Overview

PkgWatch ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our package health monitoring service.

Information We Collect

Account Information

When you sign up for PkgWatch, we collect:

Email address (for account authentication and communication)
API usage data (request counts, timestamps)

API Usage Data

When you use our API, we collect:

Package names queried (e.g., "express", "lodash")
Request timestamps and IP addresses (for rate limiting and abuse prevention)
API key identifiers (not the keys themselves)
Request metadata (HTTP method, response status codes)

What We Do NOT Collect

Your source code
The contents of your package.json files (only package names)
Any personal data beyond email addresses

How We Use Your Information

To provide and maintain our service
To enforce rate limits and prevent abuse
To send transactional emails (magic links, API key notifications)
To improve our service based on aggregate usage patterns

Data Storage and Security

Your data is stored securely on AWS infrastructure in the United States. We implement industry-standard security measures including:

Encryption in transit (TLS 1.2+)
Encryption at rest for all stored data
API key hashing (we cannot see your full API keys)

Data Retention

We retain different types of data for different periods:

Account data: Retained for as long as your account is active
API usage counts: Reset monthly, historical counts retained for billing purposes
Rate limiting data: Automatically deleted within 24-48 hours
Application logs: Retained for 30 days for debugging and security purposes
Billing records: Retained as required by law (typically 7 years)

You may request deletion of your account and associated data at any time by contacting us.

Third-Party Services

We use the following third-party services:

AWS - Infrastructure and data storage
Stripe - Payment processing (for paid tiers)
Plausible Analytics - Privacy-focused website analytics (no cookies, no personal data)

Your Rights

You have the right to:

Access the personal data we hold about you
Request correction of inaccurate data
Request deletion of your data
Export your data in a portable format

To exercise these rights, contact us at [email protected].

Cookies

We do not use tracking cookies. We use Plausible Analytics, which is cookie-free and does not track individual users. Session authentication uses secure HTTP-only cookies that are essential for the service to function.

International Data Transfers (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, please note that your data is transferred to and processed in the United States where our infrastructure is hosted.

We rely on the following legal bases for processing your data:

Contract performance: Processing necessary to provide the Service you requested
Legitimate interests: Processing for fraud prevention, security, and service improvement
Legal obligations: Processing required to comply with applicable laws

For international transfers, we use Standard Contractual Clauses approved by the European Commission. You have the right to request a copy of these safeguards by contacting us.

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know: What personal information we collect and how it is used
Right to delete: Request deletion of your personal information
Right to opt-out: We do not sell personal information to third parties
Right to non-discrimination: We will not discriminate against you for exercising these rights

To exercise these rights, contact us at [email protected].

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us at [email protected].