Price Alerts

1) Scope

This policy explains how we process data through the Price Alerts App when it is used inside ChatGPT. The App helps a user search Amazon products, display a selected product, and create a price alert that can later trigger an email notification if the price drops below the chosen threshold.

This policy covers Spheric Admin Ltd's processing through the App, its MCP server, widget, scheduled price-check logic, hosting, email delivery, database storage, and operational diagnostics. It does not replace OpenAI's policies for ChatGPT platform processing.

Important: The current App is not purely ephemeral. If you create or update a price alert, the current code stores your email address and alert details in a database, returns your email address in the tool response inside ChatGPT, and later uses that data to check product prices and send notification emails. The current server code also writes product, user, and alert objects to operational logs during some tool flows and scheduled processing.

2) Current tool contract and app behavior covered by this policy

• Tool: search-products.
• Search tool input fields: search.term and search.domain.
• Search tool structured output fields: results[].title, results[].price, and results[].asin.
• Search tool additional payloads: the current response also includes an assistant-visible text message and an assistant-visible JSON string copy of the structured output. Response metadata is currently {}.
• Tool: display-product.
• Display tool input fields: product.asin and product.domain.
• Display tool structured output fields: asin, domain, optional url, optional title, optional price.symbol, price.currency, price.value, price.display, optional mainImageUrl, optional imageUrls, optional rating, optional ratingsTotal, and optional featureBullets.
• Display tool additional payloads: the current response includes an assistant-visible text status message, an assistant-visible JSON string copy of the structured output, and response metadata containing a timestamp.
• Tool: create-price-alert.
• Create/update alert tool input fields: product.domain, product.asin, user.emailAddress, and price.target.
• Create/update alert tool structured output fields: priceAlert.product.domain, priceAlert.product.asin, priceAlert.user.emailAddress, priceAlert.price.creation, and priceAlert.price.target.
• Create/update alert additional payloads: the current response includes an assistant-visible confirmation string that names the product, repeats the email address, marketplace domain, and target price, plus an assistant-visible JSON string copy of the structured output. Response metadata is currently {}.
• In-widget data and behavior: the widget reads the product tool output and runtime presentation data such as locale, theme, display mode, and device-platform information exposed by the ChatGPT widget runtime. The widget also keeps temporary in-session UI state including the selected image, header display state, whether the price-alert form is open, desired price or desired percentage, email address while the form is being completed, loading state, and success confirmation state. The widget calculates the submitted target price client-side before calling create-price-alert.
• Current scope limits: apart from an email address used for alerts, the current App does not ask for name, phone number, postal address, payment card details, Amazon credentials, government ID, file uploads, camera, microphone, or precise device geolocation.

3) Data categories, purposes, recipients, retention, and controls

3.1 Product search and product display data

What: Search terms, Amazon marketplace domain, product ASIN, and returned Amazon product details such as title, URL, current price, images, rating, ratings count, feature bullets, and display-response timestamp.
Why: To search for products, identify a valid ASIN/domain pair, show the selected product in the widget, and prefill the price-alert flow.
Recipients: Our MCP server, OpenAI/ChatGPT as part of the tool invocation flow, Keepa (which the current App uses to retrieve Amazon product/search data), and our hosting/infrastructure providers. Product images may also be loaded from Amazon media domains in the widget, and if you choose "View on Amazon" then Amazon receives that request under Amazon's own policies.
Retention by us: The current code does not create a separate persistent search-history table or product-view history for simple browsing, but current tool responses and logs may temporarily contain returned product objects or related errors. A persistent product record may be created later if you create an alert for that product.
Your controls: You choose what search terms to use, which product to open, and whether to open the product externally on Amazon.

3.2 Alert setup data and returned confirmation data

What: The email address you provide for alerts, the selected product ASIN and marketplace domain, the target price you request, and the current product price captured when the alert is created or updated. The current tool response also returns your email address and the alert pricing fields in structured output and in assistant-visible text/JSON payloads.
Why: To create or update the alert, confirm the alert inside ChatGPT, and link that alert to the product and email address you chose.
Recipients: Our MCP server, OpenAI/ChatGPT as part of the tool response flow, our database provider, and our hosting/logging providers.
Retention by us: The current App stores alert-related data persistently in its database. The current code does not implement a self-service delete flow or automatic expiry for alerts. We keep these records until they are deleted by us following a request, are no longer needed to operate the App, or we must keep them longer for legal, security, or dispute-handling reasons. Tool outputs that include your email address may also remain in your ChatGPT conversation history under OpenAI's controls.
Your controls: You choose whether to create an alert, which email address to use, and what target price to submit. You can contact us to request deletion or other privacy-rights handling for records we control.

3.3 Stored alert records and scheduled price monitoring

What: The current database schema stores user records (id, email_address, optional is_email_address_valid, created_at), product records (id, asin, domain, last_known_price, last_checked_at, created_at), and price-alert records (id, user_id, product_id, creation_price, target_price, created_at). The current codebase also includes scheduled logic to re-check stored products and compare current prices against saved alert thresholds.
Why: To maintain active alerts over time and determine when a notification should be sent.
Recipients: Our database provider, Keepa for recurring price checks, our hosting/infrastructure providers, and our personnel or processors who need access for support, operations, or security.
Retention by us: These records are intended to persist while an alert remains active. The current code does not define an automatic purge period in the application itself.
Your controls: Do not create an alert if you do not want ongoing monitoring, and contact us if you want alert data deleted.

