Privacy Policy
Last updated: April 14, 2026
This Privacy Policy explains how ChangePulse ("we", "us", or "our") collects, uses, stores, and protects your personal information when you use our website change monitoring service (the "Service"). We are committed to safeguarding your privacy and processing your data in compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR).
1. Information We Collect
1.1 Account Information
When you create a ChangePulse account, we collect:
- Email address — used for authentication, alerts, and account communications
- Full name — used for personalization and support interactions
- Password — stored only as a bcrypt hash (cost factor 12); we never store plaintext passwords
- Google profile information — if you choose to sign in via Google OAuth, we receive your name, email, and profile picture URL from Google
1.2 Service Usage Data
As you use ChangePulse, we collect:
- URLs you configure for monitoring
- Monitor settings (check intervals, CSS selectors, alert preferences, webhook URLs, Slack webhook URLs)
- Change detection results (diffs, snapshots, and content hashes)
- Check logs (timestamps, response codes, duration, errors)
- Webhook delivery logs (status codes, response times, success/failure)
- Alert logs (type of alert, delivery status)
1.3 Technical Data
We automatically collect limited technical information:
- IP address (for session security and rate limiting)
- Browser user agent string
- Timestamp and duration of requests
We do not use third-party analytics, fingerprinting, or advertising tracking technologies.
2. How We Use Your Information
We process your personal data based on legitimate interests and contractual necessity to:
- Provide the Service — run monitors, detect changes, and deliver alerts through your chosen channels
- Authenticate your identity — manage login sessions and protect your account
- Process payments — facilitate billing through our payment processor (Polar.sh)
- Communicate with you — send transactional emails (account verification, password resets, billing receipts) and alert notifications
- Improve the Service — analyze aggregate, anonymized usage patterns to improve reliability and features
- Ensure security — detect and prevent abuse, fraud, and unauthorized access
We do not sell, rent, or trade your personal data to any third party for marketing or advertising purposes.
3. Data Storage and Security
We take the security of your data seriously and implement the following measures:
- Encryption in transit — all data is transmitted over TLS/HTTPS
- Encryption at rest — database storage uses encrypted volumes
- Password hashing — bcrypt with a cost factor of 12
- Session management — server-side sessions with secure, HTTP-only cookies
- API key security — API keys are hashed before storage; the plaintext is shown only once at creation
- Access control — strict authentication and authorization checks on all API endpoints
While we employ industry-standard security practices, no method of transmission or storage is 100% secure. You are responsible for maintaining the security of your account credentials.
4. Cookies and Session Management
ChangePulse uses only essential cookies required for the operation of the Service:
- Session cookie — a server-side session identifier to keep you logged in (expires when you log out or after inactivity)
We do not use advertising cookies, marketing pixels, or third-party tracking scripts. No cookie consent banner is required because we only use strictly necessary cookies.
5. Third-Party Services
We share limited data with the following third-party providers, solely to deliver the Service:
| Provider | Purpose | Data Shared |
|---|---|---|
| Polar.sh | Payment processing | Email, plan selection (payment details are handled directly by Polar.sh and never touch our servers) |
| Namecheap Private Email | Transactional email delivery | Recipient email address, email content (alerts, password resets) |
| Google OAuth | Social authentication | OAuth tokens (profile data received from Google during login) |
We do not share your data with any other third parties unless required by law.
6. Data Retention
We retain your data according to the following policies:
- Account data — retained for as long as your account is active
- Change history — retained according to your plan limits:
- Free plan: 7 days
- Starter plan: 30 days
- Pro plan: unlimited
- Check logs and webhook delivery logs — retained for 90 days
- Support messages — retained for 2 years for reference purposes
- Account deletion — when you delete your account, all associated data (monitors, changes, check logs, alert logs) is permanently removed within 30 days
7. Your Rights (GDPR and Beyond)
Regardless of where you are located, we provide the following data rights to all users:
- Right of access — you can view all your personal data through your account Settings page
- Right to rectification — you can update your name and email at any time in Settings
- Right to deletion — you can permanently delete your account and all associated data from the Settings page
- Right to data portability — you can export your monitor configurations and change history via the API
- Right to restrict processing — you can pause individual monitors to stop data collection on specific URLs
- Right to object — you may object to processing by contacting us at [email protected]
To exercise any of these rights, use the self-service options in your account Settings or email us at [email protected]. We will respond to all requests within 30 days.
8. International Data Transfers
Your data may be processed and stored on servers located outside your country of residence. Where data is transferred internationally, we ensure appropriate safeguards are in place, such as standard contractual clauses or equivalent protections, to maintain the level of protection required by applicable data protection laws.
9. Children's Privacy
ChangePulse is not directed at children under the age of 16. We do not knowingly collect personal information from children. If you believe that a child has provided us with personal data, please contact us at [email protected] and we will take steps to delete such information.
10. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes:
- We will notify you by email to your registered address at least 14 days before the changes take effect
- We will update the "Last updated" date at the top of this page
- We may also display a notice within the Service
Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the changes.
11. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Privacy inquiries: [email protected]
- General support: [email protected]
We aim to respond to all privacy-related inquiries within 30 days.