About SecureWatch

Our Story

We started SecureWatch because we saw a gap in the market. Small businesses and startups need security monitoring just as much as enterprises, but existing tools are either too expensive or too complicated. We're building a solution that changes that.

Founded in 2024, SecureWatch was born from a simple observation: security shouldn't be a luxury. Our team of security engineers and product designers came together with a shared vision—to democratize website security and make it accessible to everyone.

What We're Building

SecureWatch automatically scans your website for common vulnerabilities—missing security headers, outdated libraries, weak encryption, and dangerous misconfigurations. When we find something, we show you exactly how to fix it, step by step, in plain English.

Our platform is designed to be proactive, not reactive. We don't just tell you when something is wrong—we give you the tools and knowledge to fix it.

Our Team

We're a small, passionate team of security engineers and product designers who have worked at companies like Google, Microsoft, and Stripe. We bring decades of combined experience in cybersecurity, cloud infrastructure, and product development.

We believe that security is a team sport. That's why we've built SecureWatch to be collaborative, transparent, and user-friendly.

Our Core Values

• Security First: We build with security in mind, not as an afterthought.
• Transparency: We're open about our practices, pricing, and performance.
• Simplicity: We make complex security concepts easy to understand.
• Customer Obsession: Our users come first. We listen, learn, and iterate.
• Innovation: We constantly improve our technology to stay ahead of threats.

Our Commitment

Every business deserves good security, regardless of size or budget. That's why we offer 10 websites completely free, forever. No credit card required. No time limit.

We're committed to making the internet a safer place, one website at a time.

← Back to Home

Privacy Policy

Effective Date: June 1, 2025

At SecureWatch, we take your privacy seriously. We never sell your personal data.

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, company name (optional), and billing information. Credit card payments are processed securely by Stripe—we never store full credit card numbers on our servers.

Monitoring Data

Website URLs you choose to monitor, uptime metrics, security scan results, and alert history. This data is encrypted and used solely to provide you with monitoring services. We do not access or modify your website content.

Usage Data

Anonymous analytics about how you use our platform to help us improve. You can opt out in account settings at any time.

Technical Data

IP address, browser type, and device information for security and fraud prevention purposes. Retained for 30 days.

2. How We Use Your Data

3. Security Practices

• Encryption at Rest: AES-256 encryption for all stored data
• Encryption in Transit: TLS 1.3 exclusively
• Access Controls: Role-based access control with least-privilege principle
• Authentication: bcrypt password hashing, optional TOTP 2FA
• Backups: Daily encrypted backups with 30-day retention
• Audit Logs: All access to sensitive data is logged and monitored

Our platform is designed using security best practices and built with SOC 2 principles in mind.

4. Your Data Rights (GDPR, CCPA)

• Access: Request a copy of all data we hold about you at any time
• Correction: Update inaccurate information directly in your account settings
• Deletion: Permanently delete your account and all associated data using the "Delete Account" button in Settings → Account Data
• Export: Download all your monitoring data in JSON format using the "Export Data" button in Settings → Account Data
• Opt-out: Unsubscribe from marketing communications via email preferences
• Portability: Transfer your data to another service provider

To exercise your data rights: Use the "Account Data" section in your dashboard settings. You can export your data or delete your account instantly without waiting.

5. Data Retention Policy

We retain monitoring data for 12 months on paid plans, 30 days on Free plans. Account data is retained until you request deletion using the "Delete Account" feature in your settings. Billing records are retained for 7 years to comply with tax regulations.

6. Third-Party Services

We use trusted third-party services to power SecureWatch:

• Stripe: Payment processing (PCI Level 1 compliant)
• Google Cloud: Data hosting and storage
• SendGrid: Email delivery for alerts
• Postmark: Transactional emails

7. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use tracking cookies for advertising or marketing purposes.

8. Data Breach Notification

If we discover a data breach, we will notify affected users within 72 hours via email and provide regular updates on remediation efforts.

← Back to Home

Terms of Service

Effective Date: June 1, 2025 | Version: 3.1

1. Account Terms

You must be at least 18 years old. You are responsible for your account credentials. You may not share your account credentials with unauthorized users. You are liable for all activities conducted under your account.

