notiduck

Privacy Policy

Version 1.0 – Effective from November 25, 2025

1. Data Controller

GIJA HUB MB
Polocko g. 4B-20
Vilniaus m., Lithuania
Email: info@notiduck.com

2. What Data We Collect

We collect and process the following personal data:

Account Data

  • Email address (required for account creation and notifications)
  • Password (stored securely hashed, never in plain text)
  • Account creation date and last login time

Monitoring Data

  • URLs you choose to monitor
  • Custom CSS selectors for price monitoring (if provided)
  • Monitoring results: response times, availability status, price data
  • Historical monitoring data displayed in your dashboard

Technical Data

  • IP address (for security and abuse prevention)
  • Browser type and version
  • Device information

3. How We Use Your Data

We use your data for the following purposes:

  • Service Delivery: To monitor websites you specify and send you alerts
  • Account Management: To authenticate you and manage your account
  • Communication: To send service notifications, alerts, and important updates
  • Service Improvement: To analyze usage patterns and improve our service
  • Security: To detect and prevent fraud, abuse, and security threats

4. Legal Basis for Processing (GDPR)

We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide our monitoring services to you
  • Legitimate Interest: Security measures, fraud prevention, and service improvements
  • Legal Obligation: Compliance with applicable laws and regulations

5. Data Sharing & Third Parties

We share data with the following categories of third parties:

  • Infrastructure Providers: Cloud hosting (Hetzner, Germany) for data storage and processing
  • Email Service: SendGrid for sending notification emails
  • Proxy Services: BrightData for accessing websites during price monitoring (only URLs you specify are accessed)
  • Payment Processors: For processing credit purchases (we do not store payment card details)

We do not sell your personal data to third parties. We do not share your data for advertising purposes.

6. Data Retention

  • Account Data: Retained while your account is active, deleted within 30 days of account deletion
  • Monitoring History: Retained for 90 days, then automatically deleted
  • Server Logs: Retained for 14 days for security purposes

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate personal data
  • Erasure: Request deletion of your personal data ("right to be forgotten")
  • Restriction: Request restriction of processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests

To exercise these rights, contact us at info@notiduck.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmitted via HTTPS encryption
  • Passwords stored using industry-standard hashing (bcrypt)
  • Database encryption at rest
  • Regular security updates and monitoring
  • Access controls limiting employee access to personal data

9. International Data Transfers

Your data is primarily stored on servers located in the European Union (Germany). Some third-party services may process data outside the EU. In such cases, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission.

10. Cookies

We use only essential cookies required for the service to function. See our Cookie Policy for details.

11. Children's Privacy

Our service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

13. Contact & Complaints

For privacy-related questions or to exercise your rights, contact us at: info@notiduck.com

If you are not satisfied with our response, you have the right to lodge a complaint with a supervisory authority. For Lithuania, this is the State Data Protection Inspectorate (VDAI): vdai.lrv.lt

Last revised: November 25, 2025