legal
Privacy policy
Last updated: July 2, 2026
This policy explains what data RivalSentry (“we”, “us”) collects when you use rivalsentry.com and the RivalSentry service, why we collect it, and the choices you have. The short version: we collect what the product needs to work, we don't sell data, and we don't run advertising or tracking.
Data we collect
Account data
- Name, email address, and a hashed password (we never store plaintext passwords).
- If you sign in with Google: your name, email address, and Google account identifier, as shared by Google. We do not receive your Google password.
Product data
- The URLs you monitor, your monitoring instructions, and check frequency.
- Snapshots of the publicly available content of monitored pages, stored so we can detect and show changes over time.
- Alerts and change history generated by the service.
- Slack webhook URLs you provide for alert delivery. Treat these as secrets; we store them to send your alerts and never use them for anything else.
Billing data
Payments are processed by Stripe. We never see or store your full card number. We store your Stripe customer ID, subscription status, and billed quantity.
Technical data
Standard server logs (IP address, user agent, request timestamps) retained briefly for security and debugging. We do not use advertising trackers or third-party analytics cookies.
How we use data
- To operate the service: checking pages, detecting changes, sending alerts.
- AI processing: when a monitored page changes, the textual difference and your monitoring instructions are sent to an AI model provider (currently MiniMax) to classify whether the change matters to you. Only monitored-page content and your instructions are shared — never your account, billing, or contact details.
- To send transactional email (verification, password reset) via Amazon SES.
- To bill you via Stripe.
- To respond to support requests.
We do not sell personal data, and we do not use your data to train AI models.
Service providers (subprocessors)
- Vercel — application hosting
- MongoDB Atlas — database
- Stripe — payment processing
- Amazon Web Services (SES) — transactional email
- MiniMax — AI classification of page-content changes
- Slack — alert delivery, only to webhooks you configure
- Google — sign-in, only if you choose it
- Internet Archive — historical snapshots for the free page-change checker
Data retention & deletion
Account and product data are kept while your account is active. Deleting a monitor deletes its snapshots, checks, and alerts. To delete your account and all associated data, email us (address below) — we complete deletion requests within 30 days. Billing records are retained as required for tax and accounting law.
Your rights
Depending on where you live (e.g. GDPR in the EU, CCPA in California), you may have rights to access, correct, export, or delete your personal data, and to object to or restrict processing. Email us to exercise any of these; we respond to all requests regardless of jurisdiction.
Security
Data is encrypted in transit (TLS) and at rest by our hosting providers. Passwords are hashed. Access to production systems is limited to the operator. No system is perfectly secure — if we learn of a breach affecting your data, we will notify you without undue delay.
Children
RivalSentry is not directed at children under 16, and we do not knowingly collect their data.
Changes
We'll update this policy as the service evolves and change the date above. Material changes will be announced by email or in the app.
Contact
Privacy questions and requests: pukar@rivalsentry.com. See also our Terms of Service and Cookie Policy.