Privacy Policy

Effective: April 2026

The short version: We collect what we need to run the service — your email, the metrics your agents send, and payment info through Stripe. We don't sell your data. We don't use tracking cookies. The agent is open source so you can verify exactly what it collects.

1. What We Collect

Account information:

Email address (required for signup and notifications)
Display name (optional)
Hashed password (we never store plaintext passwords)

Metrics data:

System metrics sent by your Labwatch agents (CPU, memory, disk, network, temperatures, etc.)
Host identifiers (hostname, agent ID) to associate metrics with your infrastructure
This is the core data that powers dashboards and alerts

Usage data:

Login timestamps and IP addresses (for security)
Feature usage patterns (which pages you visit, which features you use)
Browser type and screen size (for improving the UI)

Payment information:

Processed entirely by Stripe. We never see or store your full card number.
We store your Stripe customer ID and subscription status on our end.

2. How We Use Your Data

Provide the service: Store and display your metrics, trigger alerts, manage your account.
Send notifications: Alert emails when your systems need attention, account-related emails (verification, password reset).
Improve the product: Understand how people use Labwatch so we can make it better. We look at aggregate patterns, not individual accounts.
Security: Detect abuse, prevent unauthorized access, investigate incidents.

3. Data Storage

Your data is stored in SQLite databases on our servers.
Encryption at rest is planned but not yet implemented. Connections to the API and dashboard are encrypted via TLS.
We maintain regular backups. Backup retention varies by plan.
Our infrastructure is hosted in Europe.

4. Third Parties

We share data with a very limited set of third parties, only as needed to operate the service:

Stripe — payment processing. They have their own privacy policy.
SMTP provider — for sending transactional emails (verification, alerts, password resets).

We do not sell, rent, or share your data with advertisers, data brokers, or anyone else. Your metrics data is yours.

5. Data Retention

Metrics data: Retained according to your plan's limits (e.g., 24 hours on free, longer on paid plans). Older data is automatically purged.
Account data: Kept as long as your account exists. When you delete your account, we remove your data from our systems.
Backups: Deleted account data may persist in backups for up to 30 days before being purged.

6. Your Rights

You can:

Access your data — everything is visible in your dashboard. For a full export, email us.
Delete your account and all associated data from your account settings.
Export your metrics data — email us and we'll provide a dump.
Correct your account information at any time from the dashboard.

To exercise any of these rights, you can use the dashboard or email team@labwatch.dev.

7. Cookies

We use a single cookie: lw_token. It's a JWT (JSON Web Token) used to keep you logged in. That's it.

No tracking cookies.
No third-party analytics cookies.
No cookie banners needed because we're not doing anything shady.

8. The Open Source Agent

The Labwatch agent is open source (MIT License). You can read every line of code to see exactly what data it collects and sends. The agent only reports the metrics you configure — nothing more. It doesn't phone home, doesn't collect telemetry about itself, and doesn't send data anywhere except the Labwatch API endpoint you configure.

9. GDPR and International Users

Labwatch is operated by a small team based in Switzerland. We respect the principles of GDPR and similar data protection regulations:

We collect only what's necessary to provide the service.
We process data based on your consent (by creating an account) and our legitimate interest in operating the service.
We'll comply with reasonable data access, deletion, and portability requests.
If you're in the EU/EEA, Switzerland's data protection is recognized as adequate by the European Commission.

We're not a large corporation with a dedicated DPO, but we take your privacy seriously and will work with you on any concerns.

10. Changes to This Policy

If we update this privacy policy, we'll post the changes here and update the effective date. For significant changes, we'll notify you by email. Your continued use of Labwatch after changes take effect means you accept the updated policy.

Questions or concerns about your privacy? Email us at team@labwatch.dev.