Stackwatch
Log inGet started

Legal

Privacy Policy

Effective date: 16 March 2026 · Last updated: 16 March 2026

1. Overview

Stackwatch (“we”, “us”, or “our”) is operated by an individual based in India. This Privacy Policy describes how we collect, use, store, and disclose information when you use our service at stackwatch.pulsemonitor.dev (“Service”).

This Policy is published in compliance with the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

2. Information We Collect

2.1 Account Information

When you register, we collect your email address and (if you set one) a hashed password. If you sign in via GitHub or Google OAuth, we receive only your email address and public profile name from those providers.

2.2 Integration Credentials

You may provide API tokens or keys for third-party services (GitHub, Vercel, Supabase). These are encrypted using AES-256 at rest before storage. We never log, display, or transmit raw keys outside of the encrypted data store.

2.3 Usage Data

We poll your connected service APIs on your behalf and store the resulting metrics (e.g., Actions minutes used, database size) in our database. This data is used solely to power your dashboard and generate alerts.

2.4 Log and Technical Data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This data is retained for up to 30 days and used for security and debugging purposes only.

3. How We Use Your Information

  • To provide, operate, and maintain the Service
  • To send usage alerts and notifications you have configured
  • To respond to your support requests
  • To detect and prevent fraud, abuse, or security incidents
  • To comply with legal obligations under applicable Indian law

We do not sell your personal data to third parties. We do not use your data for advertising or profiling unrelated to the Service.

4. Sensitive Personal Data or Information (SPDI)

Under the SPDI Rules, API keys and passwords qualify as sensitive personal data. We handle this data with enhanced controls: encryption at rest, access restricted to the minimum necessary personnel, and no transmission to third parties except the service you have explicitly connected.

5. Data Sharing and Third Parties

We share your data only in the following circumstances:

  • Supabase — our database and authentication provider (data processed in the EU/US under their DPA)
  • Vercel — our hosting provider (infrastructure only, no application data access)
  • Resend — used to deliver alert emails on your behalf
  • Railway — runs our background polling worker
  • As required by law or court order under Indian jurisdiction

6. Data Retention

We retain your account data for as long as your account is active. Usage snapshots are retained for 7 days (Free tier) or 30 days (Pro/Team). You may request deletion of your account and all associated data at any time by emailing us (see Section 10).

7. Cross-Border Data Transfers

Our infrastructure providers (Supabase, Vercel, Railway) may store and process data outside India. By using the Service, you consent to such transfers. We ensure these providers maintain adequate security standards consistent with the DPDP Act and applicable data protection laws.

8. Your Rights

Under the DPDP Act, 2023 and applicable law, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request erasure of your data (“right to be forgotten”)
  • Withdraw consent for processing at any time
  • Nominate a person to exercise rights on your behalf in the event of death or incapacity
  • File a complaint with the Data Protection Board of India

To exercise any of these rights, email our Grievance Officer (Section 10) with the subject line “Data Rights Request”.

9. Security

We implement reasonable security practices as required under the SPDI Rules, including AES-256 encryption for sensitive credentials, HTTPS-only communication, Row Level Security on all database tables, and restricted service-role access for background jobs. No system is perfectly secure — please use a strong, unique password and enable two-factor authentication on your connected service accounts.

10. Grievance Officer

As required under the IT Act, 2000 and SPDI Rules, we have appointed a Grievance Officer. You may contact them for any privacy-related concerns:

Grievance Officer — Stackwatch

Email: anubhavrai100@gmail.com

We aim to acknowledge your grievance within 48 hours and resolve it within 30 days.

11. Cookies

We use only essential session cookies required for authentication. We do not use advertising, analytics, or tracking cookies. You can disable cookies in your browser settings, but this will prevent you from logging in.

12. Children's Privacy

The Service is not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If you believe a minor has provided us data, please contact the Grievance Officer for immediate deletion.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email and update the “Last updated” date at the top. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Governing Law

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts of India.