Privacy Policy

1. Data controller

The data controller is Pegasus Hunter. For any privacy-related request you can write to support@pegasushunter.com. The full company name and tax details will be published before the commercial go-live.

2. What data we collect

We only collect the data necessary to run the service:

• Email — required to create the account, authenticate you and send you service communications.
• Password — never stored in clear text: we only keep the bcrypt hash.
• IP address — used for rate limiting and abuse prevention on public endpoints (login, signup, password reset).
• Extension sync events — when you launch a scan, the extension sends to the server the Shopify URLs found and the usage counters (number of scans, tracked products, detected events).

3. Why we collect them

The data is processed exclusively to:

• Provide the service features (scanning, tracking, dashboard).
• Manage the account, authentication and password recovery.
• Issue invoices and handle payments (once Stripe is enabled).
• Send service communications (email confirmation, password reset, system notifications).

4. Legal basis

The processing is based on the execution of the service contract (art. 6.1.b GDPR) between you and Pegasus Hunter. For rate limiting data (IP) the legal basis is the legitimate interest to protect the service from abuse (art. 6.1.f GDPR).

5. Retention

We retain data only for the time necessary:

• Account data — up to 24 months after account deletion, for tax and audit purposes.
• Access logs and rate limiting data — 90 days, then automatic deletion.
• Scan and tracking data — until the account is deleted, unless an earlier deletion is explicitly requested.

6. Non-EU transfers

Today data stays entirely within the European Union. In the future we may use the following non-EU providers: Resend (USA) for sending transactional emails, and Stripe (USA) for payment processing. Both providers are certified under recognized data protection standards (Standard Contractual Clauses). Any non-EU transfer will be notified in this policy before activation.

7. User rights

At any time you can exercise the rights granted by the GDPR by writing to support@pegasushunter.com:

• Right of access to your personal data.
• Right of rectification of inaccurate or incomplete data.
• Right of erasure (right to be forgotten).
• Right to data portability in a structured and readable format.
• Right to object to processing and to lodge a complaint with the Italian Data Protection Authority.

We will respond to your requests within 30 days.

8. Cookies

Pegasus Hunter uses only technical cookies needed for the service to function, in particular a JWT session token (ph_token) to keep the user authenticated. We do not use profiling cookies or third-party tracking tools. See the Cookie Policy for details.

9. Changes to this policy

We may update this policy to reflect changes to the service or to applicable law. Substantial changes will be notified by email to registered users at least 30 days in advance. The last update date is shown at the bottom of this page.