Back to home
EN ES
contact@pulldeal.com
PullDeal Legal

Privacy Policy

Last updated: June 24, 2026Version: 2.2
Privacy Policy - PullDeal

Privacy Policy

Last updated: June 2026

PullDeal (“PullDeal”, “we”, “us”, or “our”) is committed to protecting your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable data protection laws.

This Privacy Policy explains how we collect, use, store, and protect your personal data when you use the PullDeal mobile application (the “App”).

1. Data Controller

The data controller responsible for your personal data is:

PullDeal
Email: privacy@pulldeal.com

PullDeal determines the purposes and means of processing your personal data.

2. Personal Data We Collect

2.1 Registration Data

When you create an account, we collect:

  • Email address
  • First name
  • Last name
  • Encrypted password
  • Referral code (if provided)

2.2 Profile Data (Optional)

You may optionally provide:

  • Avatar image
  • Gender
  • Date of birth
  • Country
  • City

2.3 App Activity Data

We process:

  • Points earned and used
  • Bids placed
  • Deals participated in
  • Rewards redeemed
  • Referral relationships
  • Reviews submitted

Reviews are publicly visible within the App. Users may edit reviews within 14 days after redemption and may delete their reviews at any time directly within the App.

2.4 Delivery Information (Physical Prizes)

If you win a deal that requires physical shipment, we may collect:

  • Full name
  • Delivery address
  • Postal code
  • Country
  • Phone number

This data is used exclusively for fulfilling the delivery of the prize.

2.5 Push Notifications

If enabled, we process:

  • Device notification token
  • Notification preferences

Push notifications can be disabled at any time in device or App settings.

2.6 Payment Information

All payments are processed through the Apple App Store or Google Play Store.

PullDeal does not collect or store credit card or payment details.

We may receive limited transaction information necessary to validate purchases.

2.7 Technical Data

We may process limited technical data such as:

  • Device type
  • Operating system
  • App version
  • Server logs

This technical data is processed to provide the App, maintain security, and troubleshoot service issues. Where required by law, this processing is based on our legitimate interest in operating a secure and reliable service, or on performance of our contract with you.

Optional analytics and session recording are described in section 2.8 and are only collected with your consent.

2.8 Analytics and product improvement (optional)

If you choose to allow analytics in the App, we use PostHog (a third-party analytics provider hosted in the European Union at eu.i.posthog.com) to understand how the App is used and to improve reliability and features.

Your choice. Analytics and session recordings are disabled by default. We only collect this information if you tap Sure in the in-app prompt or later enable it in Account settings. You can turn this off at any time in Account settings.

What we collect when enabled

  • App usage information, such as which screens you visit and basic interaction with the App
  • App lifecycle events (for example, when the App is opened or sent to the background)
  • Session replays: visual recordings of your in-app activity to help us understand usability issues and fix bugs
  • Error and crash information relating to the App
  • A pseudonymous identifier linked to your account (your internal user ID) when you are signed in, so we can diagnose issues affecting your session
  • Technical information typically included with analytics events, such as device type, operating system, and App version

What we try not to collect. We configure the App to mask sensitive information in session replays where possible, including passwords, authentication codes, and certain profile, payment, bidding, balance, referral, and support-related content. Despite these measures, some non-sensitive on-screen content may still be captured in a session replay.

Legal basis. We process this data based on your consent. If you withdraw consent, we stop new analytics collection and session recording from that point forward.

Retention. Analytics data is retained for 30 days in PostHog, after which it is deleted or anonymized in accordance with our retention settings.

Recipients. PostHog acts as a service provider / processor on our behalf. Their privacy information is available at posthog.com/privacy.

3. Legal Basis for Processing

We process personal data on the following legal bases:

  • Contractual necessity – to provide the App services, manage accounts, process bids, and deliver rewards
  • Legitimate interests – to operate, improve, secure the App and manage referral systems
  • Legal obligations – to comply with tax and regulatory requirements
  • Consent – for push notifications or other optional features

4. Data Sharing

We may share personal data with the following categories of recipients:

  • Cloud hosting providers located within the European Union
  • Database infrastructure providers
  • Email service providers
  • App store payment processors
  • Logistics and courier service providers
  • Third-party businesses or service providers responsible for delivering prizes

Third-party businesses and logistics providers will only receive the data necessary to fulfill prize delivery.

All service providers process data under contractual agreements ensuring GDPR compliance.

5. International Data Transfers

Where delivery of prizes requires shipment outside the European Union, personal data (such as delivery details) may be transferred to logistics providers or partner businesses located outside the EU.

Where required, we implement appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Contractual data protection obligations
  • Other lawful transfer mechanisms

6. Data Retention

We retain personal data as follows:

  • Active accounts: retained while account remains active
  • Deleted accounts: deleted or anonymized within 30 days
  • Transaction records: retained for 6 years to comply with tax obligations
  • Delivery data: retained as necessary for fulfillment and legal compliance (up to 6 years if linked to transaction records)
  • Referral data: retained while accounts remain active
  • Push notification tokens: deleted upon disabling notifications or account deletion
  • Server logs: retained up to 12 months

7. Public Content

Reviews and profile information, including your name, surname, nickname (if applicable), and avatar image, may be visible to other users within the App.

By providing such information, you acknowledge that it will be publicly displayed within the App environment.

You are responsible for the content you choose to make public.

Users may delete their reviews at any time.

8. Security

We implement appropriate technical and organizational measures, including:

  • Encrypted password storage
  • Secure EU-based hosting
  • Access controls
  • Data minimization principles

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Request deletion
  • Restrict processing
  • Object to processing
  • Data portability
  • Withdraw consent (where applicable)

You may exercise your rights by contacting:

privacy@pulldeal.com

You have the right to lodge a complaint with:

Agencia Española de Protección de Datos (AEPD)
www.aepd.es

10. Children’s Data

PullDeal is intended for users aged 18 and over. We do not knowingly collect personal data from minors. If such data is identified, it will be deleted.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated within the App.

12. Contact

privacy@pulldeal.com