Privacy Policy
Last updated: March 29, 2026
1. Data Controller
The data controller for your personal data is PricePegasus, based in España. Contact: [email protected].
2. Data We Collect
We collect the following personal data when you use our services:
- Account data: username and email address, obtained through Manus OAuth authentication.
- Billing data: name or company name, tax ID (NIF/CIF/VAT), postal address and country, voluntarily provided for invoice generation.
- Payment data: managed entirely by Stripe. PricePegasus does not store card numbers or banking details.
- Usage data: searches performed, price history consulted, configured alerts and application preferences.
- Technical data: IP address, browser type and operating system, collected automatically for service operation.
3. Purpose and Legal Basis
We process your data for the following purposes and legal bases:
| Purpose | Legal basis |
|---|---|
| Providing the price comparison service | Contract performance (Art. 6.1.b GDPR) |
| Subscription management and billing | Contract performance and legal obligation (Art. 6.1.b and 6.1.c GDPR) |
| Transactional emails (payment confirmation, cancellation) | Contract performance (Art. 6.1.b GDPR) |
| Service improvement and usage analytics | Legitimate interest (Art. 6.1.f GDPR) |
| Compliance with tax obligations | Legal obligation (Art. 6.1.c GDPR) |
4. Data Retention
We retain your personal data for as long as necessary to fulfil the described purposes. Account data is kept while the account is active. Billing data is retained for 5 years from the last transaction date, in compliance with applicable tax legislation. Upon account deletion, data is erased or anonymised within 30 days, unless a legal retention obligation applies.
5. Recipients and International Transfers
Your data may be shared with the following service providers acting as data processors:
- Stripe, Inc. — payment processing. Transfer to the US covered by EU Standard Contractual Clauses.
- Resend, Inc. — transactional email delivery.
- Manus AI — hosting infrastructure and authentication.
We do not sell or share your personal data with third parties for commercial purposes.
6. Your Rights
Under the GDPR, you have the right to access, rectify, erase, restrict or object to the processing of your data, as well as the right to data portability. To exercise these rights, send an email to [email protected] stating the right you wish to exercise. We will respond within 30 days.
You also have the right to lodge a complaint with your local supervisory authority. In Spain, this is the Agencia Española de Protección de Datos (AEPD) at www.aepd.es.
7. Cookies
We use strictly necessary technical cookies for session management and authentication. We do not use third-party tracking or advertising cookies. You may configure your browser to reject cookies, though this may affect service functionality.
8. Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss or destruction. All communications between your browser and our servers are encrypted via TLS/HTTPS.
9. Changes to This Policy
We may update this Privacy Policy periodically. We will notify you of significant changes by email or via a prominent notice on the platform. The current version will always be available on this page.
10. Contact
For any questions about this policy or the processing of your data, contact us at: [email protected].