// Legal · GDPR

GDPR COMPLIANCE.

pricepul is committed to full compliance with the EU General Data Protection Regulation. This page explains our lawful bases, your rights, our sub-processors, and how to exercise any GDPR right.

DPA Available
SCCs Executed
EU-US DPF Certified
DPO Appointed
ROPA Maintained
ISO 27001 (Q3 2026)
DPO: dpo@pricepul.io →
// Lawful Bases for Processing

WHY WE PROCESS YOUR DATA.

Basis
GDPR Article
Processing Activities
Contract
Art. 6(1)(b)
Account creation, service delivery, billing, scraping jobs you configure, alert delivery.
Legitimate Interest
Art. 6(1)(f)
Fraud prevention, security monitoring, product analytics, aggregated benchmarking.
Consent
Art. 6(1)(a)
Marketing emails, newsletter, non-essential cookies. Withdrawable at any time.
Legal Obligation
Art. 6(1)(c)
Tax records, law enforcement requests, regulatory compliance.
// Your Rights Under GDPR

WHAT YOU CAN DO.

Art. 15

Right of Access

You can request a full export of all personal data we hold about you. We'll deliver it within 30 days in a machine-readable format.

How to exercise
Export from Settings → Account → Export Data
Art. 16

Right to Rectification

If any personal data we hold is inaccurate or incomplete, you can correct it directly in your profile settings at any time.

How to exercise
Update at Settings → Profile
Art. 17

Right to Erasure

You can request deletion of all personal data. We'll process it within 30 days. Some data may be retained where required by law.

How to exercise
Request at Settings → Account → Delete Account
Art. 18

Right to Restriction

You can request that we restrict processing of your data while you contest accuracy, object to processing, or await a legal determination.

How to exercise
Submit request to privacy@pricepul.io
Art. 20

Right to Portability

You can receive your data in a structured, commonly used, machine-readable format (JSON or CSV) and transfer it to another controller.

How to exercise
Export from Settings → Account → Export Data
Art. 21

Right to Object

You can object to processing of your data for direct marketing or where our legal basis is legitimate interest. We will stop unless we have compelling grounds.

How to exercise
Object at privacy@pricepul.io
// Sub-processors & International Transfers

WHO TOUCHES YOUR DATA.

Last updated: March 1, 2026 · Changes notified 30 days in advance
Sub-processor
Country
Transfer Mechanism
AWS (Amazon Web Services)
USA + EU
Standard Contractual Clauses + Adequacy Decision (EU-US DPF)
Anthropic (Claude API)
USA
Standard Contractual Clauses
Stripe
USA
Standard Contractual Clauses + EU-US DPF
Resend
USA
Standard Contractual Clauses
Neon (PostgreSQL)
USA + EU
Processing within EU-West-1 where selected
// Data Processing Agreement

SIGN OUR DPA.

All customers can execute our standard DPA, which incorporates Standard Contractual Clauses (Module 2: Controller to Processor). Enterprise customers may request a custom DPA. Email legal@pricepul.io to initiate.

↓ Download DPA (PDF)Request Custom DPA →
// FAQ

COMMON QUESTIONS.

Q
Where is my data stored?

By default, data is stored in AWS us-east-1. Enterprise customers can request EU-only storage (eu-west-1, Frankfurt). Workspace data is never replicated cross-region without consent.

Q
Is pricepul a data controller or processor for our workspace data?

pricepul acts as a data controller for account information (your name, email, billing data) and as a data processor for workspace content (competitor URLs you configure, change logs). A Data Processing Agreement covering both relationships is available below.

Q
Does AI processing (Claude) affect our GDPR rights?

Diff content sent to Anthropic's Claude API for summarization contains no personal data — it is raw pricing page HTML. We have a DPA with Anthropic. No pricepul user data is used to train Anthropic models.

Q
How do I submit a data subject request on behalf of my team?

Workspace Owners can submit requests on behalf of all members via privacy@pricepul.io. Include your workspace slug and the type of request. We respond within 5 business days and complete within 30.

Q
Do you appoint a Data Protection Officer?

Yes. Our DPO can be reached at dpo@pricepul.io. For EU supervisory authority escalations, our lead authority is the Irish Data Protection Commission (DPC).

// DATA PROTECTION OFFICER
dpo@pricepul.io

For DSARs, complaints, and GDPR inquiries.

// LEAD SUPERVISORY AUTHORITY
www.dataprotection.ie

Irish Data Protection Commission (DPC) — our EU lead authority.