Legal

Privacy Policy

Last updated: July 2026

Data we access

Watch Dog only reads files that a user explicitly selects or drops into the browser to upload. We do not access browsing history, cookies, location data, or any other personal information beyond what is required to intercept and scan an upload.

What happens to your files

All scanning is performed locally in the browser:

  • The file's content is loaded into memory on the device.
  • Pattern, metadata, and content checks run locally to detect sensitive data.
  • The file content is discarded immediately after scanning — file bytes are never transmitted to us.

Audit metadata (organization accounts)

For organization accounts, Watch Dog records content-free audit metadata — such as the event type, the rule category matched, the destination domain, the user and organization identifier, and a timestamp. This metadata never includes file content or the sensitive values that were detected. It is stored in your organization's isolated database (Supabase), protected by row-level security so each organization can only see its own events.

No file content transmission

Watch Dog never transmits file contents to any external server. Scanning happens entirely on the device; only the content-free audit metadata described above leaves the browser, and only for organization accounts.

Permissions

  • Storage: to cache our own scripts, assets, and managed policy configuration.
  • Scripting: to inject our file-intercept logic into the pages you visit — all scanning stays local.

Sub-processors & DPA

We use Supabase (authentication and org-isolated audit database) and Vercel (hosting). A data processing agreement (DPA) is available on request.

Contact

If you have questions or concerns, email us at support.watchdogdlp@gmail.com.