Privacy Policy

1. Introduction

Digital Privacy Watchdog (“we,” “us,” or “our”) operates digitalprivacywatchdog.com (the “Platform”). We are a consumer privacy advocacy company. This Privacy Policy explains what information we collect, how we use it, and the rights you have regarding your personal data.

We practice what we preach. We do not use third-party advertising trackers, sell your personal information, or share your data with anyone except the service providers listed in this policy. Our entire business model is built on protecting consumer privacy — and that starts with how we handle your data.

Operator: Digital Privacy Watchdog
Contact: team@digitalprivacywatchdog.com

2. Information We Collect

2.1 Information You Provide

When you create an account or use our Platform, you may provide:

• Account information: your full name, email address, ZIP code, and state. This is used to create your account and personalize your experience (e.g., showing you nearby privacy violators).
• Member ID: each registered member is assigned a unique Member ID in the format WD-NNNNNNN (e.g., WD-0001234). This ID is used to identify your account in our records.
• Password: stored as a one-way bcrypt hash. We cannot read your password, and neither can anyone else. We will never ask you for your password in an email or support request.
• Visit confirmation data: when you confirm that you have personally visited a business, we record your Member ID, the business domain, visit timestamp, visit frequency, recency, an optional context note you provide, and the IP address of the request. You also confirm that the information you provide is true and accurate.
• Forum data: posts, replies, and upvotes you submit to community discussion channels. Forum content is associated with your account and may be visible to other members. Reported content is flagged for moderation review.
• Watchlist data: businesses you add to your personal watchlist and your alert preferences (e.g., frequency, notification type). This data is used to generate privacy alerts relevant to you.
• CCPA removal request data: when you initiate a data removal request on your behalf, we record the tracker companies identified, the deletion request status, and the email address used to send the request. This data is used solely to track and fulfill your removal requests.
• Self-reported sites: domain names you submit for privacy scanning review.
• Payment information: we do not store credit card numbers, expiration dates, or CVVs on our servers. All billing is handled directly by Stripe, a PCI-DSS compliant payment processor. We receive only a subscription status and customer identifier from Stripe. Stripe's privacy policy governs how payment information is handled: stripe.com/privacy.

2.2 Information Collected Automatically

When you use the Platform, we automatically collect limited technical data for security and service reliability purposes:

• IP address (used for rate limiting and abuse prevention)
• Browser type and version
• Device type and operating system
• Pages viewed and timestamps of access
• Referring URL

This data is collected through server logs — not through client-side tracking scripts or analytics SDKs. We do not use Google Analytics, Meta Pixel, or any third-party behavioral tracking tools.

2.3 What We Do Not Collect

We explicitly do not:

• Use third-party advertising tracking pixels or cookies
• Use behavioral analytics platforms (e.g., Google Analytics, Hotjar, Mixpanel)
• Track you across other websites
• Collect biometric data, financial account details, or government ID numbers
• Sell or rent your personal information to any third party for any purpose

3. Cookies and Tracking Technologies

We use only essential cookies and storage mechanisms necessary to operate the Platform:

• Session cookies: maintain your authenticated session so you stay logged in while using the Platform. These are deleted when you close your browser or log out.
• CSRF tokens: protect form submissions from cross-site request forgery attacks. These are security-critical and cannot be disabled.
• Rate limiting (Upstash Redis): we use Upstash Redis to enforce rate limits on API endpoints and prevent abuse. Rate limit counters are keyed by IP address and are automatically purged after a short TTL. No personally identifying information beyond IP address is stored for this purpose.

We do not use analytics cookies, advertising cookies, preference cookies, or any other non-essential cookies. You will not see a cookie consent banner because we only use cookies that are strictly necessary to provide the service you requested.

4. How We Use Your Information

We use the information we collect to:

• Create and maintain your account, including assigning your Member ID
• Provide our core service: matching your confirmed business visits against our privacy violation database and displaying results in your dashboard
• Display and manage your personal watchlist and deliver privacy violation alerts for businesses you are monitoring
• Host community forum discussions, including displaying posts and replies visible to other members
• Send CCPA data deletion requests to tracker companies on your behalf, and track the status of those requests
• Send weekly privacy alert emails listing businesses near you or in your confirmed visits that have documented privacy violations
• Generate monthly privacy summary reports for your records (Premium tier)
• Send automated opt-out and data deletion requests to businesses on your behalf, as authorized by applicable privacy laws (Premium tier)
• Send transactional emails via Resend: account verification, password reset, billing confirmations, watchlist alerts, and CCPA removal request receipts
• Process subscription payments via Stripe and manage your billing relationship
• Prevent fraud, abuse, and unauthorized access to the Platform via rate limiting and IP-based controls
• Comply with applicable laws and respond to lawful legal requests

We do not use your data to train AI or machine learning models. We do not use your data for behavioral advertising or profiling for sale to third parties.