3.4 Email notification data

What: When an alert triggers, the current App sends the alert email address together with product title, product URL, product image URL, current price, target price, creation price, percentage change, and alert creation date to the mail-delivery provider so the notification email can be generated and sent.
Why: To send the price-drop notification you asked for.
Recipients: SMTP2GO (used by the current code as the mail-delivery provider), downstream email-transfer providers involved in delivery, and your email provider/mailbox operator.
Retention by us: We do not keep a separate archive of sent-email content in the App database, but mail-delivery records and related operational logs may be retained by us or our providers according to provider settings and operational needs.
Your controls: You choose whether to set up an alert, what email address to use, and you can contact us if you want future alerting to stop.

3.5 Widget runtime data and local session state

What: Runtime presentation values exposed by the ChatGPT widget environment such as locale, theme, display mode, and device platform, plus temporary in-session widget state such as selected image, title expansion state, form-open state, desired price, desired percentage, email address while entered in the form, saving state, and success-message state.
Why: To render the widget correctly, keep the form usable during the session, and submit the alert request when you choose to do so.
Recipients: OpenAI/ChatGPT and its widget runtime. Our MCP server receives only the data that is actually sent in tool calls, such as the selected product, email address, and target price.
Retention by us: This state is intended mainly to exist within the active session. If you submit the form, relevant fields become part of the tool call and are then handled as described elsewhere in this policy.
Your controls: You can stop using the widget, close the form, clear fields before submission, and manage ChatGPT conversation data through OpenAI controls.

3.6 Technical logs and analytics telemetry

What: Hosting, CDN, and network providers may process technical request data such as IP address, user agent, path, timestamp, status, and response time. In addition, the current App code writes several objects to server logs during tool handling and scheduled checks. Depending on the code path, those logs can include returned Amazon product objects, search results, product ASIN/domain, user email address, alert target price, alert creation price, database record identifiers, timestamps, and mail-delivery objects or responses. The current Express hosting path also sends server-side telemetry to Mixpanel.
Why: Security, abuse prevention, service reliability, debugging, performance monitoring, and incident response.
Recipients: Our hosting/infrastructure providers, Mixpanel for telemetry on the telemetry-enabled hosting path, and our personnel or processors who need access for operations or security.
Retention: We aim to minimize operational logs and generally retain them for no longer than 30 days unless a longer period is reasonably necessary for security, abuse prevention, incident handling, or legal obligations. Mixpanel telemetry is retained in our analytics workspace until deleted by us or removed by applicable workspace retention settings.
Your controls: Avoid including unnecessary detail in data you submit, use the App only when you want its functionality, and contact us with privacy or deletion requests.

3.7 Contact data if you email us

What: Your email address and the contents of your message.
Why: To respond to privacy, support, or legal requests and maintain a record of the request.
Recipients: Spheric Admin Ltd and our email/service providers acting on our behalf.
Retention: Up to 24 months after final resolution unless a longer period is required by law or reasonably needed to establish, exercise, or defend legal claims.

4) What we do not do

• No account password or sign-in flow through the current App.
• No collection of your name, phone number, postal address, payment card details, or government ID through the current tool fields.
• No access to your Amazon account credentials or purchase history through the current App.
• No sale of personal information.
• No camera, microphone, contacts, or precise device geolocation access by the current widget.
• No client-side advertising SDKs or cross-site tracking scripts embedded in the current widget.

5) Cookies and similar technologies

We do not intentionally set advertising or cross-site tracking cookies through the Price Alerts widget. ChatGPT/OpenAI, your browser, Amazon when you open an external link, and our hosting or infrastructure providers may use their own operational cookies or similar technologies under their own policies.

6) Sharing and disclosure

We do not sell personal information. We may disclose data only as necessary to:

• Operate, host, monitor, secure, and debug the App through service providers such as hosting, database, analytics, and email-delivery providers.
• Retrieve Amazon product data through Keepa and render the App's product search/display features.
• Create, maintain, and check persistent price alerts and send notification emails.
• Comply with law, regulation, legal process, or enforceable government request.
• Protect the rights, safety, and security of users, us, and the service.

7) User rights and controls

Depending on your jurisdiction, you may have rights to access, correct, delete, restrict, or object to processing of personal data we hold.

To exercise rights or ask questions, contact privacy.widgets@olutely.com. We may need to verify your identity before fulfilling a request.

Because the App runs inside ChatGPT, you can also manage conversation and account data through OpenAI controls. OpenAI's privacy policy: https://openai.com/policies/privacy-policy.

8) International processing

The App may be accessed globally, and data may be processed in countries where we or our service providers operate. Where required, we use appropriate safeguards for international data transfers.

9) Security

We implement reasonable technical and organizational safeguards designed to protect data processed through the App. No system can guarantee absolute security.

10) Children's privacy

The App is not directed to children under 13 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children.

11) ChatGPT / OpenAI platform notice

ChatGPT/OpenAI independently processes chat content, account data, conversation history, platform telemetry, widget runtime data, and follow-up messages under OpenAI's own terms and privacy practices. This policy describes Spheric Admin Ltd's processing through the Price Alerts App only.

12) Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the effective date above and ensure this policy continues to reflect the App's current tool inputs, outputs, storage, recipients, and disclosed data uses.

13) Contact

Questions about this policy or App privacy practices: privacy.widgets@olutely.com (Spheric Admin Ltd).