Privacy Policy

Rivalert - Competitor Monitoring Platform

Effective Date: November 27, 2025

Last Updated: November 27, 2025

Privacy Summary

This Privacy Policy describes how Rivalert collects, uses, and protects your information. Here are the key points:

  • We do not sell your personal information
  • Your data is stored securely on AWS infrastructure (US)
  • You can delete your data at any time
Compliant with:GDPRCCPA

1. Information We Collect

We collect different categories of information depending on how you interact with our Service:

1.1 Account Information

When you create an account, we collect:

  • Email Address: Used for authentication and communications
  • Password: Securely hashed and stored
  • Account Preferences: Your notification settings and preferences

1.2 Usage Information

When you use our Service, we automatically collect:

  • The competitors you choose to track
  • Your alert configurations and preferences
  • How you use your monthly credit allocation
  • Which features you use and how often

1.3 Competitor Data

When monitoring competitors, we collect publicly available information:

  • Product listings and prices
  • Product availability and stock status
  • Collection and category information
  • Publicly displayed store metadata

This data is sourced from publicly accessible pages and stored in association with your account.

1.4 Payment Information

Payment processing is handled by our payment processor. We do not store your credit card information. We receive:

  • Subscription status and plan information
  • Transaction history and billing dates
  • Billing email address

1.5 Technical Information

We automatically collect certain technical information:

  • Browser type and version
  • Device type and operating system
  • Referral source

2. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To provide, maintain, and improve our competitor monitoring services
  • Account Management: To create and manage user accounts, authenticate users, and provide support
  • Alerts and Notifications: To send you alerts when competitor changes match your configured rules
  • Payment Processing: To process transactions and manage subscriptions
  • Communications: To send service updates, security alerts, and support messages
  • Analytics: To understand usage patterns and improve our Service
  • Legal Compliance: To comply with legal obligations and enforce our terms

3. Analytics and Tracking

We use privacy-focused analytics to understand how our Service is used:

3.1 Privacy-Focused Analytics

We use Plausible Analytics, a privacy-focused analytics service that:

  • Does not use cookies
  • Does not collect personal data or IP addresses
  • Does not track users across websites
  • Is fully compliant with GDPR and CCPA
  • Provides only aggregated statistics

3.2 Essential Cookies

We use only essential cookies required for the Service to function:

  • Authentication cookies to keep you logged in
  • Session cookies for security purposes

We do not use advertising or tracking cookies.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your information.

4.1 Infrastructure Security

  • Cloud Infrastructure: Hosted on Amazon Web Services with industry-standard security
  • Authentication: Secure password hashing and encrypted sessions
  • Encryption: All data transmissions secured with TLS 1.2 or higher
  • Database: Data stored in encrypted database tables
  • Access Controls: Strict access limitations to production systems

4.2 Payment Security

Payment processing is handled by our payment processor:

  • We never receive or store credit card numbers
  • All payment processing is PCI-DSS compliant
  • Financial transactions occur over encrypted connections

4.3 Data Retention

We retain different types of data for different periods:

  • Account Data: Retained for the duration of your account unless you request deletion
  • Competitor Data: Retained based on your subscription plan (Starter: 30 days, Growth: 60 days, Pro: 180 days)
  • Transaction Records: Retained as required by tax and accounting regulations
  • Support Communications: Retained for up to 24 months for service quality purposes

5. Data Sharing and Third-Party Services

We do not sell, trade, or rent your personal information. We share information only in the following circumstances:

5.1 Service Providers

We work with trusted third-party service providers:

  • Amazon Web Services (USA): Cloud infrastructure, authentication, database, and email delivery
  • LemonSqueezy (USA): Payment processing and subscription management (Merchant of Record)
  • Plausible Analytics (EU): Privacy-focused web analytics

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required by law or in good faith belief that such action is necessary to:

  • Comply with a legal obligation or court order
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email of any change in ownership or uses of your personal information.

6. Your Rights and Choices

You have certain rights regarding your personal information:

6.1 Access and Portability

You have the right to request access to the personal information we hold about you and to receive a copy in a structured, commonly used format.

6.2 Correction

You have the right to request correction of inaccurate personal information. You can update most account information directly through your dashboard.

6.3 Deletion

You have the right to request deletion of your personal information. You can delete your account at any time through the Account tab in your settings page.

6.4 Email Preferences

You can manage your email preferences in your account settings. You may opt out of promotional emails while still receiving essential service communications.

6.5 California Privacy Rights (CCPA)

California residents have additional rights including:

  • The right to know what personal information is collected
  • The right to delete personal information
  • The right to opt-out of the sale of personal information (Note: We do not sell personal information)
  • The right to non-discrimination for exercising privacy rights

6.6 European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights. We process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide you with our Service
  • Legitimate Interest: Processing for analytics and service improvement
  • Consent: Processing for marketing communications (where applicable)
  • Legal Obligation: Processing required to comply with applicable laws

Your additional rights under GDPR include:

  • The right to object to processing of your personal information
  • The right to restrict processing
  • The right to withdraw consent at any time
  • The right to lodge a complaint with a supervisory authority

To exercise any of these rights, please contact us at support@getrivalert.com. We will respond to your request within 30 days.

7. Additional Provisions

7.1 International Data Transfers

Rivalert is operated from the Republic of Korea. Your data is stored on servers located in the United States (Amazon Web Services, US-East region). By using our Service, you acknowledge and consent to the transfer of your information to these locations.

We implement appropriate safeguards for international data transfers, including using service providers that maintain adequate data protection standards and security measures consistent with this Privacy Policy.

7.2 Children's Privacy

Our Service is a business-to-business platform intended for use by business owners and professionals. We do not knowingly collect personal information from anyone under the age of 13, in compliance with the Children's Online Privacy Protection Act (COPPA). If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information promptly.

7.3 Third-Party Links

Our Service may contain links to third-party websites. We have no control over and assume no responsibility for the privacy policies of these third parties. We encourage you to review their privacy policies.

7.4 Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. For material changes, we will notify you by email.

7.5 Governing Law

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of Korea, without regard to conflict of law principles.

8. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, or if you wish to exercise any of your data protection rights, please contact us:

Data Controller

Service: Rivalert

Operated from: Republic of Korea

Data Storage: United States (AWS)

Privacy Inquiries

Email: support@getrivalert.com

Response Time: We aim to respond within 30 days (as required by GDPR/CCPA)

For formal data protection requests requiring a physical mailing address, please contact us via email and we will provide the appropriate address.

© 2025 Rivalert. All rights reserved.