1. Introduction

Underpriced ("we," "our," or "the Service") is a web application that provides AI-powered deal analysis for online marketplace listings. We are committed to protecting your privacy and being transparent about our data practices.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.

Data Controller

Entity: Underpriced

Location: Ontario, Canada

Contact: support@underpriced.app
2. Information We Collect

Account Information (via Google Sign-In)

When you sign in with Google, we receive and store:

Your name (display name)
Email address
Profile picture URL
Google User ID (unique identifier)


We do NOT receive or store your Google password.

Uploaded Content

When you analyze a listing, we process:

Screenshots and images you upload
Source URLs of listings (if provided)
Asking prices you input
Any additional context you provide


Images are processed by AI and stored to enable your analysis history feature.

Usage Data

We automatically collect:

Analysis history and results
Favorites and saved items
Flip Tracker inventory data (items, costs, sales)
Feature usage patterns
Analysis count and subscription status


Payment Information

Payments are processed by Stripe. We do NOT store your credit card details. Stripe may store:

Card last 4 digits (for display purposes)
Card brand (Visa, Mastercard, etc.)
Billing address
Payment history


See Stripe's Privacy Policy for details.

Technical Data

When you visit our website, we may collect:

IP address (anonymized for analytics)
Browser type and version
Device type (desktop/mobile)
Operating system
Referring URL
Pages visited and timestamps


1. How We Use Your Information

We use collected information to:

Provide the Service: Process your image analyses using AI, display results, maintain history
Manage Accounts: Create and authenticate your account, manage subscriptions
Process Payments: Handle subscription billing through Stripe
Improve the Service: Analyze usage patterns to improve features and AI accuracy
Communicate: Send service-related emails (account, subscription, important updates)
Detect Abuse: Prevent fraud, abuse, and Terms violations
Legal Compliance: Comply with legal obligations and respond to lawful requests


Legal Bases for Processing (GDPR)

Contract: Processing necessary to provide the Service you requested
Legitimate Interest: Improving our Service, preventing fraud, analytics
Consent: Marketing emails (opt-in only)
Legal Obligation: Tax records, responding to lawful requests


1. Third-Party Services

We use the following third-party services to operate:

Google Firebase

Authentication (Google Sign-In) and database storage (Firestore). Firebase Privacy

Google Gemini AI

Processes your uploaded images to generate analysis results. Images are sent to Google's AI systems. Google Privacy

Stripe

Payment processing for subscriptions. We never see or store your full card number. Stripe Privacy

Vercel

Website hosting and privacy-friendly, cookieless analytics. Vercel Privacy

eBay API (Optional)

When you request comparable listings, we may query eBay's API. No personal data is shared with eBay.
5. Data Storage & Security

Infrastructure: Your data is stored securely using Google Firebase infrastructure (US-based servers).

Security Measures:

Encryption in transit (TLS/HTTPS)
Encryption at rest (Firebase default encryption)
Secure authentication via Google Sign-In
Access controls and principle of least privilege
Regular security reviews


⚠️ No System is 100% Secure

While we implement industry-standard security measures, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security.

Incident Response

In the event of a data breach affecting your personal data, we will:

Assess and contain the incident
Notify affected users without undue delay via email
Comply with breach notification laws (GDPR 72-hour rule, PIPEDA, CCPA)
Disclose the nature of the breach and steps taken


Report security issues to support@underpriced.app with subject "SECURITY".
6. Data Retention

Account Information

Retained as long as your account is active. Deleted upon account deletion request.

Uploaded Images

Automatically deleted after 30 days. This is automatic — we do not retain images indefinitely.

Analysis Results (Text)

Retained longer than images to enable your history feature. You can manually delete individual analyses or all history.

Flip Tracker Data

Retained until you delete items or your account.

Payment Records

Retained as required for tax and legal compliance (typically 7 years).
7. Data Sharing

✓ We do NOT sell, trade, or rent your personal information to third parties.

