Security & privacy

Built so file content never reaches us

This page is a sales asset for your security review. It describes exactly how Watch Dog handles data, what we store, what we don't, and who our sub-processors are — with no fabricated certifications.

Architecture summary

Watch Dog is local-first. All scanning happens in the browser; only content-free audit metadata is transmitted to your organization's isolated database.

Because inspection happens on the device, there is no vendor cloud that receives your files. This removes entire categories of risk that API- and agent-based DLP tools carry. For the full technical walkthrough, see the architecture page.

What is — and isn't — stored

We store (content-free metadata)

  • Event type (warn / block)
  • Rule matched (category, not content)
  • Destination domain
  • User & organization identifier
  • Timestamp

We never store

  • File content or file bytes
  • The sensitive values that were detected
  • Documents, screenshots, or attachments
  • Browsing history beyond monitored uploads

Tenant isolation

Audit metadata is stored in Supabase and protected with row-level security (RLS). Each organization can only ever read its own events; there is no shared, cross-tenant view of data.

Least-privilege permissions

The extension requests only the browser permissions it needs to intercept and scan uploads. No surprise telemetry, no unnecessary host access.

Compliance & certifications

We're an early-access company and we don't claim certifications we don't hold. What we can offer today is a local-first architecture where file content never leaves the device, a clear description of exactly what metadata we store, and a data processing agreement (DPA) on request. If SOC 2, HIPAA, or ISO alignment is on your roadmap for a vendor, we're glad to discuss where we are and where we're heading.

Sub-processors

Sub-processorPurpose
SupabaseAuthentication & org-isolated audit database (row-level security)
VercelMarketing site & dashboard hosting

Responsible disclosure

Found a security issue? We appreciate responsible disclosure. Email us and we'll respond quickly.

Ready to close the human-error gap in your DLP?

Book a demo to see the org dashboard, or add the free extension and try pre-upload interception yourself.