Welcome to greatgeardeals (operated by Efficient Business Inc., powered by Paylow.io). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our price tracking and deal discovery service.
Summary: We collect only what we need to show you deals and send price alerts. We never sell your personal information. You control your data and can delete it anytime.
1. Information We Collect
1.1 Information You Provide
- Account Information: Email address, full name (optional), Google account info if using Google Sign-In
- Price Alert Information: Product URLs, target prices, preferred retailers, alert preferences
- Communication Preferences: Notification settings, quiet hours, timezone, digest frequency
1.2 Information Collected Automatically
- Usage Data: Pages visited within our website and extension interface, deals viewed, features used
- Device Information: Browser type, operating system, device type
- Product Data: Extracted product information (name, price, images, availability)
2. Browser Extension
Extension Users: This section specifically covers data practices for our Chrome browser extension.
2.1 Extension Functionality
The greatgeardeals browser extension helps you track prices on supported retailer websites directly from your browser.
2.2 What the Extension Collects
- Product Page URLs: When you visit a product page on a supported retailer site, the extension sends the page URL to our server to extract accurate product information (name, price, image, brand)
- Authentication Tokens: If you sign in, we store authentication tokens locally in your browser to keep you logged in
- Price Alerts: Product URLs and target prices you choose to track
- Tab Information: The extension checks if the current tab is on a supported retailer site
2.3 What the Extension Does NOT Collect or Store
- Browsing history or activity on non-supported sites
- Personal information from retailer websites (account details, cart contents, etc.)
- Payment or financial information
- Data from non-product pages (the extension analyzes page structure to detect product pages, but does not transmit or store data from category pages, search results, checkout, etc.)
2.4 Extension Data Storage
- Authentication tokens and preferences are stored locally in your browser using chrome.storage.local
- Extracted product data is cached locally for display in the popup and is automatically deleted after 15 minutes
- Authentication tokens are transmitted only to our servers and authentication providers (Google/Firebase) for account actions
2.5 Extension Data Transmission
- Automatic: Product page URLs are sent to our server when you visit a product page on a supported retailer site (for price extraction)
- User-Initiated: When you click "Track Price," your alert preferences are saved to your account
- All data transmission uses HTTPS encryption
- Product URLs may be processed by our service providers (including Zyte) for extraction; see Section 6.1 for details
2.6 Extension Permissions Explained
| Permission | Purpose |
|---|---|
| storage | Save your login state and preferences locally |
| tabs | Detect when you're on a supported retailer site |
| identity | Enable Google Sign-In authentication |
| alarms | Check for token expiration |
| host permissions | Communicate with our API and Google authentication services |
3. Chrome Web Store Compliance
Limited Use Disclosure: The greatgeardeals extension's use of information received from Google APIs adheres to the Chrome Web Store User Data Policy and the Google API Services User Data Policy, including the Limited Use requirements.
3.1 Single Purpose Use
We only use data collected through the browser extension to provide price tracking and alert functionality. Data is not used for any other purpose.
3.2 No Use for Advertising
We never use or transfer your data for personalized or targeted advertisements. The extension does not display ads or sell data to advertisers.
3.3 Limited Data Transfer
We only share data with service providers necessary to operate the service (listed in Section 6.1 below). Data is never sold, rented, or traded to third parties.
3.4 No Unauthorized Human Access
Our team does not access your personal data except:
- With your explicit consent (e.g., support requests)
- For security investigations or incident response
- To comply with applicable law
- For aggregated, anonymized internal operations
4. How We Use Your Information
- Create and manage your account
- Display personalized deals and trending products
- Track product prices and send notifications
- Process your notification preferences
- Respond to inquiries and support requests
- Improve our service and develop new features
- Generate aggregated, anonymized analytics (not personally identifiable)
5. Email Communications & Anti-Spam Compliance
5.1 Types of Emails
Transactional (Service-Related)
- Price drop notifications
- Back-in-stock alerts
- Email verification requests
- Account security notifications
Marketing (Opt-In Only)
- Deal recommendations
- New feature announcements
- Promotional offers
5.2 Anti-Spam Compliance
We comply with:
- CAN-SPAM Act (US): Clear unsubscribe mechanism, physical address in emails
- CASL (Canada): Express consent required, consent records maintained
- GDPR (EU): Explicit consent, right to withdraw anytime
5.3 Email Verification
For users creating alerts without an account, we require email verification before sending notifications. Verification links expire after 24 hours. Unverified alerts are automatically deleted.
5.4 Your Email Choices
- Unsubscribe: One-click unsubscribe link in every email
- Frequency: Choose immediate, daily, or weekly digest
- Quiet Hours: Set times when you don't want notifications
- Rate Limits: Set maximum emails per day
6. How We Share Your Information
We do NOT sell your personal information. We never sell, rent, or trade your personal data to third parties for marketing.
6.1 Service Providers
| Provider | Purpose | Data Shared |
|---|---|---|
| Firebase (Google) | Authentication | Email, name, profile picture (from OAuth) |
| Postmark | Email delivery | Email address, notification content |
| Google Cloud | Hosting & database | All service data (encrypted) |
| Zyte | Product extraction | Product URLs only |
7. Data Security
- Encryption in Transit: TLS/SSL for all data transmission
- Encryption at Rest: Sensitive data encrypted in databases
- Access Controls: Restricted and logged employee access
- Secure Authentication: OAuth 2.0 for Google Sign-In
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account data | Until you delete your account |
| Price alerts | Based on your settings (default 90 days) |
| Price history | 2 years (for trend analysis) |
| Email consent records | 2 years (legal requirement) |
| Product URL extraction logs | 30 days (security and error logging only) |
9. Your Rights
Access & Portability
Access and download your personal data
Correction
Update your personal information anytime
Deletion
Request deletion of your data
Opt-Out
Unsubscribe from communications anytime
10. International Data Transfers
Our servers are located in North America. We ensure appropriate safeguards for international transfers, including standard contractual clauses and data processing agreements with all service providers.
11. Children's Privacy
Our Service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If we discover such data, we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy and sending an email notification.
13. Contact Us
If you have questions about this Privacy Policy or our data practices:
Email: privacy@paylow.io
Mail:
Efficient Business Inc.927 Edgemont Rd NW
Calgary, Alberta T3A 2J1
Canada
14. Jurisdiction-Specific Rights
California Residents (CCPA)
Right to know, delete, and opt-out of sale (we don't sell data). Contact privacy@paylow.io.
European Union Residents (GDPR)
Rights to access, rectification, erasure, restrict processing, data portability, and object.
Canadian Residents (PIPEDA/CASL)
Rights to access, challenge accuracy, and withdraw consent for communications.