We share data only:

With Service Providers: Firebase (storage), Google Gemini (AI processing), Stripe (payments), Vercel (hosting) — only as necessary to operate the Service
When Required by Law: In response to valid legal process (subpoenas, court orders, government requests)
To Protect Rights: To enforce our Terms, protect our rights, or prevent fraud/abuse
Business Transfers: In connection with mergers, acquisitions, or asset sales (you will be notified)


1. Your Rights

All users have the right to:

Access: View your personal data (available in-app: Account Center)
Correction: Request correction of inaccurate data
Deletion: Delete your account and data (Account Center → Preferences → Delete Account)
Export: Download your data in a portable format
Opt-Out: Unsubscribe from marketing emails anytime


California Residents (CCPA Rights)

Right to Know: Request what personal information we collect
Right to Delete: Request deletion of your personal information
Right to Opt-Out of Sale: We do NOT sell personal information
Right to Non-Discrimination: You won't be treated differently for exercising rights


Do Not Sell My Personal Information: We do NOT sell personal information.

EU/UK Residents (GDPR Rights)

Data Portability: Receive your data in a structured, machine-readable format
Restriction: Request restriction of processing in certain circumstances
Objection: Object to processing based on legitimate interests
Withdraw Consent: Withdraw consent at any time (where consent is the legal basis)
Lodge Complaint: File a complaint with your local Data Protection Authority


How to Exercise Your Rights

Email support@underpriced.app with subject "Data Request" and include:

Your email address (to locate your data)
Your specific request (access, deletion, correction, export)
Verification (we may ask you to confirm from the email on file)


Response Time: Within 30 days (GDPR) or 45 days (CCPA).
9. Cookies & Tracking

Essential Cookies: We use essential cookies and local storage to maintain your session and preferences. These are necessary for the Service to function.

Analytics: We use Vercel Analytics, a privacy-friendly, cookieless analytics service. It does NOT:

Store your IP address (anonymized immediately)
Use cookies or persistent identifiers
Track you across sites
Collect personal information


Third-Party Advertising: We do NOT use third-party advertising trackers, retargeting pixels, or behavioral advertising.
10. Marketing Communications

With your explicit opt-in consent, we may send emails about:

Deal tips and flipping strategies
New features and updates
Special offers and promotions


Opt-Out: You can unsubscribe anytime from Preferences or by clicking "Unsubscribe" in any email.

We never share your email with third parties for their marketing purposes.
11. Children's Privacy

The Service is not intended for children under 13 (or 16 in the EU/UK). We do not knowingly collect personal information from children.

If we learn we have collected information from a child under the applicable age, we will delete it promptly. If you believe we have collected such information, contact us at support@underpriced.app.
12. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. By using the Service, you consent to such transfers.

EU/UK Users: We rely on:

Standard Contractual Clauses (SCCs) for data transfers
Service provider compliance with data protection requirements
Adequacy decisions where applicable


1. Browser Extension Privacy

If you use our browser extension:

Permissions: The extension requires permissions to read page content on marketplace sites to detect listings
What It Does: Extracts listing information (title, price, images) when you trigger analysis
What It Doesn't Do: Track your browsing history, read passwords, access other sites, or run in the background
Data Transmission: Data is only sent when you explicitly request an analysis


The extension is open for review in Chrome Web Store. We only install from official distribution channels.
14. Changes to This Policy

We may update this Privacy Policy from time to time. When we make changes:

We will update the "Last Updated" date at the top
Material changes will be communicated via email and/or in-app notification
Continued use after changes constitutes acceptance


We encourage you to review this Policy periodically.
15. Future Service Changes

If we introduce new features that involve additional data collection (e.g., new AI capabilities, social features), we will:

Update this Privacy Policy with detailed information
Notify users via email and/or in-app before changes take effect
Make new data collection opt-in where appropriate
Provide at least 30 days notice for material changes


We will NOT silently add tracking or data collection to existing features.
16. Contact Us

For privacy questions, data requests, or concerns:

Email: support@underpriced.app

Subject Line: "Privacy Inquiry" or "Data Request"

Website: underpriced.app

Regulatory Inquiries

Regulators may contact us at support@underpriced.app with subject "REGULATORY INQUIRY".