We reserve the right to suspend accounts that provide false information, violate laws, or engage in abusive behavior.

2. Subscription Plans

Free Plan

10 websites · Basic security scanning · Email alerts · 30-day retention · No credit card required · No time limit

Pro Plan ($15/month)

Unlimited websites · Advanced security scanning (50+ checks) · 99.9% SLA with service credits · Push notifications · 2FA security · Priority email support · 12-month data retention · WAF Protection · Malware Removal · Backup & Restore · Security Headers

Business Plan ($49/month)

Everything in Pro plus: Dedicated account manager · 99.99% SLA · Quarterly business reviews · 24/7 AI support · 24-month data retention · Custom reporting

3. Payment and Billing

All payments are processed securely via Stripe. Plans are billed monthly in advance. You may cancel at any time through your account settings. No refunds for partial months.

Taxes may apply based on your location. We reserve the right to change pricing with 30 days' notice.

4. Upgrade and Downgrade Policy

Upgrades: You may upgrade your plan at any time. The new plan takes effect once the admin confirms your payment.

Downgrades: Downgrades are not available. If you are on a higher plan, you cannot move to a lower plan. To downgrade, you must cancel your current subscription and start a new one.

Duplicate Payments: If you pay twice for an upgrade (e.g., if the first upgrade is pending), we will automatically refund the duplicate payment. Please do not attempt to upgrade again while a previous upgrade is pending.

5. Acceptable Use Policy

You may not use SecureWatch to:

• Monitor illegal content or websites engaged in illegal activities
• Launch attacks against any system or network
• Violate any applicable laws or regulations
• Infringe on intellectual property rights
• Distribute malware, viruses, or harmful code
• Attempt to bypass security measures or access unauthorized data

6. Service Level Agreement (SLA)

Credits are applied to future invoices. Maximum credit is 50% of monthly fee. Claims must be submitted within 30 days of incident.

7. Data Security and Privacy

We take data security seriously. All data is encrypted at rest (AES-256) and in transit (TLS 1.3). We comply with GDPR and CCPA regulations. You retain full ownership of your data and can export or delete it at any time.

For full details, see our Privacy Policy.

8. Intellectual Property

SecureWatch owns all intellectual property rights to the platform, including software, design, and branding. You may not copy, modify, or reverse-engineer any part of the platform.

9. Limitation of Liability

To the maximum extent permitted by law:

• SecureWatch is not liable for indirect, incidental, or consequential damages
• Our liability is limited to the amount paid in the previous 3 months (or $100 if no payments made)
• We are not responsible for any downtime or issues caused by third-party services

10. Indemnification

You agree to indemnify and hold SecureWatch harmless from any claims, damages, or expenses arising from your use of the platform, violation of these terms, or infringement of any third-party rights.

11. Term and Termination

You may cancel your account at any time. We reserve the right to suspend or terminate accounts for policy violations. Upon termination, you may export your data within 30 days before it is permanently deleted.

12. Governing Law

These terms are governed by the laws of the State of California. Disputes shall be resolved in San Francisco County courts or binding arbitration for claims under $10,000.

13. Changes to Terms

We may update these terms from time to time. We will notify you of significant changes via email. Continued use after changes constitutes acceptance.

14. Contact

Questions about these terms? Contact us or email support@securewatch.com.

← Back to Home

Security & Compliance

🔒 Data Encryption

At Rest

AES-256 encryption for all stored data. All data is encrypted before storage in Google Cloud Firestore. Keys are managed by Google Cloud KMS with automatic rotation every 90 days.

In Transit

TLS 1.3 exclusively. We do not support older protocols (SSLv3, TLS 1.0, TLS 1.1) that have known vulnerabilities. All API endpoints require HTTPS with HSTS preloading.

🔐 Authentication Security

Password Security

bcrypt hashing with a work factor of 12. Each password is salted (unique 128-bit random data) before hashing to prevent rainbow table attacks.

Two-Factor Authentication (2FA)

We support TOTP (Google Authenticator, Authy, Microsoft Authenticator). 2FA adds a second lock to your account - even if someone steals your password, they still need a 6-digit code from your phone.

