Privacy Policy
Last updated: July 2, 2026 · DRAFT — pending counsel review
1. The short version
We store the minimum needed to watch hotel prices for you and tell you when they drop: your email, your watches (places, dates, price limits), your notification preferences, and — if you subscribe — billing metadata handled by Paddle. We don't run ads, we don't sell your data, and hotel price observations are not personal data at all.
2. What we collect and why
- Account data — email address, display name, and authentication identifiers (via Firebase Authentication, including Google sign-in if you choose it). Legal basis: contract — we cannot provide the service without an account to deliver alerts to.
- Watch data — destinations, date ranges, guest counts, cash/points limits, and booked-night markers you set. Legal basis: contract.
- Notification data — email preferences, web-push subscription endpoints, and a Telegram chat ID if you link the bot. Legal basis: contract (these alerts are the product you asked for).
- Billing metadata — subscription plan, status, and renewal dates. Card details are collected and stored by Paddle, our merchant of record; we never see your full payment details. Legal basis: contract and legal obligation.
- Waitlist emails — if you join a chain waitlist we store your email and the chain. Waitlist confirmation uses double opt-in; you can leave the list with one click. Legal basis: consent.
- Operational logs — short-lived server logs (including hashed IP addresses used for rate limiting) to keep the service secure. Legal basis: legitimate interest.
We deliberately collect no advertising identifiers and run no third-party ad or cross-site tracking scripts.
3. What we do NOT collect
- No hotel loyalty account credentials — we never ask for them.
- No payment card numbers (Paddle holds those as merchant of record).
- No precise device location — you type the destination you want watched.
4. Processors we use
- Google Firebase / Google Cloud — authentication and database hosting.
- Vercel — web application hosting.
- Paddle — payments, tax, and invoicing (merchant of record).
- Email delivery provider — transactional alert and digest email delivery.
- Telegram — only if you link the alert bot yourself.
5. International transfers
PointSnipe is operated from Israel, which holds a European Commission adequacy decision — personal data of EU/EEA users may be transferred to Israel without additional safeguards. Our processors may process data in the EU and the United States under their own compliance frameworks (standard contractual clauses or adequacy, as applicable).
6. Retention
- Account and watch data: kept while your account exists.
- Alerts and price history: kept per your plan's history window and pruned on schedule.
- Deleted accounts: personal data is removed in a full cascade within 30 days (backups age out on their own cycle).
- Operational logs: at most 90 days.
7. Your rights
You can exercise all of these directly in Settings → Data & privacy, or by emailing us:
- Export — download your data (account, watches, alerts) as JSON.
- Delete — delete your account and all personal data, full cascade, no support ticket required.
- Access, rectification, restriction, objection, portability — as provided by the GDPR and Israel's Privacy Protection Law; email us and we'll respond within 30 days.
- You may lodge a complaint with your local supervisory authority.
8. Email practices
Alerts and digests you configured are transactional — they are the service. Anything promotional is separate, opt-in only, and carries a one-click unsubscribe. Chain waitlists use double opt-in confirmation.
9. Children
PointSnipe is not directed at children and we do not knowingly collect data from anyone under 16.
10. Changes and contact
We'll announce material changes to this policy by email or in-app before they take effect. Data controller: PointSnipe (operator: sole proprietor, Israel; EU representative under GDPR Art. 27 to be appointed at launch — placeholder pending counsel review). Contact: support@pointsnipe.com.