Privacy Policy
Last updated: March 2026
This Privacy Policy explains how Psaxtiri (“we”, “us”, “our”) collects, uses, and protects your personal data when you use our grocery price comparison service (“Service”). We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable Cyprus data protection law.
1. Data Controller
The data controller is Psaxtiri, operated by Pavlos Dimitriou. For any questions or requests regarding your personal data, contact us at: [email protected]
2. What Data We Collect
| Data | When | Purpose |
|---|---|---|
| Email, name, profile picture | When you sign in with Google | Account identification and personalised features |
| Shopping lists | When you create or save a list | Provide the core service |
| Saved addresses | When you save a delivery/pickup address | Find nearby stores and calculate prices |
| Location data (coordinates) | When you use the location feature or enter an address | Show nearby store prices |
| Usage data (pages visited, features used) | When you browse the Service (only with your consent) | Analytics to improve the Service |
3. Legal Basis for Processing
We process your personal data on the following legal bases (GDPR Article 6):
- Contract (Art. 6(1)(b)): Processing necessary to provide the Service you requested — account management, shopping lists, saved addresses, and location-based price comparison.
- Consent (Art. 6(1)(a)): Analytics cookies and tracking (Google Analytics via Google Tag Manager). You can give or withdraw consent at any time via the cookie banner. The Service works without analytics cookies.
- Legitimate interest (Art. 6(1)(f)): Basic security, fraud prevention, and service improvement using aggregated, non-identifying data.
4. Cookies and Tracking
We use the following types of cookies:
- Essential cookies: Session management and authentication. These are necessary for the Service to function and cannot be disabled.
- Analytics cookies (optional): Google Analytics (via Google Tag Manager) to understand how the Service is used. These are only loaded after you give consent via the cookie banner.
You can change your cookie preferences at any time by clearing your browser’s local storage for this site, which will re-display the consent banner on your next visit.
5. Data Sharing
We do not sell your personal data. We share data only with:
- Cloudflare: Infrastructure and hosting (data processor). Data is processed under Cloudflare’s privacy policy and DPA.
- Google: Authentication (Google Sign-In) and analytics (Google Analytics, only with your consent).
We do not share your personal data with any other third parties for marketing or advertising purposes.
6. International Data Transfers
Your data may be processed outside the EEA by our service providers (Cloudflare, Google). These transfers are protected by Standard Contractual Clauses (SCCs) adopted by the European Commission and/or adequacy decisions where applicable.
7. Data Retention
- Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
- Shopping lists and addresses: Retained while your account is active. Deleted with your account.
- Shared results: Automatically expire after 30 days.
- Analytics data: Retained according to Google Analytics default retention settings (14 months), then automatically deleted.
8. Your Rights Under GDPR
You have the following rights regarding your personal data:
- Access (Art. 15): Request a copy of the personal data we hold about you.
- Rectification (Art. 16): Request correction of inaccurate data.
- Erasure (Art. 17): Request deletion of your personal data (“right to be forgotten”).
- Restriction (Art. 18): Request restriction of processing in certain circumstances.
- Data portability (Art. 20): Receive your data in a structured, machine-readable format.
- Object (Art. 21): Object to processing based on legitimate interest.
- Withdraw consent (Art. 7(3)): Withdraw consent for analytics cookies at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, email us at [email protected]. We will respond within 30 days.
You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection of the Republic of Cyprus (www.dataprotection.gov.cy).
9. Children
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child, please contact us and we will promptly delete it.
10. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including encrypted data transmission (HTTPS), secure storage on Cloudflare infrastructure, and access controls. However, no method of transmission or storage is 100% secure.
11. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via a notice on the Service. The “Last updated” date at the top indicates the latest revision. Continued use after changes constitutes acceptance of the revised policy.
13. Contact
For any privacy-related questions or requests:
Email: [email protected]