Privacy Policy

DiffChecker Pro ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://diffchecker.pro and use our services. Please read this policy carefully. If you disagree with its terms, please discontinue use of the site immediately.

We comply with the General Data Protection Regulation (GDPR) for users in the European Economic Area (EEA) and the California Consumer Privacy Act (CCPA) for California residents. Where applicable law imposes different or additional obligations on us, we will comply with those obligations.

1. Information We Collect

1.1 Information You Provide Directly

When you create an account, subscribe to a paid plan, or contact us for support, we collect information you voluntarily provide:

• Account information: name, email address, and password (stored as a bcrypt hash — we never store plain-text passwords).
• Billing information: payment card details processed and stored securely by Stripe, Inc. We receive only a tokenized representation; we do not store raw card numbers on our servers.
• Support communications: messages, attachments, and metadata you send when contacting support@diffchecker.pro.
• User-generated content: text, code, JSON, XML, or other data you paste into our diff tools. By default this data is processed in your browser (client-side) and is not transmitted to our servers. If you use the "Save & Share" feature or AI-powered analysis, content is sent server-side and retained as described in Section 3.

1.2 Information Collected Automatically

When you access our Service, certain data is collected automatically by our infrastructure and analytics stack:

• Log data: IP address, browser type and version, operating system, referring URLs, pages visited, timestamps, and HTTP response codes.
• Device information: device type, screen resolution, language preference, and time zone.
• Usage data: features used, conversion types triggered, session duration, and click paths within the application.
• Cookies and tracking technologies: see our full Cookie Policy for details.

1.3 Information From Third Parties

If you sign in via Google OAuth or GitHub OAuth, we receive your name, verified email address, and profile avatar from those providers under their respective privacy policies. We do not receive your passwords or payment information from third-party identity providers.

2. How We Use Your Information

We use the collected information for the following purposes, each grounded in a lawful basis under GDPR:

• Providing the Service (Contract): creating and managing your account, processing payments, delivering Pro/Team features, and responding to support requests.
• Security and fraud prevention (Legitimate interest): detecting abuse, rate-limiting API calls, enforcing our Terms of Service, and investigating fraudulent transactions.
• Product improvement (Legitimate interest): analysing aggregated, anonymised usage patterns to prioritise features, fix bugs, and improve performance.
• Marketing communications (Consent): sending newsletters, product updates, and promotional offers only if you have explicitly opted in. You may unsubscribe at any time via the link in any email or by emailing legal@diffchecker.pro.
• Legal compliance (Legal obligation): retaining transaction records as required by applicable tax and accounting law, responding to lawful government requests, and enforcing our legal rights.

We do not sell your personal information to third parties, use your diff content to train AI models, or engage in automated decision-making that produces legal or similarly significant effects on you.

3. Data Retention

We retain your personal data only as long as necessary to fulfil the purposes described in this policy:

• Account data: retained for the duration of your account plus 30 days after deletion to allow recovery of accidental deletions.
• Saved diffs and shared links: retained until you delete them, or for 90 days of account inactivity on Free plans, whichever comes first.
• Billing records: retained for 7 years as required by applicable financial regulations.
• Server access logs: retained for 90 days, then automatically purged.
• Support tickets: retained for 2 years after the ticket is closed.

4. Third-Party Service Providers

We engage carefully vetted sub-processors to operate our Service. Each is bound by a data processing agreement (DPA) and authorised to process your data only as instructed by us:

We do not share your personal data with advertisers, data brokers, or other third parties for their own marketing purposes.

5. International Data Transfers

DiffChecker Pro is operated from the United States. If you are located in the EEA, the UK, or Switzerland, your personal data may be transferred to and processed in countries that do not provide the same level of data protection as your home country. Where such transfers occur, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission, Binding Corporate Rules (BCRs) where applicable, or other lawful transfer mechanisms recognised under Chapter V of the GDPR.

6. Cookies and Tracking

We use essential, functional, and analytics cookies. You can manage your preferences through our cookie consent banner or your browser settings. For full details about every cookie we set, see our Cookie Policy.

7. Your Rights

7.1 GDPR Rights (EEA/UK Users)

Under the GDPR and UK GDPR, you have the right to:

• Access: request a copy of the personal data we hold about you.
• Rectification: correct inaccurate or incomplete data.
• Erasure: request deletion of your data ("right to be forgotten"). See our Data Deletion Policy.
• Restriction: request that we restrict processing of your data in certain circumstances.
• Portability: receive your data in a structured, machine-readable format (JSON/CSV).
• Object: object to processing based on legitimate interests or for direct marketing purposes.
• Withdraw consent: where processing is based on consent, withdraw it at any time without affecting prior processing.

7.2 CCPA Rights (California Residents)

California residents have the right to: know what personal information is collected, used, shared, or sold; delete personal information; opt out of the sale of personal information (we do not sell personal information); and non-discrimination for exercising any of the above rights.

To exercise any of these rights, submit a request to legal@diffchecker.pro or use the account settings page. We will respond within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before fulfilling any request.

8. Children's Privacy

Our Service is not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at legal@diffchecker.pro and we will delete that information within 30 days.

9. Security

We implement industry-standard security measures to protect your personal data, including TLS 1.3 encryption in transit, AES-256 encryption at rest, bcrypt-hashed passwords, regular security audits, and role-based access controls for our internal team. However, no method of transmission over the internet or method of electronic storage is 100% secure. We cannot guarantee absolute security but will notify you of any breach affecting your personal data as required by applicable law, typically within 72 hours.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email (to the address associated with your account) and by posting a prominent notice on our site at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent revision. Continued use of our Service after the effective date constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team:

If you are in the EEA and believe we have not resolved your complaint satisfactorily, you have the right to lodge a complaint with your local supervisory authority (for example, the ICO in the UK, the CNIL in France, or the DPA in Ireland).