GrabDiff
Log in Start trial

Privacy Policy

Last updated: 23 May 2026

Who I am

GrabDiff is operated by Sam Reid, an individual based in Europe. Contact: sam@grabdiff.com.

What I collect and why

Account data: your email address and a hashed password (argon2id). Collected when you register. Used to authenticate you and send alert notifications. Never sold.

Monitor configuration: URLs, check intervals, diff thresholds, alert destinations you configure. Stored so the service can run your monitors.

Check results: HTTP status codes, response times, SSL certificate details, domain WHOIS data, heartbeat pings. Stored for the history window your plan allows (14 days free, 90 days Solo, 1 year Pro). Deleted automatically beyond that window.

Screenshots: headless-Chrome screenshots of the URLs you add to GrabDiff. Stored in Backblaze B2 (encrypted at rest). I do not look at your screenshots unless you ask for help with a specific incident. Deleted when you remove the monitor or delete your account.

Server logs: structured JSON logs including IP address, HTTP method, path, and status code. Retained for 7 days. No personal content logged.

Analytics: Cloudflare Web Analytics on marketing pages only. No cookies, no cross-site tracking, no fingerprinting. Nothing on the app itself.

Where data is stored

Account data and check results: Hetzner Cloud, Falkenstein, Germany (EU). Screenshots: Backblaze B2, EU region. All connections use TLS.

Third-party services

Hetzner Cloud — VPS hosting (Germany).

Backblaze B2 — screenshot storage.

Brevo — transactional email (alert notifications and account emails). Your email address is passed to Brevo to deliver these messages.

Stripe — payment processing for paid plans. I never see your card details; Stripe handles them directly under their own PCI-DSS compliance.

Cloudflare — DNS, domain registration, and marketing-page analytics.

Your rights

Access: email sam@grabdiff.com and I will tell you what data I hold on you.

Correction: update your email from Settings. Other corrections by request.

Deletion: go to Settings and use the "Delete account" option. This removes your account, all monitors, all check results, and all screenshots immediately and permanently. There is no recovery after deletion.

Export: CSV export of monitors, incidents, and ping history is available from Settings. Screenshots are accessible as direct links while your account is active.

Objection / restriction: contact sam@grabdiff.com. For GDPR complaints you can also contact your local supervisory authority.

Cookies

One session cookie, HttpOnly and Secure, used only to keep you logged in. No tracking cookies. No third-party cookies on the app.

Changes

I will update this page if anything material changes. The date at the top will reflect the latest revision. For significant changes I will email registered accounts.