DependWatch

Legal

Privacy Policy

Last updated: March 2025. DependWatch provides external API observability, cost monitoring, and guardrails. This policy describes how we handle your information.

1. What we collect

  • Account information: When you sign up (e.g. via Google, GitHub, or email), we store your email, name (if provided), and authentication identifiers. We use this to manage your account and sessions.
  • Workspace and project data: Names and settings for workspaces and projects you create, including ingest key metadata (e.g. key IDs and hashes). We do not store raw ingest keys in plain text; keys are hashed for verification.
  • Event and telemetry data: Data sent by the DependWatch SDK from your application: provider name, endpoint, latency, status codes, optional cost estimates, and similar operational metrics. This data is scoped to your project and used to power the dashboard, API Intelligence, and guardrails.
  • Cookies and session data: We use session cookies and similar technologies to keep you signed in and to remember preferences (e.g. theme). Session data is used only for authentication and security.
  • Billing information: If you subscribe to a paid plan, payment and billing details are processed by Stripe. We store subscription status and plan identifiers; we do not store full payment card numbers.

2. How we use your data

We use the data above to provide and operate DependWatch: to authenticate you, to store and display your projects and metrics, to run guardrails and alerts, to send transactional emails (e.g. magic links, security and product notifications), and to improve our service (e.g. reliability, performance). We do not sell your personal data.

3. Retention

Event and telemetry data are retained according to your plan (e.g. 7 days for Free, 90 days for Pro, 365 days for Scale). Account and workspace data are retained while your account is active. After account closure, we may retain certain data for a limited period for legal and operational purposes; you can request deletion (see below).

4. Sharing and subprocessors

We use service providers to run DependWatch: hosting and infrastructure, authentication (e.g. OAuth providers), email delivery, and payment processing (Stripe). These providers process data on our behalf under agreements that limit use to providing the service. We may disclose information if required by law or to protect our rights and safety.

5. Security

We use TLS for all traffic, HTTP-only session cookies, and access controls. Ingest keys are hashed; we do not store or log raw keys or request bodies. For more detail, see our Security page.

6. Your rights and contact

Depending on where you live, you may have rights to access, correct, or delete your personal data. To exercise these or ask questions about this policy, contact us at privacy@dependwatch.app or via our Contact page. We aim to respond within a few business days.

7. Changes

We may update this policy from time to time. We will post the revised policy on this page and update the "Last updated" date. Continued use of DependWatch after changes constitutes acceptance of the updated policy.