← Back

Privacy Policy

Last updated: April 23, 2026

Who we are

Market Arc is a price tracking service operated from London, United Kingdom. We monitor retail product prices and notify you by email when prices drop.

Data controller contact: support@market-arc.net

What we collect and why

• Email address — required for your account and to send you price drop alerts.
• Password — required to sign you in. Stored as a bcrypt hash; we never see or store your plain-text password.
• Authentication token — a signed session identifier stored in your browser by the extension, so you stay signed in without re-entering your password each visit.
• Product URLs and prices — the pages you explicitly choose to track, plus any competitor URLs you link to your products (Business plan only).
• Profile (optional) — age range, gender, country, only if you choose to provide them. This is entirely optional and can be skipped.
• Usage metadata — the timestamp of your last visit, your IP address (for rate limiting and security), and the pricing plan you are on.

What we do NOT collect

The browser extension has broad host permissions to make price detection work on any retailer you visit. However, we explicitly do not:

• Monitor, log, or transmit your browsing history
• Read page content on any site unless you click the Market Arc icon
• Track your location beyond the country you optionally provide
• Collect information from forms, search boxes, or authentication pages on other sites
• Use cookies or trackers for advertising purposes

The extension only reads the price and product URL when you explicitly click its icon on a product page.

Legal basis (UK GDPR)

We rely on:

• Contract (Article 6(1)(b)) — to provide the price tracking service you signed up for.
• Legitimate interests (Article 6(1)(f)) — for security, rate limiting, and abuse prevention (IP address, usage metadata).
• Consent (Article 6(1)(a)) — for optional profile information.

How long we keep your data

We keep your data while you are an active user. If you delete your account or unsubscribe, we delete all your data — including email, password, tracked products, competitor links, and price history — within 30 days. You can request immediate deletion at any time. Under UK GDPR we will respond to all data subject requests within one month.

Your rights

• Right to erasure — email support@market-arc.net and we will delete all your data immediately. Or use the unsubscribe link in any email we sent you.
• Right of access — email us and we will tell you exactly what data we hold about you.
• Right to rectification — you can update your email or profile information at any time in your account settings.
• Right to data portability — you can export your tracked products and price history from your account dashboard.
• Right to object — unsubscribe at any time using the link in any email.
• Right to complain — you can contact the UK Information Commissioner's Office (ICO) at ico.org.uk if you believe we have mishandled your data.

Who we share data with

We do not sell your data. We use the following third-party processors under data processing agreements:

• Resend — to send transactional emails (your email address is shared with them).
• ScrapingBee — to fetch product prices from retailer websites (only product URLs are shared, never your email or personal data).
• Render — our hosting provider (data stored in their EU/US infrastructure with standard contractual clauses).
• Cloudflare — CDN and DNS for our landing page (standard server logs only).

Chrome Web Store Limited Use

Market Arc's use of information received from the Market Arc browser extension complies with the Chrome Web Store User Data Policy, including the Limited Use requirements. We only use your data to provide the price tracking service. We do not sell, transfer, or use your data for advertising, credit decisions, or any other purpose outside providing and improving the price tracking service you signed up for.

Cookies

We use a single session cookie for the admin panel only. No tracking cookies, no advertising cookies, no third-party cookies. The browser extension stores your authentication token in browser storage (not a cookie) so you stay signed in across sessions.

Security

All data is transmitted over HTTPS. Passwords are stored as bcrypt hashes — we never see your plain-text password. Authentication tokens are signed with a server-side secret. Database access is restricted to authenticated backend processes.

Changes

If we make material changes to this policy, we will update the date above and notify you by email if the change materially affects how we process your data.