Privacy Notice

Last updated: 16 December 2025

1. Introduction

InstantAlert (“we”, “us”, “our”) respects your privacy and processes personal data in accordance with the General Data Protection Regulation (GDPR). In this privacy notice, we explain which data we process, for what purposes, on which legal bases, and which rights you have.

Controller

InstantAlert - LexMulier

Email: info@instantalert.me

2. Personal data we process

We process the following categories of personal data (where applicable):

  • Account data: name (optional), email address, hashed password, role/subscription, verification status
  • Profile and settings: language, notification preferences (email, push, webhook)
  • Searches: the search criteria you configure for external platforms
  • Match results/alerts: metadata of found listings (title, URL, price, location, timestamp, platform name)
  • Payment data: processed via Stripe; we do not store full card details
  • Log and usage data: IP address, user agent, device and session IDs, timestamps, error and audit logs
  • Cookie and tracking data: functional cookies and optional analytics/marketing cookies

3. Purposes and legal bases

We process your data for the following purposes:

  • Providing the service & notifications (performance of a contract, Art. 6(1)(b) GDPR)
  • Account and customer management (performance of a contract / legitimate interest)
  • Payments & invoicing (performance of a contract / legal obligation)
  • Security & integrity (legitimate interest)
  • Analysis & improvement (legitimate interest or consent)
  • Marketing communication (consent)
  • Compliance with laws (legal obligation)

4. Source of data

We receive data directly from you and generate technical data (logs) when you use our service. For listing metadata, we retrieve information from external platforms based on your searches. We are not affiliated with these platforms.

5. Sharing of data

We only share your data with processors that are necessary to deliver our service:

  • Hosting & database (Supabase or an equivalent EU-based data centre)
  • Payment processing (Stripe)
  • Email/push providers (e.g. Postmark/OneSignal)
  • Monitoring/analytics tools (e.g. Sentry/Plausible), if used

We conclude data processing agreements with our processors and we do not sell personal data.

6. Transfers outside the EEA

If data is processed outside the European Economic Area, we ensure appropriate safeguards such as EU Standard Contractual Clauses or the EU–US Data Privacy Framework.

7. Security

  • Encryption in transit (TLS) and, where possible, at rest
  • Least-privilege access, admin 2FA, and logging
  • Regular patching, vulnerability management, and backups

No measure is 100% secure, but we aim for an appropriate level of protection given the nature of the data and our service.

8. Retention periods

  • Account data: for as long as the account is active
  • Searches and alert history: in line with subscription limits and up to 12 months
  • Billing/accounting data: 7 years (statutory retention)
  • Backups and logs: up to 90 days, unless needed for incident investigation
  • After cancellation, we delete or anonymise data within 30 days, unless a legal retention obligation applies

9. Your rights

You have the right to access, rectification, erasure, restriction, data portability, and the right to object. You can exercise your rights via your account settings or by emailing info@instantalert.me. We will respond within one month and may ask for additional information to confirm your identity.

You also have the right to lodge a complaint with your local data protection authority. In the Netherlands this is the Autoriteit Persoonsgegevens.

10. Cookies and similar technologies

We use functional cookies and, with your consent, analytics or marketing cookies. You can manage your preferences via the cookie banner or our Cookie Policy.

11. External platforms

  • InstantAlert is not part of and not affiliated with external platforms.
  • We respect the terms and robots rules of these platforms.
  • Links to listings lead to the relevant platform; their own privacy policy applies there.

12. Automated decision-making

We do not make decisions based solely on automated processing (including profiling) that produce legal effects for you or similarly significantly affect you.

13. Minors

Our service is not directed at children under 16 years of age. If we become aware that we have collected data from a child, we will delete it.

14. Changes to this privacy notice

We may update this privacy notice from time to time. For material changes, we will inform you by email or via an in-app message. Please check the current version regularly.

15. Contact

Email: info@instantalert.me