WebWatch — Uptime Monitoring for Australian Businesses

1. Who We Are

WebWatch (ABN 40 670 532 871) operates the website monitoring service at webwatch.com.au. This policy describes how we collect, use, store, and protect your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth).

2. Information We Collect

We collect the following personal information:

Account information: Email address (required for signup and authentication)
Monitor configuration: Website URLs you choose to monitor, check types, and alert settings
Usage data: Check results (up/down status, response times), incident history, and alert delivery records
Technical data: IP address (for rate limiting and security), browser type (via standard HTTP headers)
Payment information: Processed entirely by LemonSqueezy. We store only a customer ID and subscription ID — we never see or store your credit card details.

3. How We Use Your Information

We use your personal information to:

Provide the monitoring service (checking your URLs, sending alerts)
Authenticate your account and manage sessions
Process subscription changes and billing (via LemonSqueezy)
Send downtime and recovery alert notifications
Protect the service from abuse (rate limiting, security monitoring)

We do not sell, rent, or share your personal information with third parties for marketing purposes. We do not use your data for advertising or profiling.

4. Data Sub-Processors

We use the following third-party services to operate WebWatch. Your data may be processed in their respective jurisdictions:

Service	Purpose	Jurisdiction
Supabase	Database and authentication	Singapore (Asia-Pacific region)
Vercel	Website hosting and delivery	Global CDN (US-based company)
Brevo	Email alert delivery	European Union
LemonSqueezy	Payment processing (Merchant of Record)	United States

By using WebWatch, you acknowledge that your data may be processed outside of Australia by these providers. Each provider maintains their own privacy and security practices.

5. Data Retention

Raw check data: Retained for 24 hours, then aggregated
Hourly aggregates: Retained for 30 days
Daily aggregates: Retained for 1 year
Account data: Retained while your account is active. Deleted within 30 days of account termination.
Alert logs: Retained for 30 days

6. Data Security

We protect your data through:

Encryption in transit (HTTPS/TLS on all connections)
Row-Level Security (RLS) on all database tables ensuring users can only access their own data
Authentication via secure JWT tokens
Rate limiting on authentication endpoints
Security headers (CSP, HSTS, X-Frame-Options)
Daily encrypted database backups

7. Your Rights

You have the right to:

Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your account and associated data
Portability: Request an export of your monitoring data

To exercise any of these rights, contact us at support@webwatch.com.au. We will respond within 30 days.

8. Cookies

WebWatch uses essential cookies only for authentication session management. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated via the email address associated with your account.

10. Complaints

If you believe we have handled your personal information inappropriately, please contact us at support@webwatch.com.au. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC).

11. Contact

WebWatch (ABN 40 670 532 871)
Email: support@webwatch.com.au

Privacy Policy