Privacy Policy
Last updated: February 2025
Introduction
WatchScope ('we') is committed to protecting your personal data. This policy describes what data we collect, how we use it, and your rights under the General Data Protection Regulation (GDPR).
Data collected
We collect the following data: • Identification data: name, professional email address • Connection data: IP address, login timestamps • Usage data: monitored domains, scan results, generated reports • Billing data: billing details (processed by Stripe — we do not store your banking data)
Roles and responsibilities — organization data
WatchScope operates a multi-tenant model: organizations use the platform to monitor domains belonging to their own end clients. In this context, the organization is the data controller for any personal data relating to its end clients that it adds to the platform. WatchScope acts as a data processor on behalf of the organization within the meaning of Article 28 GDPR. As such, WatchScope commits to: • Processing that data only in accordance with the organization’s instructions • Applying appropriate technical and organisational security measures • Deleting or returning that data at the end of the contract Organizations remain responsible for informing their own clients that their domains are being monitored through WatchScope.
Use of data
Your data is used exclusively to: • Provide the security monitoring service (legal basis: performance of contract — Art. 6.1.b) • Send alerts and notifications related to your account (legal basis: performance of contract — Art. 6.1.b) • Improve the platform via aggregated, anonymised data (legal basis: legitimate interest — Art. 6.1.f) • Comply with our legal obligations (legal basis: legal obligation — Art. 6.1.c) We never sell your data to third parties.
Hosting and transfers
All your data is hosted on servers located in the European Union, on infrastructure provided by OVH (France). This provider is listed as a sub-processor and is subject to the same GDPR safeguards as all other processors engaged by WatchScope. No data transfers outside the EU are made without appropriate safeguards in accordance with GDPR.
Retention period
We retain your data for the duration of your subscription, plus 12 months after termination for legal reasons. Security logs are retained for 90 days. You may request export or deletion of your data at any time; such requests will be processed within 30 working days.
Your rights
Under GDPR, you have the following rights: • Right of access to your data • Right of rectification • Right to erasure (‘right to be forgotten’) • Right to data portability • Right to object to processing • Right to withdraw consent We will respond to any request within one month of receipt, in accordance with Article 12 GDPR. To exercise your rights, contact us at contact@watchscope.io. You also have the right to lodge a complaint with the competent supervisory authority — for users in France: the CNIL (www.cnil.fr); for users in Portugal: the CNPD (www.cnpd.pt).
Data protection officer
As an individual operator processing personal data at low volume for professional purposes, WatchScope is not legally required to appoint a Data Protection Officer (DPO). The data controller can be reached directly at contact@watchscope.io for any data protection queries.
Cookies
We only use cookies strictly necessary for the operation of the service: • Authentication session cookie (httpOnly, secure) • Language preference cookie We do not use advertising or third-party tracking cookies.
Sub-processors
We use the following sub-processors, all GDPR-compliant: • Stripe (billing) — data hosted in EU • Resend (transactional emails) — data hosted in EU • OVH (infrastructure) — servers in EU This list may be updated. Users will be notified by email of any new sub-processor at least 14 days before it is engaged, with the option to object.
Changes
We reserve the right to modify this policy at any time. You will be notified by email of any substantial change at least 30 days before it takes effect. If you do not accept the modifications, you may terminate your subscription without penalty before the effective date of the new policy.
Contact
For any questions regarding this policy or your personal data: Email: contact@watchscope.io WatchScope — watchscope.io