Session Management

• Sessions expire after 1 hour of inactivity
• Failed login attempts: 5 attempts per minute, 20 per hour
• After 50 failed attempts, account is locked for 15 minutes
• All sessions are encrypted with JWT tokens

💾 Backups & Disaster Recovery

• Daily automated backups at 02:00 UTC with 30-day retention
• Multi-region storage: us-central1, europe-west1, asia-southeast1
• RPO: 24 hours maximum (typically 4 hours)
• RTO: 4 hours
• Quarterly DR testing with simulated failover scenarios

🏆 Security Standards

• Designed with SOC 2 principles - Built following industry security standards
• GDPR Compliant - EU data protection laws
• CCPA Compliant - California privacy rights
• PCI DSS Level 1 - Payment security via Stripe
• ISO 27001 - Information security management (in progress)

🔍 Vulnerability Disclosure Program

We take security seriously. If you discover a vulnerability, please report it responsibly:

• Acknowledging receipt within 24 hours
• Initial assessment within 72 hours
• Fixing critical vulnerabilities (CVSS 9.0+) within 14 days
• Safe harbor for good-faith security research
• Security researchers may be eligible for recognition on our wall of thanks

Report security issues to: security@securewatch.com

🛡️ Infrastructure Security

• Cloud Provider: Google Cloud Platform (us-central1, europe-west1, asia-southeast1)
• Network Security: VPC isolation, Cloud Armor WAF, Cloud DDoS Protection
• Monitoring: 24/7 intrusion detection with PagerDuty alerting
• Vulnerability Scanning: Weekly automated scans, regular dependency updates
• Penetration Testing: Quarterly third-party security assessments
• Zero Trust: Strict network segmentation with no lateral movement

📊 Compliance Timeline

• SOC 2 Type II: Completed (2025)
• GDPR: Compliant (2025)
• CCPA: Compliant (2025)
• ISO 27001: Planned (2026)

← Back to Home

Service Level Agreement (SLA)

Version: 4.0 | Effective Date: January 1, 2026

1. Uptime Guarantee by Plan

2. Uptime Calculation Methodology

Formula: Uptime % = (Total Time - Downtime) / Total Time × 100%

Downtime Definition: A service is considered "down" when it cannot be reached from at least 3 geographically distinct monitoring locations for 60 consecutive seconds.

Services Covered: Dashboard, API endpoints, and Alert Delivery system. Your website's uptime is excluded from this SLA.

3. Service Credits for SLA Breach

Maximum Credit: 50% of monthly fee. Credits expire after 90 days and cannot be exchanged for cash.

4. How to Claim Credits

1. Submit claim through support channels within 30 days of incident
2. Include account email, affected services/timestamps, and impact description
3. We verify using internal logs (typically within 5 business days)
4. Approved credits appear on next invoice as a discount

5. Performance Metrics

• API Response Time: < 200ms (p95)
• Alert Delivery Time: < 30 seconds
• Dashboard Load Time: < 2 seconds
• Scan Completion: < 5 minutes per website

6. Support Response Times

7. Exclusions

• Scheduled maintenance (7 days' notice provided)
• DDoS attacks exceeding 100 Gbps
• Customer-caused issues (DNS, firewall, SSL certificates)
• Force majeure (natural disasters, war, pandemic)
• Third-party cloud provider outages (AWS, GCP, Azure)
• Beta features and optional preview features
• Issues caused by user's own code or infrastructure

8. Maintenance Windows

• Planned Maintenance: Weekly on Sundays from 02:00 - 04:00 UTC
• 7 days advance notice for all planned maintenance
• Emergency maintenance as needed (notice provided when possible)

9. SLA Monitoring and Reporting

• Monthly uptime reports available in the dashboard
• Real-time status page at status.securewatch.com
• Email notifications for significant incidents
• Quarterly SLA reviews for Business plan customers

10. Service Credits Request Process

To request service credits, email sla@securewatch.com with:

• Your account email
• Incident date and time (UTC)
• Description of the impact
• Support ticket number (if applicable)

← Back to Home