Get It

🧾 GDPR Policy

Last updated: October 2025

At Notify On Change, privacy isn’t a checkbox — it’s part of the architecture.
We believe in data minimalism: collecting less, keeping it safe, and giving you control.

This page explains how we comply with the General Data Protection Regulation (GDPR), how you can exercise your rights, and how we ensure your data stays yours.

🇪🇺 1. Who This Applies To

This policy applies to all users located in the European Union (EU) and European Economic Area (EEA) who interact with Notify On Change through our website, Chrome extension, or premium service.

If you’re based elsewhere, we still extend these principles — because respecting privacy shouldn’t depend on geography.

🧭 2. Who We Are

Data Controller:
Notify On Change (the company operating this service)
📧 help@notifyonchange.com

We determine how and why your personal data is processed.
For premium users, we may also act as a Data Processor when operating server-side monitoring on your behalf.

💡 3. What Data We Collect

We collect only the essentials:

When using the Chrome extension (Free tier):

  • URLs and page elements you choose to monitor
  • Extension and browser metadata
  • Optional email address for account linking

When using the Premium service:

  • Monitored URLs and detected change logs
  • Account info (name, email, billing ID)
  • Payment reference via third-party processor (no card details stored)

We don’t collect unnecessary personal details like demographics, behavior analytics, or browsing history outside of what you explicitly monitor.

⚖️ 4. Lawful Basis for Processing

We process your data under the following lawful bases:

  • Consent: When you create an account or subscribe, you consent to data processing related to monitoring and notifications.
  • Contractual Necessity: We process data required to deliver the service you’ve requested (e.g., page checks, alerts, billing).
  • Legitimate Interest: To maintain service performance, prevent abuse, and improve user experience.
  • Legal Obligation: When required by law or regulatory frameworks.

You can withdraw consent at any time by deleting your account or contacting us.

🔐 5. Data Storage & Security

All data is stored securely using encryption and access control.
Server infrastructure is hosted in GDPR-compliant data centers within the EU (or equivalent jurisdictions under adequacy agreements).

We apply:

  • Encrypted communication (HTTPS / TLS)
  • Minimal retention policies
  • Access limited to operational staff only

We never sell, rent, or share user data with third parties for advertising.

📤 6. Data Transfers

If data must be processed outside the EU/EEA (for example, by a cloud provider), we ensure it’s protected under Standard Contractual Clauses (SCCs) or equivalent legal safeguards.

We vet all sub-processors to ensure compliance with GDPR standards.

🧾 7. Your Rights Under GDPR

You have full control over your personal data. Under GDPR, you have the right to:

  • Access – Request a copy of your stored data.
  • Rectification – Correct inaccurate or incomplete information.
  • Erasure – Delete your account and all associated data (“right to be forgotten”).
  • Restriction – Ask us to limit processing in specific scenarios.
  • Portability – Request your data in a structured, machine-readable format.
  • Objection – Object to certain types of data processing.
  • Withdraw Consent – Stop data processing at any time without affecting prior lawful use.

To exercise any of these rights, contact us at help@notifyonchange.com.
We respond within 30 days of receiving your verified request.

💳 8. Payments & Third-Party Processors

Payments are securely handled by trusted GDPR-compliant providers (like Stripe or Paddle).
We never access or store full payment details — only transaction references.

All partners operate under Data Processing Agreements (DPAs) ensuring GDPR compliance.

🧹 9. Data Retention

We retain user data only as long as necessary to deliver the service.

  • Free tier data (stored locally) is under your control.
  • Premium data (stored on our servers) is deleted within 7 days of account deletion.
  • Backups are purged within 30 days.

Anonymized aggregate metrics (e.g., total URLs monitored) may be kept for internal analytics, with no user-identifiable information.

🚫 10. Automated Decision-Making

We don’t use your data for automated decision-making, profiling, or AI-based marketing.
Any automation exists purely to check pages — not to check you.

🧩 11. Children’s Data

Our service is not designed for users under 16 years of age.
If you believe a minor has used the service, please contact us — we’ll delete their data immediately.

✉️ 12. Contact & Complaints

For questions, requests, or philosophical discussions about data ethics:
📧 help@notifyonchange.com

If you’re unsatisfied with our handling of your data, you have the right to lodge a complaint with your local Data Protection Authority (DPA).

🧭 In Short

We track websites — not people.
Your data is yours, your awareness is yours, and we’re just the infrastructure helping both stay sharp.

Notify On Change — built for vigilance, not surveillance.