Skip to content
DealIndex .ai
Every deal price-checked against 90 days of real data. No sponsored deals. No fake discounts.

Legal · last updated 19 April 2026

Privacy policy

DealIndex.ai ("DealIndex", "we") is operated by Orokrt Retail Ltd, a company registered in England and Wales (the "controller"). This page explains what we collect, why, how long we keep it, and the rights you have over it.

What we collect

  • Email address — only when you sign up to the newsletter, set up a price alert, or contact us. Lawful basis: consent (newsletter, alerts) or legitimate interest (replying to a contact-form message).
  • Mobile number (optional) — only when you explicitly tick the "text me" consent box on a pledge (or, later, a price alert). We store the number alongside your chosen channel (WhatsApp, SMS, or either) and which pledge/alert you asked us to message you about. Lawful basis: consent under PECR Reg 22. See the dedicated section below for what we do with it.
  • Hashed IP address — for the affiliate-click handler at /api/go/…, for the contact form, and for the MCP server's per-IP rate limit. We hash with SHA-256 immediately and never persist a raw address. Lawful basis: legitimate interest (rate limiting, fraud prevention).
  • User-agent + referer headers — for the same three surfaces, kept alongside the hashed IP. Used for attribution debugging only.
  • Aggregated page-view data — via a cookieless analytics provider that does not collect personal data. There is no consent banner because there's nothing to consent to.

What we don't collect

  • No advertising or tracking cookies. No Facebook Pixel, no Google Ads retargeting.
  • No cross-site profiling.
  • No client-side conversation history beyond your own browser (the on-site chat keeps the last 20 messages in localStorage; clear your site data and they're gone).
  • No payment information — we don't sell anything directly.

Where the data lives

DealIndex's application database sits inside the EEA. Some supporting services — the AI chat assistant, newsletter delivery and error monitoring — process a narrow slice of data outside the EEA under the UK International Data Transfer Addendum to the EU Standard Contractual Clauses. A dated list of the specific providers we use, what each one does and the data it sees, is published at /sub-processors.

How long we keep it

  • Newsletter subscribers: until you unsubscribe.
  • Price alerts: until you cancel them or the alert is delivered.
  • Mobile numbers + consent: detailed in the Mobile data handling section below.
  • Hashed IPs from the contact form and click handler: 90 days.
  • Plausible aggregated data: indefinite (no PII).
  • Chat session logs: 90 days, then anonymised (we keep the query + the recommendation but drop any session identifier).

Mobile data handling

Providing a mobile number is entirely optional. We only store it when you explicitly tick the "text me" consent box — the box is never pre-checked. This follows the Privacy and Electronic Communications Regulations (PECR, Reg 22) rule that electronic marketing messages require prior, specific, informed consent.

  • What we'll send. Updates about the pledges or deals you've specifically asked to be texted about — e.g. "the pledge you joined has reached its target" or "the price you set has dropped". No marketing spam, no third-party offers.
  • How often. Maximum two messages per week, per person. If a flurry of milestones hits in the same week we'll batch them into one message rather than send three.
  • Which channel. Whichever you picked — WhatsApp, SMS, or "either". You can change this at any time by replying to one of our messages or emailing [email protected].
  • How to stop. Reply STOP to any message, at any time, from the number you gave us. We mark your number unsubscribed immediately and won't message it again. No "are you sure" follow-up.
  • Retention. We keep the number while the consent is live. When you unsubscribe we retain a hashed record of the number for 12 months so a re-subscription attempt doesn't silently re-enrol you, then delete it.
  • We never sell your number. No resale, no sharing with retailers, no lookalike-audience uploads. The only third parties that see it are the dispatch providers that actually carry the message (named in /sub-processors).

Right to erasure applies to mobile data just like everything else — email [email protected] and we'll delete your record within 30 days.

Your rights

You can ask us at any time, free of charge, to:

  • Access the data we hold on you.
  • Correct it.
  • Delete it (right to erasure).
  • Restrict or object to processing.
  • Receive a copy in a machine-readable format (data portability).

Email [email protected] and we'll action it within 30 days. You can also complain to the ICO if you're not happy with our response — ico.org.uk/make-a-complaint.

Affiliate links

DealIndex earns a commission on qualifying purchases via Amazon Associates, Awin and Skimlinks. The affiliate redirect adds attribution parameters to the outbound URL — see /affiliate-disclosure.

Changes

Material changes will be flagged on the homepage for two weeks before they take effect. Editorial fixes (typos, broken links) update the "last updated" date silently.