Privacy Policy

Last updated: 20 June 2026

This policy explains what personal data PageDiff handles, why, and the rights you have under the EU General Data Protection Regulation (GDPR).

1. Who we are

PageDiff is operated by [COMPANY LEGAL NAME] S.R.L., a company established in Romania (Trade Register [TRADE REGISTER NO. — Jxx/xxxx/xxxx], VAT [VAT / CUI — ROxxxxxxxx]), with its registered office at [REGISTERED ADDRESS], Romania. We are the data controller for your account and billing data.

For any privacy question or to exercise your rights, contact us through our contact page using the “Privacy & data request” topic, where our privacy contact handles all data-protection matters.

2. What we collect & why

We keep data collection to what we need to run the service:

  • Account data (name, email, hashed password) — to create and secure your account and provide the service. Lawful basis: performance of our contract with you.
  • Billing data (name, email, billing address, VAT/tax details) — handled by Lemon Squeezy as Merchant of Record to take payment and meet tax obligations. Lawful basis: contract and legal obligation.
  • Technical & usage data (IP address, request logs, and cookieless, aggregate analytics) — to keep the service secure and reliable. Lawful basis: our legitimate interest in operating and protecting the service.
  • Monitored content (screenshots, HTML, and detected changes of the pages you choose to watch) — processed on your instructions to deliver monitoring. This may incidentally contain personal data; for it, you are the controller and we act as your processor (see Subprocessors below). A data processing agreement is available on request.
  • Support messages (the content of your contact-form messages) — to respond to you. Lawful basis: our legitimate interest in handling support.

3. Cookies & tracking

We use only a single essential session cookie to keep you signed in — it is strictly necessary and does not require consent. Our product analytics run on a cookieless, self-hosted Umami instance that collects only aggregate, non-identifying data. Because we set no advertising or tracking cookies, we do not show a cookie-consent banner.

4. How long we keep data

Page snapshots and change history are kept according to your plan — 30 days on Starter, 90 days on Pro, and 365 days on Business — then automatically deleted.

When you delete your account, your personal data is permanently purged after a 30-day grace period (which guards against accidental deletion and abuse). Billing and tax records are retained for as long as the law requires; most of these are held by Lemon Squeezy as Merchant of Record. Content sent to our AI subprocessor is handled as follows: It is retained for up to 30 days, during which it may be accessed for safety and security purposes, and is then deleted.

5. Subprocessors & sharing

We use a small number of third-party processors to deliver the service. The current list — what each does, the data it touches, and where it is located — is on our Subprocessors page. We will notify customers of changes to this list and give an opportunity to object, as required by the GDPR.

We never sell your personal data.

6. International transfers

Your primary data stays in the European Union (hosted with Hetzner in Germany and Finland). A limited set of subprocessors — our payment provider and our AI subprocessor, plus Cloudflare for storage and delivery — process some data in the United States. These transfers are covered by the EU–US Data Privacy Framework and/or Standard Contractual Clauses.

7. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased;
  • receive your data in a portable format;
  • restrict or object to certain processing;
  • withdraw consent where processing is based on consent.

To exercise any of these, contact us via our contact page (“Privacy & data request”). We may need to verify your identity before we act.

If you believe we have not handled your data properly, you have the right to lodge a complaint with the Romanian supervisory authority, the Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP) — B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 București, Romania, www.dataprotection.ro.

8. Security

We describe how we store and protect your data — EU hosting, access isolation, hashed passwords, and clear deletion — on our Security page.

9. Age

PageDiff is intended for users who are 18 or older. The service is not directed to anyone under 18, and we do not knowingly collect data from them.

10. Changes to this policy

We may update this policy from time to time. If we make material changes, we will notify you — for example by email or an in-app notice — before they take effect, and we will update the “Last updated” date above.