Where is my data hosted?

Your data is hosted on Supabase (PostgreSQL) with AES-256 encryption at rest. The application runs on Vercel. All data is encrypted in transit via TLS 1.3.

Is my data encrypted?

Yes. AES-256 encryption at rest via Supabase and TLS 1.3 for all data in transit. Passwords are hashed with bcrypt and never stored in plain text.

How long are pricing snapshots retained?

Pricing snapshots are stored for the duration of your subscription. Historical pricing data is the core value of the product. Account data is deleted on request.

Does PricingCanary sell or share my data?

No. We never sell your data or share it with third parties. Your competitor intelligence stays exclusively yours.

Security

Your data stays your data

We handle competitive pricing intelligence, not vacation photos. Security is built into every layer of the product.

Infrastructure

Supabase + Vercel

PostgreSQL database on Supabase with geographic redundancy. Application hosted on Vercel with edge network delivery.

Encryption

AES-256 at rest, TLS in transit

All data encrypted at rest via Supabase. TLS 1.3 protects every connection. Passwords hashed with bcrypt.

Payments

Stripe PCI compliance

Card data never touches our servers. Stripe handles all payment processing with full PCI-DSS compliance.

Privacy

No selling, no sharing

Your competitor intelligence stays exclusively yours. We never sell data or share it with third parties.

Security measures in detail

What data we collect

PricingCanary collects the minimum data needed to deliver pricing intelligence:

Competitor URLs: the pricing page URLs you ask us to monitor
Pricing snapshots: structured data extracted from those pages (plan names, prices, features)
Change history: detected pricing changes with timestamps and impact analysis
Account info: email, name, hashed password, team membership
Alert preferences: how and when you want to be notified

Infrastructure

All data is hosted on trusted, enterprise-grade infrastructure:

Database: Supabase (managed PostgreSQL) with AES-256 encryption at rest
Application: Vercel with edge network and automatic TLS
Payments: Stripe (PCI-DSS Level 1 compliant)
Background jobs: Managed task infrastructure for scheduled monitoring
Email: Dedicated transactional email provider

Encryption

Your data is protected by dual-layer encryption:

In transit: TLS 1.3 on all connections
At rest: AES-256 via Supabase, the standard used by financial institutions
Passwords: hashed with bcrypt, never stored in plain text

Authentication and access control

Secure session management with encrypted cookie handling
Team-based isolation: each team only sees their own monitors and data
Role-based access: owners and members with distinct permissions
Complete activity log (sign-ins, modifications, team changes)
Immediate and irreversible account deletion on request

Data retention

Data	Duration
Pricing snapshots	Duration of your subscription (this is the product value)
Change history	Duration of your subscription
Activity logs	90 days, then automatic deletion
Pending invitations	30 days, then automatic deletion
Account data	Until account deletion by the user
Billing data	Retained by Stripe per tax obligations

When you delete your account, all monitors, snapshots, change history, and alert configurations are permanently removed.

Your data stays your data

Supabase + Vercel

AES-256 at rest, TLS in transit

Stripe PCI compliance

No selling, no sharing

Security measures in detail

What data we collect

Infrastructure

Encryption

Authentication and access control

Data retention

Questions about security?