Privacy Policy

Last updated: 16 December 2025

Introduction

The platform at diditchange.app (the "Platform") and the website change monitoring service DidItChange.app (the "Service") is operated by Andersson-Larsson Holding AB with company registration no. 559254-7078 ("we", "us", "our").

This Privacy Policy contains information about how we collect and process Personal Data that we get access to when users visit our Platform or use the Service. This Privacy Policy also contains information about the storage of Personal Data, deletion of Personal Data, legal basis for the Processing of Personal Data and Data Subject's rights according to GDPR. We handle Personal Data in accordance with the GDPR and any subordinate legislation and regulation implementing the GDPR which may apply (the "Data Protection Requirements") in accordance with the principle of accountability.

This Privacy Policy is reviewed annually and updated as needed. The latest version is always publicly available at diditchange.app/privacy.

Definitions

All references to "Personal Data", "Processing", "Data Subject", "Sub-processor", "Personal Data Breach", "Supervisory Authority" and any other capitalized terms not defined herein shall have the same meaning in this Privacy Policy as stated in article 4 of the GDPR.

  • Service: DidItChange.app, a website change monitoring service.
  • GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
  • SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
  • Platform: diditchange.app.

How We Collect Personal Data

We most usually receive Personal Data when we enter into an agreement; through the users' use of the Service or access to our Platform; when the user signs in using magic link authentication; when the user contacts us by e-mail; or in connection with registration to any newsletter from us.

What Personal Data We Collect

We try to work primarily through the principle of purpose limitation and data minimization regarding the storage of Personal Data, by only Processing Personal Data that is necessary, adequate and relevant for each individual purpose.

Personal Information

  • When a user signs in using magic link authentication, we collect and store: email address.
  • Notification preferences and account settings.
  • Subscription status and billing-related information (processed by our payment provider).

Usage Information

  • Tracked URLs that users submit for monitoring.
  • Page content snapshots and detected changes for tracked URLs.
  • AI-generated change summaries and analysis.

Why We Process Personal Data and the Legal Basis for the Processing of Personal Data

The legal basis we mainly base the Processing of Personal Data on is "Contract". This legal basis gives us the right to Process Personal Data in order to fulfill our obligations under a contract with the Data Subject.

If the Data Subject has consented to the Personal Data Processing, through voluntary active approval to the Processing, we may Process the Personal Data on the legal basis of "Consent". A given consent can be revoked at any time and in such cases the Processing of the Personal Data shall cease, but this only applies if the Personal Data is no longer necessary for us to Process in order to fulfill our obligations under a contract or other legal obligations.

We have the right to Process Personal Data if we have a legal obligation to do so, for example according to the Swedish Bookkeeping Act (1999:1078). In such cases, only necessary Personal Data will be Processed. Personal Data that is part of any necessary accounting documentation is stored for as long as the law requires.

We have the right to Process Personal data, based on the legal basis "Legitimate interests", in order to for example market the Service, provide good support, improve our services, the Platform or the Service etc. However, sensitive Personal Data is never Processed on this legal basis. The Data Subjects always have the right to object in writing if the Data Subject do not want us to use their Personal Data for marketing. We have the right to Process Personal Data on this legal basis in order to comply with applicable law, demand payment for a past due claim, report a debt or protect our rights/property and to prevent crimes.

How We Use Your Information

  • To provide and maintain our website monitoring service
  • To process your payments through our payment processor
  • To capture and analyze web page content for change detection
  • To generate AI-powered change summaries
  • To send you email notifications about detected changes
  • To improve our service and develop new features
  • To respond to your requests and support inquiries

AI Processing of Page Content

Our service uses AI models to analyze detected changes and generate summaries. The AI processing is applied only to the publicly accessible web page content that you track, not to personal data. The results of this analysis are stored in our application database.

It's important to note that while we use Azure OpenAI for AI analysis, we do not transfer or store any personal data on this platform. This service is used exclusively for processing website content, and personal user data remains stored on our main application hosted on Render.com (EU-based).

MCP Integration and AI Assistants

Our service integrates with AI assistants (such as ChatGPT and Claude) via the Model Context Protocol (MCP). When you connect an AI assistant to DidItChange.app, the assistant can access your tracked URLs, detected changes, and change summaries through our API.

You control access to your data through OAuth authorization. When you authorize an AI assistant, you grant it permission to read your tracking data for the duration of the session. We do not share your email address or account credentials with AI assistants. You can revoke access at any time through your account settings.

