Privacy Policy

Last updated: April 6, 2026

1. What DiffTrax Is

DiffTrax is a Chrome extension and web service that monitors websites for changes on behalf of its users. It is operated by DiffTrax as a sole proprietorship based in San Diego, California.

2. What We Collect

  • Account information: your email address and password (password is hashed and stored by our authentication provider, Supabase. We never see or store your plaintext password).
  • Monitor configurations: the URLs you choose to monitor and the natural language descriptions you provide.
  • Payment information: if you subscribe to a paid plan, payment is processed by Stripe. We do not store credit card numbers or payment details on our servers. Stripe's privacy policy governs payment data.
  • Usage data: we log basic operational data such as API request counts, error logs, and LLM token usage for cost tracking. These logs do not contain page content.

3. What We Do NOT Collect

  • We do not store raw page content. When the extension captures a page for analysis, the content is sent to our API, processed by our AI provider, and discarded. We store only the structured extraction result and change summary.
  • We do not use cookies on our website. The extension stores your authentication session locally in your browser using Chrome's storage API.
  • We do not run analytics or tracking scripts on our website or in the extension.
  • We do not sell, rent, or share your personal information with advertisers.

4. Third-Party Services

We use the following third-party services to operate DiffTrax:

  • Supabase (database and authentication, hosted in us-west-1)
  • Anthropic (AI processing for change detection. Page content is sent to Anthropic's Claude API for analysis. Anthropic's usage policies apply.)
  • Stripe (payment processing)
  • Resend (transactional email delivery)
  • Fly.io (API server hosting)
  • Vercel (website hosting)
  • Cloudflare (DNS and domain management)

Each provider has its own privacy policy. We encourage you to review them.

5. Data Retention

  • Monitor data and alert history are retained for the duration specified by your plan (7, 30, or 90 days depending on tier).
  • Account information is retained until you delete your account.
  • You can request deletion of your account and all associated data by emailing hello@difftrax.io.

6. Your Rights

If you are in the EU, UK, or California, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to processing of your data

To exercise these rights, email hello@difftrax.io.

7. Security

We use encryption in transit (HTTPS/TLS) for all connections. Database access is controlled via row-level security policies. API keys and secrets are stored as environment variables, not in code.

8. Children

DiffTrax is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

9. Changes

We may update this policy from time to time. Changes will be posted on this page with an updated date. Continued use of DiffTrax after changes constitutes acceptance.

10. Contact

For privacy questions or data requests: hello@difftrax.io