Privacy Policy
Last updated: June 23, 2026
Who we are
PolicyWatcher is an independent civic-tech platform created by Fabrizio Degni, based in the European Union. This platform monitors and analyzes publicly available privacy policies and terms of service of major technology and fintech companies.
For any privacy-related questions, you can contact us at: privacy@policywatcher.online
What data we collect
PolicyWatcher is designed to collect as little personal data as possible.
Data you provide voluntarily
If you subscribe to email alerts, we collect:
- Email address (required): to send you policy change notifications.
- Name (optional): for personalization of communications.
- Region and industry preferences: to filter alerts relevant to you (e.g. "EU", "FinTech").
This data is stored in our database and used exclusively for sending the alerts you requested. We do not share, sell, or transfer your email address to any third party, for any reason.
Data we do not collect
- We do not use cookies (no tracking cookies, no analytics cookies, no session cookies).
- We do not use Google Analytics, Meta Pixel, or any third-party tracking service.
- We do not collect IP addresses for profiling purposes.
- We do not fingerprint your browser or device.
- We do not serve advertising of any kind.
Local storage
We use your browser's localStorage for a single purpose: remembering whether you have accepted the Terms of Use disclaimer. This data never leaves your browser and is not transmitted to our servers. You can clear it at any time through your browser settings.
AI assistant conversations
When you use the Policy Live Assistant (chat feature), your questions are sent to our server and processed using the Google Gemini API. We do not store your conversation history. Each session is ephemeral: when you close the assistant, the conversation is gone. Google's data handling for the Gemini API is subject to Google's API Terms of Service.
Legal basis for processing (GDPR Art. 6)
- Consent (Art. 6(1)(a)): When you subscribe to email alerts, you explicitly consent to the processing of your email address for that specific purpose.
- Legitimate interest (Art. 6(1)(f)): We process minimal technical data (server logs) for security and platform stability purposes.
Your rights under GDPR
As a user located in the European Economic Area, you have the right to:
- Access your personal data and request a copy.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten"). We will delete your email and all associated data upon request.
- Withdraw consent at any time by unsubscribing from alerts or contacting us.
- Port your data in a structured, machine-readable format.
- Object to processing based on legitimate interest.
- Lodge a complaint with your national Data Protection Authority.
To exercise any of these rights, contact us at privacy@policywatcher.online. We will respond within 30 days.
Data storage and security
- Subscriber data is stored in an encrypted SQLite database hosted on our server infrastructure.
- All communications with the platform are encrypted via HTTPS/TLS.
- Access to the database is restricted and protected by API authentication.
- We do not store data longer than necessary. If you unsubscribe, your data is marked as inactive and can be permanently deleted upon request.
Data transfers
When you use the AI assistant, your query text is sent to Google Gemini API servers. Google may process this data in the United States or other countries. This transfer is covered by Google's Standard Contractual Clauses and Data Processing Addendum. No other personal data is transferred outside the EEA.
Children
PolicyWatcher is not directed at individuals under the age of 16. We do not knowingly collect personal data from children.
Changes to this policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated revision date. We will not reduce your rights under this policy without your explicit consent.