Privacy Policy

Effective Date: December 17, 2025

Company: Watchtower

Last Updated: Jan 12, 2026

1. Introduction

Welcome to Watchtower ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our SaaS platform, or interact with our services. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), and other relevant privacy regulations.

By using our services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with our policies and practices, please do not use our services.

2. Information We Collect

2.1 Personal Information You Provide

We collect personal information that you voluntarily provide to us, including:

  • Account Information: Name, email address, company name, job title, phone number, and billing address
  • Profile Information: User preferences, settings, and customizations
  • Communication Data: Information you provide when contacting us, including support requests, feedback, and correspondence
  • Payment Information: Billing details and payment card information (processed securely through third-party payment processors)
  • Content and Data: Files, documents, and other content you upload, store, or process through our platform

2.2 Information We Collect Automatically

When you use our services, we automatically collect certain information:

  • Usage Data: Information about how you interact with our platform, including features used, time spent, and user behavior patterns
  • Device Information: IP address, browser type and version, operating system, device identifiers, and hardware specifications
  • Log Data: Server logs, error reports, and system performance data
  • Location Information: General geographic location based on IP address (not precise location)
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies

2.3 Information from Third Parties

We may receive information about you from:

  • Integration Partners: Data from third-party services you connect to our platform
  • Business Partners: Information from companies that refer customers to us
  • Public Sources: Publicly available information to verify business details
  • Data Providers: Business contact information from legitimate data providers

3. How We Use Your Information

We use your personal information for the following purposes:

3.1 Service Provision

  • Providing, maintaining, and improving our SaaS platform
  • Processing transactions and managing your account
  • Authenticating users and preventing unauthorized access
  • Providing customer support and technical assistance
  • Customizing your user experience

3.2 Business Operations

  • Communicating with you about our services, updates, and changes
  • Sending marketing communications (with your consent where required)
  • Conducting analytics to improve our services
  • Monitoring and analyzing usage trends
  • Ensuring compliance with legal obligations

3.3 Legal and Security Purposes

  • Protecting against fraud, security threats, and illegal activities
  • Enforcing our terms of service and other agreements
  • Complying with legal requirements and responding to legal requests
  • Protecting our rights, property, and safety, and that of our users

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, our legal bases for processing personal information include:

  • Contract Performance: Processing necessary to provide our services under our Terms of Service
  • Legitimate Interests: Our legitimate business interests in operating and improving our platform, subject to your rights and interests
  • Consent: Where you have given explicit consent for specific processing activities
  • Legal Obligation: Processing required to comply with applicable laws and regulations

5. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with trusted third-party service providers who assist us in:

  • Cloud hosting and infrastructure services
  • Payment processing
  • Email and communication services
  • Analytics and performance monitoring
  • Customer support tools
  • Security and fraud prevention services

All service providers are contractually bound to protect your information and use it only for the specified purposes.

5.2 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal information may be transferred as part of the transaction. We will provide notice before your information is transferred and becomes subject to different privacy practices.

5.3 Legal Requirements

We may disclose your information when required by law or in response to:

  • Court orders, subpoenas, or legal process
  • Government investigations or requests
  • Protection of our rights, property, or safety
  • Compliance with regulatory requirements

5.4 With Your Consent

We may share your information for other purposes with your explicit consent.

6. International Data Transfers

As a US-based company serving global customers, we may transfer your personal information across international borders. For transfers from the EEA, UK, or Switzerland to other countries, we implement appropriate safeguards, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions by relevant authorities
  • Other legally approved transfer mechanisms

We ensure that any international transfers comply with applicable data protection laws and provide adequate protection for your personal information.

7. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations
  • Resolve disputes and enforce our agreements
  • Fulfill the purposes outlined in this Privacy Policy

Retention Periods:

  • Account Data: Retained while your account is active and for up to 7 years after closure for business and legal purposes
  • Usage Data: Typically retained for 2-3 years for analytics and service improvement
  • Communication Records: Retained for up to 6 years for customer service and legal purposes
  • Financial Records: Retained in accordance with applicable accounting and tax requirements

When we no longer need your personal information, we will securely delete or anonymize it. These values may change based on specific contract SLAs.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal information:

