Privacy Policy

Last updated: February 12, 2026

Prowl ("we", "our", or "us") operates the Prowl mobile application. This Privacy Policy explains how we collect, use, and protect your personal data when you use our service.

1. Data We Collect

We collect the following information when you use Prowl:

• Account information: email address and password (stored as a secure hash, never in plain text). If you sign in with Apple, we receive your Apple ID and optionally your name.
• Monitored links: the URLs you choose to monitor and the CSS selectors you configure. URLs are encrypted at rest using AES-256 encryption.
• Monitoring data: check results (status, response time, change detection), notification history, and check timestamps.
• Engagement data: your interactions with notifications (taps, follow-up responses, victory records) to improve the service experience.
• Device information: push notification token and device type (iOS/Android), used solely for delivering notifications.
• Subscription information: your subscription tier and status, managed through RevenueCat.
• Preferences: language preference, timezone, daily recap settings, and notification preferences.

2. How We Use Your Data

We use your data exclusively to:

• Provide the web monitoring service (checking your links and detecting changes)
• Send push notifications when changes are detected or for daily recaps
• Manage your subscription and enforce tier limits
• Improve the service based on aggregated, anonymized usage patterns
• Send transactional emails (password reset, data export)

We do not sell your data. We do not use your data for advertising.

3. Analytics

We use PostHog for analytics, hosted in the European Union (eu.i.posthog.com). Analytics are opt-in only: we ask for your explicit consent before collecting any analytics data. You can change your preference at any time in the app settings. If you decline, no analytics data is collected.

4. Third-Party Services

We share limited data with the following third-party services, solely to operate Prowl:

• RevenueCat (subscription management): receives your user ID, email, and purchase data to manage subscriptions. RevenueCat Privacy Policy
• Expo (push notifications): receives your push notification token to deliver notifications to your device. Expo Privacy Policy
• PostHog (analytics, opt-in only): receives anonymized usage events if you consent. Hosted in the EU. PostHog Privacy Policy
• Apple / Google (authentication and payments): Apple Sign-In data is processed by Apple; subscription payments are processed by Apple App Store or Google Play.

5. Data Security

We take the security of your data seriously:

• All communications use HTTPS/TLS encryption in transit
• Monitored URLs are encrypted at rest using AES-256
• Passwords are hashed using scrypt (never stored in plain text)
• API access is protected by bearer token authentication
• Rate limiting is enforced on all sensitive endpoints

6. Data Retention

Your data is retained for as long as your account is active. When you delete your account, all your data is permanently deleted, including:

• Your account information and authentication tokens
• All monitored links and their check history
• All engagement data (redirects, follow-ups, victories)
• All notification logs and push tokens
• Your data in third-party services (RevenueCat customer record, PostHog person record)

7. Your Rights

You have the following rights regarding your personal data:

• Right of access: you can export all your data at any time from the app settings (Settings > Privacy > Export My Data). The export is sent to your email as a JSON file.
• Right to deletion: you can delete your account and all associated data from the app settings (Settings > Danger Zone > Delete Account).
• Right to data portability: the data export provides all your data in a standard, machine-readable JSON format.
• Right to withdraw consent: you can withdraw analytics consent at any time in the app settings.

These rights are available directly in the app, with no need to contact us. All actions take effect immediately.

8. Children's Privacy

Prowl is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. We encourage you to review this page periodically.

10. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us at:

privacy@prwl.app