How does WebMonitor work?

WebMonitor uses AI to understand your monitoring request in plain English. Describe what you want to track, and WebMonitor identifies the right signal, sets up the rule, and sends alerts when conditions are met.

What websites can I monitor?

WebMonitor works on public pages across ecommerce, job boards, real estate, news, documentation, government pages, and competitor pages.

Is WebMonitor free to use?

You can run a free live check without logging in and save one public page as a 14-day daily monitor. Paid plans unlock faster checks and more monitors.

Do I need coding skills?

No. You describe the monitoring task in everyday language. WebMonitor handles selectors, page analysis, and alert matching.

Privacy Policy

Last Updated: April 17, 2026

1. Introduction

Welcome to WebMonitor ("we", "us", or "our"). This Privacy Policy explains in full how we collect, use, store, process, share, and protect user data when you use the WebMonitor Chrome extension, our web dashboard at webchangemonitor.app, and our API services (collectively, the "Service"). By installing the extension or creating an account, you agree to the practices described below.

2. Information We Collect

We collect the following categories of user data:

Account Information: Email address, display name, and password (stored as a secure hash) when you register. If you sign in with Google OAuth, we receive your email address, name, and Google account ID from Google.
Authentication Data: Authentication tokens used to keep you signed in across the extension and dashboard, stored locally in your browser.
Cookies of Monitored Pages: When you create a monitor, the extension reads all cookies present on that specific page at the moment you click "Create Monitor" — this includes session cookies, persistent cookies, and preference cookies. These cookies are sent to our backend so our servers can load that page the same way you see it (for example, to check a price visible only to logged-in users). Before capturing cookies, the extension displays a one-time disclosure and requires your explicit confirmation. Stored cookies are encrypted on our servers, transmitted only over HTTPS, used exclusively to load the specific page that monitor was created for, never reused for any other website, and permanently deleted when you delete the monitor or your account. You can delete a monitor (and thus its stored cookies) at any time from the dashboard.
Monitor Configuration: URLs you choose to monitor, the natural-language prompts you enter, monitoring rules generated by our AI, check frequency, and notification preferences.
Website Content: When you create or run a monitor, the extension reads the HTML content and text of the specific page you have chosen to monitor, solely for the purpose of detecting the change you requested. We do not read, collect, or transmit content from any other pages, tabs, or browsing history.
Check History: Records of each monitoring check, including timestamp, the extracted value (e.g., a price or status text), and whether a change was detected.
Payment Information: If you subscribe to a paid plan, billing is handled directly by Stripe. We receive only a Stripe customer ID, subscription status, and the last 4 digits of your card. We never see or store your full card number or CVV.
Technical & Usage Data: IP address, browser type, extension version, error logs, and basic usage analytics (e.g., feature interactions) to diagnose issues and improve the Service.

We do NOT collect: your general browsing history, form inputs on websites you visit, keystrokes, passwords entered on third-party sites, personally identifiable information from pages you did not explicitly choose to monitor, health, financial, or location data beyond coarse IP-based region.

3. How We Use Your Information

We use the data listed above exclusively for the following purposes:

To operate the single user-facing feature of the extension: monitoring websites you have explicitly chosen and notifying you of changes.
To authenticate you and maintain your session across the extension and dashboard.
To analyze the page you choose to monitor and generate monitoring rules using our AI service.
To process subscription payments, manage billing status, and apply plan limits through Stripe.
To send transactional emails (password reset, free monitor expiration, payment receipts, change-detected alerts) via our email provider.
To diagnose crashes, prevent abuse, and enforce rate limits.
To comply with legal obligations when required by law.

4. Data Storage and Retention

Where data is stored: Account data, monitors, and check history are stored securely on our servers. Authentication tokens are stored locally in your browser.
Retention period: Account and monitor data are kept for as long as your account is active. Check history older than 90 days is automatically deleted. If you delete your account, all associated personal data and monitors are permanently erased within 30 days, except where retention is required by law (e.g., tax records for payment transactions).
Transmission: All data between your browser and our servers is transmitted over HTTPS/TLS.

