Privacy Policy

Last updated: February 15, 2026

PriceDock B.V. (“we”, “us”, “our”), registered in the Netherlands, is the data controller for personal data processed through the PriceDock platform at pricedock.io. This Privacy Policy explains what data we collect, why we collect it, and how we protect it.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, company name, and password. Passwords are stored as salted bcrypt hashes and are never stored or transmitted in plain text. If you enable two-factor authentication, we store your TOTP secret and recovery codes (encrypted at rest).

1.2 Billing Information

If you subscribe to a paid plan, billing information (payment method, billing address) is collected and processed by our payment processor. We do not store credit card numbers or bank account details on our servers.

1.3 Product Catalog Data

You provide product data including titles, prices, cost prices, EAN/GTIN codes, SKUs, brand names, and product images. This data is processed to deliver pricing intelligence services. Product images are used to generate vector embeddings (numerical representations) for AI-powered product matching. These embeddings are stored in our database and cannot be reverse-engineered back into the original image.

1.4 Integration Credentials

If you connect third-party platforms (Shopify, WooCommerce, Amazon, Bol.com), we store the API credentials you provide. These credentials are encrypted at rest using AES-256 and are used solely to sync data between PriceDock and your connected platforms. Credentials are deleted immediately when you disconnect an integration or delete your account.

1.5 Competitor Data

PriceDock collects publicly available pricing, stock, and product information from competitor websites on your behalf. This data is associated with your account and used to generate pricing insights. We do not access password-protected areas or circumvent technical access restrictions on third-party websites.

1.6 Usage Data

We automatically collect information about how you interact with the platform, including pages visited, features used, timestamps, IP address, browser type, and device information. This data is used to maintain and improve the Service.

2. Legal Basis for Processing (GDPR)

We process personal data under the following legal bases:

  • Contract performance — Processing your account data, product data, and integration credentials is necessary to provide the Service you subscribed to.
  • Legitimate interest — Usage analytics, fraud prevention, and service improvement. We balance our interests against your privacy rights and do not process data in ways you would not reasonably expect.
  • Legal obligation — Retaining invoicing records and responding to lawful data requests from authorities.
  • Consent — Marketing communications and non-essential cookies. You can withdraw consent at any time.

3. How We Use Your Information

  • Provide, maintain, and improve the pricing intelligence platform
  • Collect and process competitor pricing data on your behalf
  • Generate AI product matches using image recognition, structured identifiers (EAN, GTIN, ASIN, MPN), and text similarity
  • Sync pricing data with your connected e-commerce platforms
  • Send transactional emails (account confirmations, price alerts, import reports)
  • Respond to support requests and communicate about your account
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your product data, competitor data, or pricing strategies for any purpose other than delivering the Service to you. We do not use your data to train machine learning models that benefit other customers.

4. Cookies

We use essential cookies to maintain your authenticated session and preferences. We may use privacy-focused analytics to understand platform usage patterns. See our Cookie Policy for details on the specific cookies we use and how to manage them.

5. Third-Party Services

We share data with the following categories of service providers, all bound by data processing agreements:

  • Hosting and Infrastructure: Cloud hosting providers (EU-based) that store and process data on our behalf. Database servers run PostgreSQL with encryption at rest.
  • Payment Processing: PCI-compliant payment processors that handle billing transactions. We do not store payment card data.
  • Email Delivery: Transactional email services for account notifications, price alerts, and import reports.
  • Connected Platforms: When you connect an integration (Shopify, WooCommerce, Amazon, Bol.com), we transmit pricing data to those platforms using the credentials you provide. This data flow is initiated by you and operates within the scope of your integration configuration.

We do not share your data with advertising networks, data brokers, or any party not directly involved in delivering the Service.

6. Data Retention

Data TypeRetention Period
Account informationDuration of account + 30 days after deletion
Product catalog dataDuration of account + 30 days after deletion
Image embeddingsDeleted with the associated product record
Integration credentialsDeleted immediately on disconnect or account deletion
Competitor pricing historyUp to 24 months (for trend analysis)
Usage and audit logs12 months
Invoicing records7 years (Dutch fiscal law requirement)

After the retention period, data is permanently deleted. Anonymized, aggregated statistics (e.g., total platform match count) may be retained indefinitely but cannot be linked to individual accounts.

7. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation:

  • Access — Request a copy of the personal data we hold about you, including product data and usage logs.
  • Rectification — Request correction of inaccurate or incomplete data.
  • Erasure — Request deletion of your personal data. We will delete your account and all associated data within 30 days, except where retention is required by law.
  • Portability — Request your product catalog and competitor data in a structured, machine-readable format (JSON or CSV).
  • Restriction — Request that we limit processing of your data while a complaint or rectification request is being resolved.
  • Objection — Object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds.
  • Withdraw consent — Where processing is based on consent (e.g., marketing emails), you can withdraw at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@pricedock.io. We respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption in transit: All connections use TLS 1.2 or higher.
  • Encryption at rest: Database storage and backups are encrypted. Integration credentials use AES-256 encryption.
  • Authentication: Passwords are hashed with bcrypt. Two-factor authentication (TOTP) is available for all accounts.
  • Access control: Role-based access control (RBAC) limits data access within your organization. Administrative actions are logged in an audit trail.
  • API security: API access requires authentication tokens and is subject to rate limiting.

9. International Transfers

We process data primarily within the European Economic Area. Where data is processed outside the EEA (e.g., by a sub-processor), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission or an adequacy decision.

10. Children

PriceDock is a business-to-business service. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes are communicated by email or through a notice in the platform at least 30 days before they take effect. Your continued use of PriceDock after the effective date constitutes acceptance. Previous versions of this policy are available upon request.

12. Contact

If you have questions about this Privacy Policy, our data practices, or wish to exercise your rights, contact us at:

PriceDock B.V.
Data Protection Contact
Email: privacy@pricedock.io
Website: pricedock.io

Supervisory authority: Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl