Terms of Service - DidItChange.app

Last updated: 21 December 2025

This page contains the Terms of Service that describe your rights and responsibilities when using the DidItChange.app service. If you don't agree to be bound by these Terms, you aren't allowed to access or use DidItChange.app.

Introduction

DidItChange.app (the "Service") is a product by Andersson-Larsson Holding AB with company registration no. 559254-7078 (the "Company", "we", "us", "our"). When you (the "Customer" and/or the "User") create an account and use our Service, you agree to the following terms (the "Terms"). If you create an account on behalf of an organization, you agree to these terms on behalf of that organization.

Processing of Personal Data

We process personal data in accordance with the EU General Data Protection Regulation (2016/679) (the "GDPR").

If you delete your account from our Service, all personal data that has been collected about you will be removed within 30 days after verification of the request.

You can read more information about how we process Personal Data in our Privacy Policy.

Data Processing Agreement

These Terms include a Data Processing Agreement ("DPA"), which regulates the Customer's rights and obligations as a Personal Data Controller and the Company's rights and obligations as a Personal Data Processor, when the Company Processes Personal Data on behalf of the Controller and according to the written instructions included in the DPA.

We have the right to engage Sub-processors in fulfilling our obligations under law, these Terms and in order for the Service to be provided and improved. By entering into an agreement with us, the User accepts that we engage Sub-processors as stated in the Privacy Policy.

The full DPA is included as an addendum at the end of these Terms.

License and Service Usage

The Service is provided "as is", without warranty of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In no event shall the Company be liable for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the Service or the use or other dealings in the Service.

You are responsible for maintaining the security of your account and any Service-related credentials. We cannot and will not be liable for any loss or damage from your failure to comply with this security obligation.

Users of the service are limited to one free plan account per organization. Creating multiple accounts to circumvent free plan limitations is prohibited and may result in account termination. Free plans are intended for legitimate individual or organizational use, not for distributing access across multiple projects or entities.

AI-powered change detection and summaries are provided for convenience only and may contain inaccuracies. You are responsible for verifying all detected changes before taking action based on them. We are not liable for decisions made based on AI-generated summaries or for changes that were not detected by the Service.

Subscription and Billing

Some parts of the Service are billed on a subscription basis. You will be billed in advance on a recurring and periodic basis ("Billing Cycle"). Billing cycles are set on a monthly or annual basis.

At the end of each Billing Cycle, your subscription will automatically renew under the exact same conditions unless you cancel it or DidItChange.app cancels it.

The payment process is conducted by Polar.sh/Stripe. Polar.sh/Stripe is the Merchant of Record for all our orders. Refunds are available up until 30 days after the payment was done.

Free Trial

DidItChange.app may, at its sole discretion, offer a subscription with a free trial for a limited period of time. At the end of the free trial period, your access to premium features will be limited until you explicitly select and subscribe to a plan. We do not automatically charge you or convert your account to a paid subscription when the trial period ends.

After your trial ends, you may choose to continue with our free plan (subject to free plan limitations) or upgrade to a paid plan. The free plan is subject to the usage restrictions outlined in the License and Service Usage section.

User Content and Tracked URLs

You retain your rights to any content you submit, post or display on or through the Service. By submitting URLs for tracking to our Service, you grant us a license to access, capture, and analyze the publicly accessible content at those URLs solely for the purpose of providing the website monitoring service to you.

You are responsible for ensuring that you have the right to monitor the URLs you submit for tracking. You must only track publicly accessible web pages. We do not claim ownership over your tracked URLs or the change data we collect on your behalf.

You should avoid submitting URLs that contain personal identifiers (such as user IDs, email addresses, or other personal information in the URL path or query parameters). While we treat URLs as usage data rather than personal data, URLs containing identifiable information may be subject to data protection requirements.

You represent and warrant that you will only track websites where you have the right to monitor content, including compliance with the website's robots.txt, terms of service, and applicable copyright law. You must not track websites that explicitly prohibit automated access. You shall indemnify and hold harmless the Company from any claims resulting from your misuse of the Service.

Intellectual Property

The Service and its original content, features, and functionality are and will remain the exclusive property of DidItChange.app and its licensors. The Service is protected by copyright, trademark, and other laws.

We reserve all rights not expressly granted to you under these Terms. You may not duplicate, copy, or reuse any portion of the HTML/CSS, JavaScript, or visual design elements or concepts without express written permission from us.

While we maintain ownership of our Service, technology, and platform, we make no claim of ownership to:

Your tracked URLs and URL configurations
The change history and snapshots collected for your account
Any reports or exports you create using the Service

Marketing

The Customer agrees to the use of the Customer's logo, name, and trademark, for use in the Company's marketing materials regarding the marketing of the Service. If this is not desirable, it has to be communicated by e-mail to hi@diditchange.app.

Limitation of Liability

In no event shall DidItChange.app, nor its directors, employees, partners, agents, suppliers, or affiliates, be liable for any indirect, incidental, special, consequential or punitive damages, including without limitation, loss of profits, data, use, goodwill, or other intangible losses.

Software Reliability: You acknowledge that all software contains bugs. We are not liable for damages arising from software errors, service interruptions, missed or incorrect change detection, data loss, third-party service failures, or any actions you take based on information provided by the Service. Your sole remedy is to discontinue use. Do not rely on this Service as your only safeguard for critical monitoring needs.

Our liability is limited to the maximum extent permitted by law. In any event, our total liability to you for all claims arising from or related to the Service shall not exceed the amount you paid to us in the twelve (12) months preceding the claim. Some jurisdictions do not allow the limitation of liability for some types of damages, so some of these limitations may not apply to you.

Cookies

The website (diditchange.app) uses cookies to maintain your session and provide the Service. We use only essential cookies required for the Service to function. We do not use third-party tracking cookies.

Termination

Unless agreed upon other terms, either party may terminate this agreement with 30 days written notice. Upon termination, your access to the Service will cease at the end of the notice period.

We may terminate or suspend your account immediately, without prior notice or liability, if you breach the Terms or for other serious violations.

If you wish to terminate your account, you may delete your account through the account settings or by emailing hi@diditchange.app. Upon termination, your right to use the Service will cease immediately. All personal data and tracking data will be deleted within 30 days, though backup copies may persist for up to 30 days in accordance with our backup retention policy.

Data Export and Portability

You can request an export of your data at any time during your subscription and up to 30 days after termination. We'll provide your data within 30 days of your request.

We provide your tracking data in JSON format, including tracked URLs, detected changes, and account settings.

You retain all rights to your tracking data. We claim no ownership over your data.

Changes and Amendments

We reserve the right to make changes and amendments to these Terms at any time. All changes and amendments to these Terms will be notified to the User who is the main contact for each organization or account. If a User does not accept the changes and/or amendments to the terms, the User may stop using the Service and delete their account. If a User continues to use the Service 30 days after the changes and amendments have been notified, the User is considered to have accepted the changes and amendments.

Governing Law

These Terms shall be construed in accordance with, and governed by, Swedish law. Any dispute arising from or relating to these Terms shall be settled primarily between the Parties. If the dispute cannot be resolved through an internal settlement between the Parties, the dispute shall be finally resolved by a Swedish general court in Stockholm, unless otherwise stated in mandatory applicable law.

Contact Us

If you have any questions about these Terms do not hesitate to contact us at hi@diditchange.app.

Data Processing Agreement (DPA)

Introduction

This Data Processing Agreement ("DPA") constitutes an addendum to the general terms and conditions ("Terms") that apply for the use of DidItChange.app (the "Service"). The entity that chooses to use the Service is regarded as the Personal Data Controller for the Personal Data that is processed in connection with their use of the Service (hereinafter referred to as "Controller"). The owner of the Service, Andersson-Larsson Holding AB, is considered as the Personal Data Processor according to the GDPR, when Processing the Personal Data on behalf of the Controller and in accordance with the Controller's instructions stated in this DPA (hereinafter referred to as "Processor").

The Processor and the Controller are herein referred to individually as a "Party" and collectively as the "Parties."

This DPA shall apply to all Processing of Personal Data carried out by the Processor on behalf of the Controller. The Processor may not Process Personal Data for other purposes than those specified in this DPA.

Definitions

All references to "Personal Data", "Processing", "Data Subject", "Sub-processor", "Personal Data Breach", "Supervisory Authority" and any other capitalized terms not defined herein shall have the same meaning in this Agreement as stated in article 4 of the GDPR.

Service: DidItChange.app, a website change monitoring service.
GDPR: Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
SCC: Commission implementing decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council.
Platform: diditchange.app.

Compliance with Applicable Law

Both the Controller and the Processor shall each comply with their respective obligations under all applicable regulations, legal requirements and laws relating to the storage, use, security, collection, transfer, disposal, disclosure and other processing of Personal Data ("Privacy Laws"). The Processor will comply with the obligations under the GDPR and any subordinate legislation and regulation implementing the GDPR and/or SCC which may apply (collectively, with Privacy Laws, the "Data Protection Requirements").

The Controller's Instructions for the Processing of Personal Data

The Controller hereby instructs the Processor to Process the Personal Data only in accordance with the Data Protection Requirements and the instructions given herein, in order to a) fulfill contractual obligations regarding the provision of the service, b) fulfill all legal obligations and c) as further instructed by the Controller in its use of the Service.

Categories of Data Subjects: Individuals who use the Service.

Categories of personal data processed: Email address, tracked URLs, notification preferences, subscription status, and other metadata that is shared with the Service when the User uses the platform.

Duration of processing: The Personal data may be Processed as long as it is necessary to fulfill the purpose of the Process and the legal obligations.

Storage of personal data: The Processor is located in Sweden (EU) and stores Personal Data in the EU/EEA through its primary hosting provider Render.com. Processing of website content for change detection occurs through Firecrawl and Azure OpenAI for AI analysis, but these services do not process or store any personal data - they only process publicly accessible website content.

The Controller's Obligations

The Controller is obliged to comply with its data security, personal data protection and any other obligations stated in the applicable Data Protection Requirements for the Controller with regard to the Processing of Personal Data. The Controller hereby confirms that the Controller:

Processes Personal Data in accordance with the requirements of the Data Protection Requirements;
has an established procedure for the exercise of the rights of the Data Subjects whose Personal Data is Processed by the Processor on behalf of the Controller;
has the legal basis according to the applicable Data Protection Requirements to Process and disclose the Personal Data in question to the Processor, including to any Sub-processor that Processes Personal Data on behalf of the Processor;
is solely responsible for the accuracy, integrity, content, reliability and legality of the Personal Data provided to the Processor;
agrees that the Processor's implementation of technical and organizational security measures is sufficient to protect the privacy and Personal Data of Data Subjects;

The Processor's Obligations

The PROCESSOR shall:

at the Controller's request correct, delete or transmit incorrect, incomplete or outdated Personal Data without undue delay.
ensure the confidentiality, integrity and accessibility of the Personal Data, and ensures that its personnel who are authorized to Process Personal Data under this DPA have undertaken an obligation to observe confidentiality of the Personal Data.
implement systematic, organizational and technical measures to ensure an appropriate level of security, taking into account the latest technology and implementation costs in relation to the risk involved in the Processing and the type of Personal Data to be protected.

The Processor may not, without the prior written consent of the Controller, respond directly to requests from other Data Subjects, disclose or otherwise make the Personal Data available to third parties, unless otherwise provided by GDPR, applicable law, governmental or judicial decisions. The Processor shall, to the extent practicable and lawful, notify the Controller of requests for disclosure of Personal Data obtained from a Data Subject and requests from authorities for disclosure of Personal Data. The Processor shall notify the Controller if the Controller becomes aware of any notice, investigation or inquiry by a Supervisory Authority with respect to Personal Data, unless otherwise prohibited.

Assistance

The Processor shall assist the Controller with appropriate technical and organizational measures, as far as possible taking into account the nature of the treatment and the information available to the Processor, in order for the Controller to fulfill its obligations under the GDPR regarding requests from Data Subjects, respond to the request for exercise of the Data Subject's rights and general data protection pursuant to Articles 32-36 of the GDPR.

