Legal
Privacy Policy
Last updated: April 28, 2026
This policy explains what information dipd collects when you use our service, how we use it, and the choices you have. We've tried to keep it short and plain. If anything is unclear, email contact@dipd.ai.
Who we are
dipd is a price-tracking service that watches product pages on your behalf and emails you when prices drop. “dipd”, “we”, “us”, and “our” refer to the team operating dipd.ai. You can reach us at contact@dipd.ai.
Information we collect
Account information
When you sign up we collect your email address and a password. The password is hashed before storage — we never see or store the plaintext.
Product tracking data
When you ask us to track a product, we store the URL you submit and the data we extract from that page on each check: title, price, image, and a snapshot or screenshot of the page used by our AI to read the price.
Usage data
We log basic activity needed to operate the service: when scrapes run, when alerts go out, your tier, and your notification preferences. We do not run advertising or cross-site tracking.
How we use information
- To check prices on the products you ask us to track.
- To email you when a price drops below the threshold you set.
- To manage your account, subscription, and preferences.
- To detect and prevent abuse (e.g. excessive tracking that would hurt the source sites we scrape).
- To improve dipd over time.
We do not sell your personal data and we do not share it with advertisers.
Legal bases for processing
For users in the EU/EEA and UK, we rely on the following bases under the GDPR:
- Performance of a contract — running the tracking, sending alerts, and managing your account.
- Legitimate interests — preventing abuse, keeping the service reliable, and improving dipd. We balance these against your privacy and only use what we need.
- Consent — where we ask for it explicitly (for example, optional marketing email). You can withdraw consent at any time.
Third-party services we use
dipd runs on a handful of services that necessarily process your data:
- Railway — hosting for our application, database, and background-job queue.
- Resend — sends the transactional emails (price alerts, account verification) from alerts@dipd.ai.
- Google Gemini — reads the snapshots/screenshots of product pages to extract prices. We send only the page content; we do not send your account information. Google does not use paid Gemini API content to train its models.
Each provider acts as a processor on our behalf under a written data-processing agreement.
Screenshots and page captures
The screenshots we take are of public product pages (visited by an automated browser with no logged-in session). They are not recordings of you — they are bot captures of the same page anyone would see. We retain them as evidence for the price we showed you and to retry extraction if it failed the first time.
Browser extension
The dipd Chrome extension is optional. When you click Trackon a product page, the extension reads that page so we can capture its title, price, and image — and sends only that page's URL and content to dipd. It does not read pages you haven't asked it to track, and it does not collect your browsing history.
If you opt in to be a community worker, the extension can scrape specific product URLs that our API assigns to you, in a hidden browser window. Only the assigned URL and the resulting page content are sent to dipd — nothing about your other tabs, sessions, or accounts on those sites. The extension authenticates with the same dipd-token cookie used by the web app, and never injects UI into the pages you visit.
Mobile app
The dipd mobile app talks to the same API as the web app and uses the same account. It lets you view your tracked products and add new ones with a single tap via your device's share sheet — the URL you share is the only thing the app sends to dipd. We do not read your clipboard, contacts, location, or other apps.
Security
All traffic to and from dipd is encrypted in transit (HTTPS). Account passwords are stored as one-way hashes. Our database and backups are encrypted at rest by our hosting provider. Access to production data is limited to the people who need it to operate the service.
Data retention and deletion
We keep your account data while your account is active. You can delete your account at any time from your dashboard. When you do:
- Your email and password hash are removed.
- Your tracked-product list, notifications, and preferences are removed.
- Anonymized product, price, and run history may be retained to power the service (e.g. so price history on a popular product stays useful for everyone) — these no longer reference you.
Your rights
If you are in the EU/EEA, the UK, or another jurisdiction with equivalent rights, you can ask us to:
- Show you what data we hold about you.
- Correct anything that's wrong.
- Delete your account and the data associated with it.
- Export your data in a portable format.
- Stop using your data for a particular purpose.
- Lodge a complaint with your local data-protection authority (in the UK, the ICO; in the EU/EEA, your national supervisory authority).
Email contact@dipd.ai and we'll respond within 30 days.
Children
dipd is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.
International data transfers
Our hosting, email, and AI providers operate in the EU and the United States. Your data may be processed in either region. Where data leaves the EU/EEA, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) included in our agreements with those providers.
Changes to this policy
If we change this policy in a way that materially affects you, we'll update the date above and email registered users before the change takes effect.
Contact
Questions, complaints, or data requests: contact@dipd.ai.