Privacy Policy

OpenWatch is a read-mostly intelligence platform. Most of what we serve is public, and most of what we collect about you is the bare minimum to make accounts and alerts work:

• Email address— only if you sign up for an account, an alert, or our newsletter. Used to authenticate you and deliver the things you asked for. Nothing else.
• Usage analytics— aggregate page views and performance metrics via Vercel’s edge analytics. No third-party advertising trackers, no fingerprinting.
• Server logs— standard request logs (IP, user-agent, path) kept for security and debugging, rotated within 30 days.

We do not collect names, phone numbers, addresses, payment details (handled by our payment processor), or any other personally identifying information beyond email.

We use a small number of strictly functional cookies:

• Session cookies— set by Supabase to keep you logged in. Required for authenticated features.
• Preference cookies — small entries in localStorage for things like dismissed banners and theme choice.
• Cookie consent— one entry recording whether you accepted the cookie banner.

We do not use third-party advertising cookies, retargeting pixels, or cross-site tracking of any kind.

Portfolio data (local mode)— Portfolio positions saved in local mode are stored in localStorage under the key ow_portfolios_v2. This data never leaves your device. Clearing your browser’s site data permanently deletes it — there is no recovery. To protect your portfolio data, sign in to use server-synced storage instead.

We do not sell your data, period. To run the platform we share data with a small set of infrastructure vendors who act on our behalf:

• Supabase — authentication and database. Stores your email and account record.
• Vercel — hosting and edge analytics for the web frontend.
• Railway — backend compute for our data pipeline.
• Email delivery — transactional and digest emails, when you’ve subscribed.

Each of these is bound by their own data-processing agreements. We do not share data with advertisers, data brokers, or any party that would resell or repurpose it.

We keep your data only as long as we need it. Specifically:

• Email and account records: kept while your account is active. Deleted on request.
• Session and authentication data: rotated, with a 30-day maximum.
• Server logs: rotated within 30 days.

You can request deletion at any time by emailing privacy@openwatch.io. We will remove your account and any associated email-keyed records.

Depending on where you live (GDPR, CCPA, and similar regimes), you have the right to access, correct, export, or delete the data we hold about you. We honor those rights for everyone, regardless of jurisdiction. Email privacy@openwatch.io and we’ll respond within 30 days.

All traffic is served over HTTPS. Authentication uses industry-standard token-based sessions. We rotate credentials regularly and minimise the surface area of stored personal data — if we don’t need it, we don’t collect it.

You may delete your account and all associated portfolio data at any time from the Portfolio page → Account Settings → Delete account. Deletion is immediate and permanent — all portfolios and holdings stored server-side are removed. Alternatively, email privacy@openwatch.io and we’ll handle it within 30 days.

If we materially change how we handle data, we’ll update the effective date above and notify subscribed users by email. The latest version always lives at /privacy.

Questions, requests, or concerns: privacy@openwatch.io.