Last updated: 12 May 2026

Privacy Policy

How Vzemi Tezi Namaleniya Ltd. collects, uses, and protects your personal data.

1. Who We Are

PDA — Take That Drop is operated by Vzemi Tezi Namaleniya Ltd., a company registered in Bulgaria (the “Company”, “we”, “us”, or “our”).

We act as the data controller for personal data processed through the PDA platform. For any privacy-related questions or requests, contact us at pda@toni-kolev.com.

2. Data We Collect

Account data

When you register, we collect your email address, display name (optional), and a securely hashed password managed by our authentication provider, Supabase.

Product tracking data

When you add items to track, we store the product URL, product name, thumbnail image URL, current and historical prices, and any tags or quantity you assign. This data is linked to your account.

Notification preferences

We store your email notification settings and notification frequency (e.g. “once per drop”) to deliver price drop alerts according to your preferences (available on TIER_02 plans).

Store requests

If you submit a request for a new store to be added, we store the message and your user ID.

Feedback

Posts and votes you submit on the Feedback board are stored and associated with your account. Feedback posts are visible to other users.

Newsletter subscriptions

If you subscribe to our mailing list via the homepage, we store your email address only.

Browser storage (no cookies)

We do not use browser cookies. We use localStorage to store the following on your device:

  • pda_session — your authentication token, email, user ID, role, and display name. Strictly necessary for login to function. Cleared when you log out.
  • pda_theme — your chosen light or dark theme preference. Contains no personal data.
  • pda_notice_dismissed — whether you have dismissed the browser storage notice. Contains no personal data.

Because pda_session is strictly necessary for the service to function, it does not require your consent and cannot be disabled while you are logged in.

3. How We Use Your Data

  • Service delivery — to track product prices on your behalf and display them on your dashboard.
  • Price drop notifications — to send you email alerts when a tracked product’s price drops (TIER_02 accounts only).
  • Account management — to authenticate you, manage your subscription tier, and let you update your profile.
  • Security — FriendlyCaptcha processes a challenge on login and signup forms to prevent automated abuse. No personal data leaves your browser during this process.
  • Service improvement — aggregated, anonymised data may be used to improve the platform.

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contract performance (Art. 6(1)(b)) — processing your account data and tracked items is necessary to provide the service you signed up for.
  • Legitimate interests (Art. 6(1)(f)) — security measures such as rate limiting and captcha verification.
  • Consent (Art. 6(1)(a)) — newsletter subscriptions; you may withdraw consent at any time by contacting us.

5. Third-Party Processors

Processor Purpose Location
Supabase Authentication & database hosting EU (AWS eu-central-1)
FriendlyCaptcha Bot protection on login & signup EU (Germany)

All processors are contractually bound to handle data in compliance with GDPR.

6. Data Retention

  • Account data is retained for as long as your account is active. You may request deletion at any time.
  • Price history is retained to provide you with price trend data. It is deleted when your account or the associated item is deleted.
  • Newsletter subscriptions are retained until you unsubscribe or request removal.
  • We may delete accounts that have been inactive for more than 24 months after providing reasonable advance notice.

7. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

  • Right of access — request a copy of the personal data we hold about you.
  • Right to rectification — request correction of inaccurate data. You can update most data yourself via your profile settings.
  • Right to erasure — request deletion of your personal data (“right to be forgotten”).
  • Right to data portability — request your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.
  • Right to restrict processing — request that we limit how we use your data in certain circumstances.

To exercise any of these rights, contact us at pda@toni-kolev.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP), the Bulgarian supervisory authority: www.cpdp.bg.

8. Security

We apply technical and organisational measures to protect your data, including HTTPS encryption in transit, HTTP security headers, rate limiting on authentication endpoints, and access controls via Row-Level Security in our database. However, no system is completely secure — if you believe your account has been compromised, contact us immediately.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users of material changes by email. The “Last updated” date at the top of this page reflects the most recent revision.

10. Contact

For any questions about this Privacy Policy or your personal data:

Vzemi Tezi Namaleniya Ltd.
Bulgaria
pda@toni-kolev.com