The Processor shall enable the Controller to comply with all legal obligations regarding information to be provided to relevant data protection authorities and Data Subjects in Personal Data Breaches.

Sub-processor and Transfer of Personal Data

The Processor has the right to engage Sub-processors to fulfill the obligations under the agreement between the Parties. The Controller agrees to the Sub-processors listed below. If the Processor intends to change, remove or add a Sub-processor, the Controller must be informed of this in advance and given the opportunity to object to the changes. The Controller has the right to terminate the agreement, if the Controller does not approve a certain Sub-processor or a certain type of treatment.

Approved Sub-processors:

Render.com, application platform and hosting. Location: EU. DPA in place.
Polar.sh/Stripe, payment processing. Location: US. SCC/DPA in place.
Stytch, authentication (magic link/passwordless login). Location: US. SCC/DPA in place.
Postmark, transactional email communications. Location: US. SCC/DPA in place.
Firecrawl, web scraping for page content capture. Location: US. No personal data is processed, only publicly accessible website content.
Azure OpenAI, AI analysis of page changes. Location: EU (West Europe). No personal data is processed, only website content.

The transfer of Personal Data to a Sub-processor is made at the Processor's risk and does not entail any change in the division of responsibilities that applies between Processor and Controller. If the Sub-processor does not fulfill its obligations regarding data protection, the Processor shall be fully responsible to the Controller for the performance of the Sub-processor's obligations.

The Processor shall enter into a legally binding data processor agreement with the Sub-processors, regarding the Sub-processors Processing of the Personal Data. Such agreement shall ensure that the Sub-processor agree to responsibilities and obligations that at least correspond to the obligations and conditions of the Processor that are set forth in this DPA.

Notwithstanding the above clause, if Personal Data is transferred by the Processor to a Sub-processor outside the EU/EEA, the Processor shall be obligated to enter into a supplementary agreement containing the SCC with the Sub-processor, before any Personal Data is transferred to such Sub-processor.

Security Measures

The Processor undertakes to take the technical and organizational measures required under the GDPR to ensure a level of security appropriate to the risk, in particular in relation to risks of unauthorized access, destruction or alteration of the Personal Data covered by the Processing.

Confidentiality

The Processor undertakes not to disclose to third parties such information as the Processor has been informed of as a Processor from the Controller. The Processor shall ensure that all employees, consultants and others involved in the Processing of Personal Data are bound by confidentiality and that they are informed of how the Personal Data may be Processed in accordance with instructions from the Controller.

Audit

The Controller has the right to carry out an audit of the Processor's compliance with the terms of this DPA, to verify that the Processor fulfills its obligations. The Processor has the right to request that such audit shall be performed by a neutral third party working under confidentiality.

The Processor undertakes to provide all information required to prove compliance with the obligations under the DPA and to participate in any audit and to provide the assistance needed to carry out such audit.

Personal Data Breaches

In the case of a Personal Data Breach, which includes Personal Data Processed by the Processor on behalf of the Controller, the Processor shall immediately take appropriate measures to mitigate its potential negative effects and prevent it from being repeated. The Processor shall notify the Controller of any Personal Data Breach without undue delay and in any event within 72 hours of becoming aware of a Personal Data Breach. The Processor shall also assist the Controller in complying with the terms of Articles 33-34 of the GDPR.

Agreement Period and Termination

This DPA is valid from the day the Controller approves the Terms and is valid as long as the User has an active account with the Service. When the Controller deletes their account, the Processor shall cease the Processing of Personal Data and, in accordance with Controller's instructions, delete or return all data containing Personal Data to the Controller and delete all existing copies within thirty (30) days, unless Processing of Personal Data is required according to applicable legislation.

The Processor may retain Personal Data after the Controller has deleted their account to the extent required by applicable law, with the same type of technical and organizational security measures as described in this DPA.

Applicable Law

This DPA shall be interpreted in accordance with Swedish law. Any disputes regarding the interpretation or application of these contractual terms shall be settled primarily between the Parties. If the dispute cannot be resolved through an internal settlement between the Parties, the dispute shall be finally resolved by a Swedish general court in Stockholm, unless otherwise stated in mandatory applicable law.