Privacy Policy
Last updated: March 7, 2026
RegWatch ("regwatch.us," "we," "us," or "our") operates the RegWatch regulatory monitoring service at regwatch.us. This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your data.
1. Information We Collect
Information you provide
- Account information: email address and name when you sign up via Google OAuth or email magic link.
- Digest preferences: industry tags, preferred digest email address, send window, timezone, and frequency settings.
- Signup lead information: email address and optionally your industry, if you sign up for early access or updates before creating an account.
- Payment information: billing details are collected and processed directly by Stripe. We do not store your credit card number, CVC, or full card details on our servers.
- Communications: any information you include when you contact us at support@regwatch.us.
Information collected automatically
- Usage data: pages visited, features used, and interactions with the dashboard and digest archive.
- Email engagement: whether digest emails were delivered, opened, or bounced, as reported by our email provider.
- Device and browser information: browser type, OS, and screen size transmitted in standard HTTP requests.
- Log data: IP address, access times, and referring URLs collected in standard server logs.
2. How We Use Your Information
- Provide, maintain, and improve the Service, including delivering personalized digest emails.
- Process subscriptions and payments.
- Authenticate your identity and manage your account.
- Send transactional emails (digests, account notifications, billing receipts).
- Send occasional product updates or service announcements. You can opt out of non-transactional emails at any time.
- Monitor Service performance, detect abuse, and troubleshoot issues.
- Comply with legal obligations.
3. Third-Party Service Providers
We share data with the following providers solely to operate the Service. We do not sell your personal information.
| Provider | Purpose | Data shared |
|---|---|---|
| Supabase | Database and authentication | Account data, preferences, usage records |
| Stripe | Payment processing | Email, name, billing and payment details |
| Resend | Email delivery | Email address, digest content, delivery metadata |
| OAuth authentication | Email address, name (via Google sign-in) | |
| Vercel | Hosting and edge delivery | Standard request logs (IP, user agent) |
Each provider processes data under their own privacy policy and terms. We encourage you to review their policies.
4. Cookies and Tracking
We use cookies that are strictly necessary to operate the Service:
- Authentication cookies: to keep you signed in across pages and sessions.
- Session cookies: to maintain application state during your visit.
We do not use third-party advertising cookies or cross-site tracking pixels. If we add analytics in the future, we will update this policy accordingly.
5. Data Retention
We retain your account data and preferences for as long as your account is active.
If you cancel your subscription, we retain your account information for up to 90 days in case you resubscribe, after which it is deleted or anonymized.
Monitoring data (change events, digests, page snapshots) is retained indefinitely as part of the regulatory change archive. This data does not contain your personal information.
Signup lead emails are retained until you request removal or convert to a paid account.
6. Data Security
We use commercially reasonable measures to protect your data, including encrypted connections (HTTPS), row-level security on our database, and restricted access to production credentials. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.
7. Your Rights Under California Law (CCPA)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
- Right to know: You can request what personal information we collect, use, and disclose about you.
- Right to delete: You can request that we delete your personal information, subject to certain exceptions.
- Right to opt out of sale: We do not sell your personal information. No opt-out is necessary.
- Right to non-discrimination: We will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, email us at support@regwatch.us. We will respond within 45 days as required by law.
8. Children's Privacy
RegWatch is a business-to-business service and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a notice on the Service at least 15 days before they take effect. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.
10. Contact
Questions about this Privacy Policy or your data? Contact us at support@regwatch.us.