Privacy Policy

Contact details you give us. When you request the full sample, we collect your name, company, job title, role function, company email address, revenue range, and pricing model. Optionally, UTM parameters from the URL you arrived on (no third-party advertising trackers).
Legal basis (GDPR): your consent (Art. 6(1)(a)) — the consent checkbox on the lead form.

Data you upload for analysis. When you run the diagnostic on your own CSV or upload documents to the copilot, those files are processed in memory to compute your results and are then deleted. We do not store your uploaded deal data and do not use it to train any model.
Legal basis (GDPR): performance of the engagement we have with you (Art. 6(1)(b)) for paying customers, or your explicit consent (Art. 6(1)(a)) for ad-hoc use.

Access codes. If you are issued an access code, we record it and when it is used.
Legal basis (GDPR): our legitimate interest in controlling access to non-public functionality (Art. 6(1)(f)).

Pricing URLs you submit. For the Competitor Watch feature, we fetch and analyze the competitor pricing URLs you enter. We honor robots.txt on the target site, maintain a kill-switch for any host that asks us to stop, and cache fetched content for no more than one hour.

Basic technical logs. Standard server logs (e.g., IP address, request timestamp, user-agent) retained for security, fraud prevention, and reliability.
Legal basis (GDPR): legitimate interest in operating and securing the Service (Art. 6(1)(f)).

To generate the written summary, the copilot answers, the column-mapping suggestions, and the competitor-plan extractions, we send aggregate analysis figures, column header names, document chunks you uploaded, your question text, and (for Competitor Watch) the public pricing-page text to our cloud LLM provider (OpenAI). We do not send row-level deal data. The provider operates under a written data-processing addendum that prohibits the use of inputs and outputs for model training.

Every recommendation surfaced by the Pricekeel copilot is generated by deterministic Python from the customer’s own analysis. The cloud LLM only narrates the structured opportunities; it is forbidden in its system prompt from inventing numbers, companies, or plans. Each surfaced opportunity is logged with its supporting math so a CFO can audit it back to the source signal.

This is an AI-assisted system within the meaning of the EU AI Act. We treat it as “limited risk” (informational, human-in-the-loop) and disclose AI involvement wherever it appears in the product.

To provide the diagnostic and guidance, to deliver copilot answers grounded in your own analysis and documents, to extract and compare competitor plan structures you submit URLs for, to follow up with you about your results and the product, and to administer access. We do not sell or share personal information for third-party advertising, and we do not use uploaded deal or document data to train any model.

We use a small set of subprocessors (hosting, database, LLM provider, email host, DNS). The full current list with regions and DPA links is at /subprocessors. They process data only on our instructions and only to provide their service to us.

For uploaded deal data shared during an engagement, a mutual non-disclosure agreement also governs handling. A Data Processing Addendum is available on request for business customers — email adhithya@pricekeel.com.

All subprocessors are headquartered in the United States. Where personal data of individuals located in the EU/EEA, UK, or Switzerland is transferred to the United States, the transfer relies on the European Commission’s Standard Contractual Clauses (SCCs) referenced in the relevant subprocessor DPA, and on the EU-U.S. Data Privacy Framework where the recipient is certified. A transfer impact assessment is available on request.

We use two functional cookies, both strictly necessary to operate the Service: pk_lead (remembers that you have unlocked the sample diagnostic) and pk_access (remembers that you have entered a valid access code for your own data). We do not use advertising, retargeting, or cross-site tracking cookies, and we do not load third-party analytics that set cookies.

• Lead contact details: 24 months after your last interaction, then deleted unless you are a paying customer.
• Access codes: until revoked or 12 months after last use, whichever is sooner.
• Uploaded CSV / document files: zero — processed in memory and not persisted after the analysis completes.
• Cached competitor pricing-page content: one hour maximum, in memory only.
• Server logs: 30 days.
• Decision log of copilot recommendations: for the duration of your active engagement, plus 12 months for audit purposes.

Encryption in transit (TLS 1.2+) on all endpoints. Encryption at rest on the database (AES-256 via Supabase). Secrets stored in encrypted environment-variable stores. Server-side service-role access only to the database; no anon key in the browser. Multi-factor authentication enforced on every admin account. Change management via GitHub pull requests with CI. Daily automated database backups. The full security posture is at /trust.

Depending on where you live (for example under GDPR, UK GDPR, CCPA / CPRA, PIPEDA, or LGPD), you may have the right to access, correct, delete, port, or object to processing of your personal information. To exercise these rights, email adhithya@pricekeel.com with the subject line “Data Subject Request”. We will respond within 30 days. We may verify your identity before providing access to or deleting data.

California residents: we do not sell or share personal information as defined by the CCPA / CPRA. You may exercise your right to know, to delete, and to correct using the email above.

The Service is intended for business users and is not directed to individuals under 16. We do not knowingly collect personal data from anyone under 16. If you believe we have inadvertently done so, email adhithya@pricekeel.com and we will delete it.

In the event of a confirmed personal-data breach involving your data, we will notify the email address on file within 72 hours of becoming aware of the breach, and supervisory authorities where required by law.

We will post any changes to this policy here with an updated effective date. For paid customers, material changes will also be notified by email. Questions? Email adhithya@pricekeel.com.