8.1 General Rights

  • Access: Request information about the personal data we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information (subject to certain exceptions)
  • Data Portability: Request a copy of your data in a structured, machine-readable format
  • Objection: Object to certain types of processing
  • Restriction: Request restriction of processing under certain circumstances

8.2 GDPR Rights (EEA, UK, Switzerland)

If you are located in the EEA, UK, or Switzerland, you have additional rights under GDPR, including:

  • The right to withdraw consent at any time
  • The right to lodge a complaint with your local data protection authority

8.3 CCPA/CPRA Rights (California Residents)

If you are a California resident, you have the following rights under CCPA/CPRA:

  • Right to Know: Request information about the categories and specific pieces of personal information we collect, use, disclose, and sell
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of the sale or sharing of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Equal service and pricing regardless of exercising your privacy rights
  • Right to Limit: Request limitation of the use of sensitive personal information

8.4 How to Exercise Your Rights

To exercise your privacy rights, please:

We will respond to your request within the timeframes required by applicable law (typically 30 days for GDPR requests and 45 days for CCPA requests, with possible extensions).

Identity Verification: We may need to verify your identity before processing your request to protect your personal information from unauthorized access.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience and collect information about usage patterns.

9.1 Types of Cookies We Use

  • Essential Cookies: Necessary for basic website functionality and security
  • Performance Cookies: Help us analyze how visitors use our website
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Used to deliver relevant advertisements (with your consent)

9.2 Cookie Management

You can control cookies through your browser settings. However, disabling certain cookies may limit your ability to use some features of our services.

For more detailed information about our use of cookies, please refer to our Cookie Policy.

10. Data Security

We implement appropriate technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

  • Encryption: Data encrypted in transit and at rest using industry-standard protocols
  • Access Controls: Strict access controls and authentication mechanisms
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • Regular Audits: Security assessments and penetration testing
  • Employee Training: Regular security and privacy training for all personnel
  • Incident Response: Comprehensive incident response procedures

While we strive to protect your personal information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

11. Children's Privacy

Our services are not intended for children under the age of 16 (or under 13 in the United States). We do not knowingly collect personal information from children. If we discover that we have collected personal information from a child, we will promptly delete such information from our systems.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

12. Third-Party Links and Services

Our platform may contain links to third-party websites, applications, or services that are not operated by us. This Privacy Policy does not apply to third-party services. We encourage you to review the privacy policies of any third-party services you access through our platform.

We are not responsible for the privacy practices of third-party services and cannot control how they collect, use, or share your information.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending an email notification to your registered email address
  • Providing notice through our platform

The updated policy will be effective as of the date specified in the revised policy. Your continued use of our services after the effective date constitutes acceptance of the updated Privacy Policy.

14. Data Protection Officer and Contact Information

Data Protection Officer (DPO): Trevor Heath (CEO)

Email: privacy@yourwatchtower.com

Phone: Not available; please use email

Privacy Contact:

Email: privacy@yourwatchtower.com

Address: 17595 Harvard Ave Ste #C-632, Irvine, California 92614

EU Representative (if applicable): To be determined; we are currently working on GDPR compliance and will update this section once completed.

15. UK Privacy Representative

We value your privacy and your rights as a data subject and have therefore appointed Prighter Group with its local partners as our privacy representative and your point of contact for the following: United Kingdom

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative, Prighter or make use of your data subject rights, please visit the following website: https://app.prighter.com/portal/17383955596

16. Complaints and Regulatory Contact

If you have concerns about our privacy practices, you may file a complaint with:

  • For GDPR-related complaints: Your local data protection authority in the EEA, UK, or Switzerland
  • For CCPA-related complaints:

    California Attorney General's Office

    300 South Spring Street

    Los Angeles, CA 90013

    Phone: (213) 897-2000

  • For other jurisdictions: Contact your local privacy regulator or data protection authority

17. "Do Not Sell My Personal Information" (California Residents)

We do not sell personal information as defined by the CCPA. If our practices change in the future, California residents will have the right to opt out of such sales.

18. Accessibility

We are committed to ensuring this Privacy Policy is accessible to individuals with disabilities. If you need this policy in an alternative format, please contact us at the information provided above.

Questions or Concerns?

If you have any questions or concerns about this Privacy Policy or our privacy practices, please don't hesitate to contact us at privacy@yourwatchtower.com. We are committed to addressing your privacy concerns and ensuring transparency in our data handling practices.