Your files stay on the device. Full stop.
Watch Dog is local-first by design. All scanning happens in the browser, and only content-free audit metadata ever leaves it — the opposite of API/agent DLP that ships your data to a vendor cloud.
API/agent DLP vs. Watch Dog
Where your file content actually goes tells you everything about the risk.
File content is shipped off-device to a third-party cloud to be scanned. More surface area, more risk, a harder privacy review.
Scanning happens in the browser. Only content-free audit metadata reaches your org's isolated database. File bytes never leave the machine.
How local-first keeps data safe
Scanning is 100% on-device
Every scan runs in the browser. File bytes are never uploaded to Watch Dog or any third party to be inspected.
Temporary data is purged
Once a scan completes, Watch Dog discards the working data it used. Nothing lingers and nothing is transmitted.
Only metadata is stored
The dashboard receives content-free audit metadata — event, rule matched, domain, user, timestamp — never file content.
Isolated per organization
Audit data lives in your org's Supabase, protected by row-level security so tenants can never see each other's events.
The easiest privacy review you'll do this quarter.
When file content never leaves the device, most of the hard questions in a vendor security review simply don't apply. We're happy to walk your team through the architecture and provide a DPA on request.
Ready to close the human-error gap in your DLP?
Book a demo to see the org dashboard, or add the free extension and try pre-upload interception yourself.