Storage of Personal Data

We store and Process Personal Data according to the principle of integrity and confidentiality. Our main application and database are hosted on Render.com, with servers located in the European Union.

The Personal Data associated with a user account (like the user's email) is needed to make the Service work, and will be stored for the entire time you are a customer/user. The data for tracked URLs, including page snapshots and change history, is saved as long as you are a customer or until you delete the tracked URLs.

Our service undergoes regular backups of stored data. Backup storage is saved for up to thirty (30) days. The backup files are stored securely within our cloud infrastructure.

We store Personal Data as long as it's needed and necessary to fulfill the purposes for which the Personal Data was collected. If it is necessary for us to comply with applicable legislation, we may store Personal Data for a longer period for that purpose. Personal Data that is no longer needed will be deleted according to the principle of storage limitation.

Data Storage and Security

We implement appropriate technical and organizational measures to protect your data. Your personal information is stored securely in our main application hosted on Render.com, with servers located in the European Union. Azure OpenAI and Firecrawl are only used for processing publicly accessible website content, not for storing personal data.

Third-Party Services

We use trusted third-party services for:

  • Payment processing - Polar.sh/Stripe (US, SCC/DPA in place)
  • Authentication - Stytch, magic link/passwordless login (US, SCC/DPA in place)
  • Email communications - Postmark (US, SCC/DPA in place)
  • Cloud hosting - Render.com, hosting and database (EU)
  • Web scraping - Firecrawl, page content capture (US, no personal data processed)
  • AI analysis - Azure OpenAI, change summaries (EU West Europe, no personal data processed)

Sub-processor and Transfer of Personal Data

We have the right to engage Sub-processors to fulfill the obligations under the agreement between us and the Data Subject. We engage Sub-processors as part of the delivery of the Service and Platform. This means that we may disclose Personal Data to Sub-processors, to fulfill our obligations under the Agreement, applicable legislation, legal obligations, to safeguard our legal interests or to detect and prevent technical or security issues with the Service. The Data Subjects are entitled to request a complete overview on which Sub-processors that are involved in the Processing of the Data Subjects Personal Data.

The Data Subjects Rights

The Data Subjects have certain rights according to GDPR regarding the Processing of their Personal Data. The Data Subjects have the right to:

  • information about what Personal Data that is being Processed and to whom it is shared.
  • access the Personal Data that is being Processed.
  • ask for modifications of the Personal Data.
  • withdraw a previously given consent for the Processing of Personal Data for a specific purpose.
  • object to the Processing of the Personal Data.
  • object to automated Processing of the Personal Data and to a decision based on an automated processing.
  • be forgotten and to ask for the deletion of Personal Data.
  • transfer the Personal Data to another controller (data portability).
  • submit complaints to us, or the Swedish Authority for Privacy Protection which is the Supervisory Authority or other equivalent regulatory authority in the data subject's state.
  • get information about any Personal Data Breach concerning the Personal Data of the data subject.

You may contact us if you request any of the above-mentioned rights, regarding your Personal Data. However, some of the rights apply only in certain situations.

Deletion of Stored Personal Data

You can delete your account and all associated personal data through the account settings in the application, or by sending an email to hi@diditchange.app. After account deletion is initiated, all data related to you will be deleted within 30 days. Backup copies may persist for up to 30 days in accordance with our backup retention policy, after which they are also permanently deleted.

Tracked URLs, page snapshots, and change history will be permanently deleted within 30 days of account deletion, except where retention is required by law.

Security Measures

We certify that our activities and security measures are conducted in a manner that ensures compliance with the provisions and requirements of the GDPR regarding adequate protection of Personal Data Processing (according to the principle of integrity and confidentiality). All our internal registers and systems that contain Personal Data are password protected. We have also developed internal routines for employees with access to the databases containing Personal Data, in order to protect the data, and only authorized employees with a direct need for access to the Personal Data in order to perform their tasks have access to them. We also work according to the data protection principles (Article 5 GDPR) and ensure that our employees are aware of the principles.

Personal Data Breach

All Personal Data Breaches will be documented internally and reported to the Swedish Authority for Privacy Protection within 72 hours, when it is required according to the GDPR.

Children's Privacy

Our Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us at hi@diditchange.app. If we become aware that we have collected personal data from a child under 16 without verification of parental consent, we will take steps to remove that information from our servers.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.

How to Contact Us

You are always welcomed to contact us, if you have any questions regarding this Privacy Policy or our Processing of Personal Data. You can send us a message at hi@diditchange.app, and we will try our best to resolve your concerns and answer your message without undue delay.