5. Information Sharing and Third-Party Services

We share your information only with the following categories of service providers, solely to operate the Platform:

• Vercel (hosting): our Platform is hosted on Vercel's infrastructure. Server logs including IP addresses pass through Vercel. Vercel's privacy policy applies to data processed on their infrastructure.
• Neon (database): your account data is stored in a Neon PostgreSQL database. Neon is a SOC 2 compliant cloud database provider. Your data is encrypted at rest and in transit.
• Resend (transactional email): we use Resend to deliver account verification emails, weekly privacy reports, and other transactional messages. Your email address and name are shared with Resend for this purpose. Resend does not use this information for any other purpose.
• Stripe (payments): Premium subscription billing is processed entirely by Stripe, a PCI-DSS compliant payment processor. We share your email address with Stripe to create a billing customer. We do not store or process your payment card information ourselves. Stripe's privacy policy governs payment data: stripe.com/privacy.
• Upstash (rate limiting): we use Upstash Redis to enforce API rate limits. IP addresses are used as rate limit keys and are not retained beyond the TTL window. Upstash does not receive any other personal information.

All service providers are contractually required to use your data only to provide services on our behalf and are prohibited from using it for their own commercial purposes.

We may disclose information if required by law, court order, or lawful government request, or if we reasonably believe disclosure is necessary to protect the rights, property, or safety of Digital Privacy Watchdog, our users, or the public.

We do not sell, rent, or license your personal information to any third party.

6. Data Retention

We retain your personal information for as long as your account is active. Specifically:

• Account data (name, email, ZIP, state, Member ID): retained while your account exists. Deleted within 30 days of account deletion request.
• Visit confirmations: retained while your account exists. Deleted or anonymized within 30 days of account deletion.
• Forum posts and replies: retained unless deleted by you or removed by moderation. Deleted within 30 days of account deletion.
• Watchlist and alert data: retained while your account exists. Deleted within 30 days of account deletion.
• CCPA removal request records: retained for the life of your account as a record of actions taken on your behalf. You may request deletion by emailing us.
• Protection action logs (opt-out requests): retained for the life of your account. You may request deletion.
• Billing records: Stripe maintains payment history records subject to their data retention policies. We retain subscription status records as required for accounting and fraud prevention.
• Server logs: retained for up to 90 days for security and abuse prevention, then automatically purged.
• Rate limiting data (Upstash): IP-based rate limit counters are automatically purged after a short TTL (typically minutes to hours).

7. Data Security

We implement industry-standard security measures to protect your information:

• All data transmission encrypted via HTTPS/TLS
• Passwords hashed using bcrypt with appropriate work factor — we cannot recover or read your password
• Database access restricted by network policy and application credentials
• API endpoints rate-limited to prevent brute force and abuse
• Admin-only endpoints (including data sync) protected by API key authentication
• No plaintext storage of sensitive credentials in the codebase

No security measure is 100% perfect. In the event of a data breach that affects your personal information, we will notify you by email within the timeframe required by applicable law.

8. Your Privacy Rights

8.1 Rights for All Users

Regardless of where you live, you may:

• Access the personal information we hold about you
• Correct inaccurate information in your account settings
• Request deletion of your account and associated personal data by emailing team@digitalprivacywatchdog.com
• Opt out of non-essential emails through your account settings or email unsubscribe links

8.2 California Residents — CCPA Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

• Right to Know: you may request a report of the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.
• Right to Delete: you may request that we delete personal information we have collected from you, subject to certain exceptions (e.g., information needed to complete an active subscription).
• Right to Opt-Out of Sale: we do not sell personal information. You do not need to opt out because no sale occurs.
• Right to Non-Discrimination: we will not discriminate against you for exercising your CCPA rights. Exercising these rights will not affect your account or service access.

To submit a CCPA request, email team@digitalprivacywatchdog.com with the subject line “CCPA Request.” We will respond within 45 days. We may ask you to verify your identity before processing the request.

8.3 Other U.S. State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), and other states with comprehensive privacy laws have similar rights to access, correct, and delete their data. Contact us at the address above to exercise your rights under applicable state law.

9. Children's Privacy

The Platform is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at team@digitalprivacywatchdog.com and we will delete such information promptly.

Users must be at least 18 years old to create an account, as stated in our Terms of Service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify registered users by email and post the updated policy with a new “Last updated” date at the top of this page. If you continue to use the Platform after the updated policy takes effect, you accept the revised terms. We encourage you to review this policy periodically.

11. Contact Us

For questions about this Privacy Policy, to exercise your privacy rights, or to report a privacy concern, contact us at:

Digital Privacy Watchdog
team@digitalprivacywatchdog.com

We aim to respond to all privacy inquiries within 5 business days.