5. Data Sharing with Third Parties

We share the minimum data necessary with the following sub-processors, each of which has their own privacy policy:

Google Gemini API (Google LLC): We use Google Gemini to analyze the content of pages you have chosen to monitor. Google processes this data per its API terms and does not use it to train consumer models.
Stripe, Inc.: Handles all payment processing. Your name, email, billing address, and card data are submitted directly to Stripe.
Email Delivery Provider: Receives your email address and the content of transactional emails we send you.
Google OAuth: If you choose Google sign-in, Google receives standard OAuth authentication requests from us.
Hosting & Infrastructure Providers: Our API and database are hosted on standard cloud infrastructure providers under data-processing agreements.
Legal & Safety: We may disclose data if compelled by valid legal process or to protect the rights, property, or safety of WebMonitor, our users, or the public.

6. Limited Use Disclosure (Chrome Web Store Compliance)

WebMonitor's use and transfer of information received from Chrome APIs to any other app adheres to the Chrome Web Store User Data Policy, including the Limited Use requirements. Specifically, we affirm that we do NOT:

Sell user data to third parties, including advertising networks or data brokers.
Transfer user data to third parties for advertising, marketing, or any purpose unrelated to our single, user-facing website-monitoring feature.
Transfer or use user data for determining creditworthiness or for lending purposes.
Allow humans to read user data, except (a) with your explicit consent for a specific instance, (b) when necessary for security investigations, (c) when required to comply with applicable law, or (d) when the data has been aggregated and anonymized for internal operations.

7. Chrome Extension Permissions

The extension requests the following Chrome permissions, each tied strictly to the single monitoring feature:

storage: Store your authentication tokens, user preferences, and a local cache of your monitor list inside the extension.
activeTab: Access the content of the tab you are currently viewing, only at the moment you click the extension icon and explicitly ask to create a monitor. We do not passively read tabs you are not interacting with.
scripting: Inject a small script into the page you are explicitly monitoring to extract the value specified by your monitoring rule (e.g., the price text matching a CSS selector you approved). The script does not read other fields on the page, form inputs, or keystrokes.
cookies: Used for two purposes: (1) to share your WebMonitor authentication token with our web dashboard at webchangemonitor.app so you do not have to log in twice; and (2) to read all cookies of a page you have explicitly chosen to monitor (including session, persistent, and preference cookies), so our servers can load that page the same way you see it during scheduled monitoring checks. Before any cookies are captured, you are shown a one-time disclosure and must confirm. We do not collect, store, or transmit cookies of any website you have not added as a monitor.
alarms: Used to periodically wake the extension so it can check for new change-detection results and surface them as browser notifications.
notifications: Used to display a desktop notification in your browser when one of your monitors detects a change matching your rule. No notification content is sent to third parties.
host permissions (<all_urls>): Required because the set of websites you may want to monitor is open-ended — you might create a monitor for any retailer, news site, or status page. This permission is used exclusively to load and read the pages you explicitly add as monitors. We do not scan, index, or log any other site you visit.
content script on <all_urls>: A lightweight content script is registered so that the extension popup can communicate with the current page when you click the icon. The script remains dormant on pages you are not actively interacting with and performs no background scraping.

8. Your Data Rights

Depending on your jurisdiction (including GDPR for the EU/UK and CCPA for California), you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Delete your account and all associated data directly from the Settings page of the dashboard, or by emailing us.
Export your monitors and check history.
Opt out of non-essential communications.
Lodge a complaint with your local data protection authority.

9. Data Security

We use HTTPS for all data in transit, industry-standard password hashing, and encryption at rest for sensitive stored data. We apply standard access controls on our servers and databases. No system is 100% secure, but we follow industry best practices and will notify affected users within 72 hours of discovering any confirmed data breach affecting personal data.

10. Children's Privacy

WebMonitor is not directed to children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. International Data Transfers

Your data may be processed in countries other than your own, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards for cross-border transfers.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be announced by updating the "Last Updated" date and, where appropriate, by email. Continued use of the Service after an update constitutes acceptance of the revised policy.

13. Contact Us

For any questions, requests, or complaints regarding this Privacy Policy or your data, contact us at privacy@webchangemonitor.app.