Privacy Policy

1. Who we are

Drexo ("Drexo," "we," "us," or "our") provides a mobile application and related services that monitor online product pages and notify you about restocks and price changes (the "Service"). This Privacy Policy explains what information we collect, how we use it, and the choices you have.

For the purposes of the EU/UK General Data Protection Regulation (GDPR), the data controller is [COMPANY LEGAL NAME], [REGISTERED ADDRESS]. If you have questions, contact us at privacy@drexoapp.com.

2. Information we collect

Information you provide

• Account information — when you sign in (for example, via Sign in with Apple), we receive an account identifier and, if you choose to share it, your email address.
• Products you track — the URLs and product details you add to monitor, and your notification preferences.
• Support communications — information you send us when you contact support or report an issue.

Information collected automatically

• Device & usage data — app version, device type, OS version, and basic usage events needed to operate and improve the Service.
• Push notification token — to deliver restock and price-drop alerts to your device.
• Diagnostic data — crash and error logs.

Information from third parties

• Purchase data — when you subscribe, Apple processes your payment and provides us with subscription status (active, renewed, cancelled). We do not receive your full payment card details.
• Public product pages — to provide the Service, we retrieve publicly available information from the product pages you ask us to monitor (price, availability, title, image). This is page content, not your personal data.

3. How we use your information

• Provide the core Service — monitor the products you choose and send you alerts.
• Manage your account, subscription tier, and usage limits.
• Process and validate subscription purchases through Apple.
• Provide customer support and respond to your requests.
• Maintain security, prevent abuse, and debug problems.
• Improve and develop features and understand how the Service is used.
• Comply with legal obligations.

4. Legal bases for processing (EU/UK – GDPR)

If you are in the EU, EEA, or UK, we process your personal data under these legal bases:

Where we rely on consent, you can withdraw it at any time. Where we rely on legitimate interests, you can object (see "Your privacy rights").

5. How we share information

We do not sell your personal information. We share it only with:

• Service providers who help us operate the Service (for example, cloud hosting, push notification delivery, page-retrieval infrastructure, and AI processing used to read product pages). These providers act on our instructions under contract.
• Apple, for subscription processing and account sign-in.
• Legal and safety — if required by law, or to protect rights, safety, and the integrity of the Service.
• Business transfers — in connection with a merger, acquisition, or sale of assets, subject to this policy.

Key sub-processors include [CLOUD HOST], [PAGE-RETRIEVAL PROVIDER], and [AI PROVIDER]. A current list is available on request.

6. Cookies & tracking

Our website uses a small number of cookies. Strictly necessary cookies are required for the site to function and are always on. Optional analytics cookies are only set if you consent via our cookie banner; you can decline and the site still works. You can change your choice at any time by clearing the site's stored data in your browser. The Drexo app itself does not use advertising trackers.

7. Data retention

We keep personal data only as long as needed for the purposes above — typically for as long as you have an account, plus a limited period afterward for legal, security, and accounting reasons. Tracked-product data is retained while you track the item and removed when you delete it or close your account, subject to short backup-retention windows.

8. Your privacy rights

Depending on where you live, you may have the right to: access your data; correct it; delete it; restrict or object to processing; data portability; and withdraw consent. To exercise these rights, contact privacy@drexoapp.com. We will respond within the time required by applicable law. EU/UK users also have the right to lodge a complaint with their local data protection authority.

9. California privacy rights (CCPA/CPRA)

California residents have the right to know what personal information we collect, to request deletion, to correct inaccurate information, and to opt out of "sale" or "sharing" of personal information. We do not sell or share your personal information as those terms are defined under California law. You may exercise your rights by contacting privacy@drexoapp.com, and we will not discriminate against you for doing so.

10. International data transfers

We may process and store information in countries other than where you live, including the United States. Where we transfer personal data out of the EEA/UK, we use appropriate safeguards such as Standard Contractual Clauses.

11. Security

We use technical and organizational measures designed to protect your information, including encryption in transit, access controls, and least-privilege practices. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

12. Children's privacy

The Service is not directed to children under 13 (or the minimum age required in your country), and we do not knowingly collect their personal information. If you believe a child has provided us data, contact us and we will delete it.

13. Changes to this policy

We may update this policy from time to time. We will post the updated version here and revise the "Last updated" date. Material changes will be communicated as required by law.

14. Contact us

Questions or requests? Email privacy@drexoapp.com or write to [COMPANY LEGAL NAME], [REGISTERED ADDRESS].