  • Legal obligation, to keep invoicing and accounting records as required by Estonian and EU tax law.
  • Consent, where we ask for it explicitly, e.g. optional product update emails. You can withdraw consent at any time.

5. How long we keep it

  • Account data: while your account is open, plus 90 days after deletion in case you change your mind.
  • Scraped competitor product data: up to 24 months for historical price reports. You can request earlier deletion.
  • Invoices and accounting records: 7 years (Estonian Accounting Act).
  • Server request logs: up to 30 days.
  • Backups: up to 35 days rolling, then overwritten.

6. Who we share data with (subprocessors)

We use a small number of EU-friendly vendors to run PricePanda. Each one processes only the minimum data needed to deliver its feature.

  • Supabase, primary database and authentication. EU-West region.
  • Vercel, application hosting and edge delivery.
  • Firecrawl, fetches the public competitor pages on our behalf.
  • OpenRouter / model providers, runs the AI matching prompts. Product titles only; never your account data.
  • Resend, sends transactional email (alerts, password resets, billing).
  • Stripe, payments and invoicing.
  • Trigger.dev, runs scheduled scrape jobs.

Some of these vendors operate in the United States. We rely on the EU–US Data Privacy Framework and/or Standard Contractual Clauses for those transfers.

7. International transfers

Data is primarily stored in the EU (Supabase EU-West). Where data is transferred outside the EU/EEA (e.g. for AI processing or email delivery), it is protected by Standard Contractual Clauses and additional safeguards as required by GDPR.

8. Cookies

We use first-party cookies for sign-in sessions and two-factor authentication state. We do not use third-party advertising or tracking cookies. Because we only use strictly necessary cookies, no consent banner is required under the ePrivacy directive.

9. Your rights under GDPR

You have the right to:

  • Access the personal data we hold on you.
  • Correct anything that's wrong.
  • Delete your account and personal data (right to erasure).
  • Export your data in a portable format.
  • Restrict or object to certain processing.
  • Withdraw consent at any time, where consent is the legal basis.

To exercise any of these, emailhello@price-panda.comfrom your account address. We respond within 30 days. There's no fee.

10. Complaints

If you think we've mishandled your data, please contact us first and we'll try to fix it. You also have the right to complain to the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon, AKI):aki.ee.

11. Security

We protect your data with TLS in transit, encryption at rest, role-based access control, two-factor authentication for staff accounts, and routine vulnerability review. No system is perfectly secure, but we treat your data as if it were our own.

12. Children

PricePanda is a B2B tool not directed at children. We do not knowingly collect personal data from anyone under 16.

13. Changes to this policy

We'll email registered users at least 30 days before any material change. The "Last updated" date at the top of this page shows the most recent revision.

14. Contact

Volsted Media OÜ (registry code 17472855), Sepapaja tn 6, Lasnamäe linnaosa, 15551 Tallinn, Estonia. Emailhello@price-panda.com.