Skip to main content

Legal

Privacy Policy

Last updated: April 28, 2026

This policy explains what information dipd collects when you use our service, how we use it, and the choices you have. We've tried to keep it short and plain. If anything is unclear, email contact@dipd.ai.

Who we are

dipd is a price-tracking service that watches product pages on your behalf and emails you when prices drop. “dipd”, “we”, “us”, and “our” refer to the team operating dipd.ai. You can reach us at contact@dipd.ai.

Information we collect

Account information

When you sign up we collect your email address and a password. The password is hashed before storage — we never see or store the plaintext.

Product tracking data

When you ask us to track a product, we store the URL you submit and the data we extract from that page on each check: title, price, image, and a snapshot or screenshot of the page used by our AI to read the price.

Usage data

We log basic activity needed to operate the service: when scrapes run, when alerts go out, your tier, and your notification preferences. We do not run advertising or cross-site tracking.

How we use information

  • To check prices on the products you ask us to track.
  • To email you when a price drops below the threshold you set.
  • To manage your account, subscription, and preferences.
  • To detect and prevent abuse (e.g. excessive tracking that would hurt the source sites we scrape).
  • To improve dipd over time.

We do not sell your personal data and we do not share it with advertisers.

Third-party services we use

dipd runs on a handful of services that necessarily process your data:

  • Railway — hosting for our application, database, and background-job queue.
  • Resend — sends the transactional emails (price alerts, account verification) from alerts@dipd.ai.
  • Google Gemini — reads the snapshots/screenshots of product pages to extract prices. We send only the page content; we do not send your account information. Google does not use paid Gemini API content to train its models.

Each provider acts as a processor on our behalf under a written data-processing agreement.

Screenshots and page captures

The screenshots we take are of public product pages (visited by an automated browser with no logged-in session). They are not recordings of you — they are bot captures of the same page anyone would see. We retain them as evidence for the price we showed you and to retry extraction if it failed the first time.

Browser extension

The dipd Chrome extension is optional. When you click Trackon a product page, the extension reads that page so we can capture its title, price, and image — and sends only that page's URL and content to dipd. It does not read pages you haven't asked it to track, and it does not collect your browsing history.

If you opt in to be a community worker, the extension can scrape specific product URLs that our API assigns to you, in a hidden browser window. Only the assigned URL and the resulting page content are sent to dipd — nothing about your other tabs, sessions, or accounts on those sites. The extension authenticates with the same dipd-token cookie used by the web app, and never injects UI into the pages you visit.

Mobile app

The dipd mobile app talks to the same API as the web app and uses the same account. It lets you view your tracked products and add new ones with a single tap via your device's share sheet — the URL you share is the only thing the app sends to dipd. We do not read your clipboard, contacts, location, or other apps.

Security

All traffic to and from dipd is encrypted in transit (HTTPS). Account passwords are stored as one-way hashes. Our database and backups are encrypted at rest by our hosting provider. Access to production data is limited to the people who need it to operate the service.

Cookies

The dipd web app uses two first-party cookies. dipd-token holds the authentication token for your session and is HTTP-only — it is never readable by JavaScript. dipd-presenceis a non-secret flag (its value is just “1”) so logged-out pages like this one can show you the right Sign In / Dashboard CTA without ever touching the token. We do not set advertising cookies, and the marketing site (dipd.ai) does not load third-party trackers.

Data retention and deletion

We keep your account data while your account is active. You can delete your account at any time from your dashboard. When you do:

  • Your email and password hash are removed.
  • Your tracked-product list, notifications, and preferences are removed.
  • Anonymized product, price, and run history may be retained to power the service (e.g. so price history on a popular product stays useful for everyone) — these no longer reference you.

Your rights

If you are in the EU/EEA, the UK, or another jurisdiction with equivalent rights, you can ask us to:

  • Show you what data we hold about you.
  • Correct anything that's wrong.
  • Delete your account and the data associated with it.
  • Export your data in a portable format.
  • Stop using your data for a particular purpose.
  • Lodge a complaint with your local data-protection authority (in the UK, the ICO; in the EU/EEA, your national supervisory authority).

Email contact@dipd.ai and we'll respond within 30 days.

Children

dipd is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has signed up, email us and we'll delete the account.

International data transfers

Our hosting, email, and AI providers operate in the EU and the United States. Your data may be processed in either region. Where data leaves the EU/EEA, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) included in our agreements with those providers.

Changes to this policy

If we change this policy in a way that materially affects you, we'll update the date above and email registered users before the change takes effect.

Contact

Questions, complaints, or data requests: contact@dipd.ai.