About SecureWatch

Our Story

SecureWatch was founded in 2024 by a team of security engineers who were frustrated with the state of website security monitoring. Existing solutions were either too expensive for small businesses or too complex for non-technical users to understand.

We started SecureWatch because we saw a gap in the market. Small businesses and startups need security monitoring just as much as enterprises, but existing tools are either too expensive or too complicated. We're building a solution that changes that.

Our team came together with a shared vision: security shouldn't be a luxury. We believe that every website owner deserves to know if their site is vulnerable, and they deserve to understand exactly how to fix it.

What We're Building

SecureWatch automatically scans your website for common vulnerabilities—missing security headers, outdated libraries, weak encryption, and dangerous misconfigurations. When we find something, we show you exactly how to fix it, step by step, in plain English.

Our platform is designed to be proactive, not reactive. We don't just tell you when something is wrong—we give you the tools and knowledge to fix it. Every alert includes:

• What the vulnerability is — explained in plain language
• Why it matters — the real-world impact of the issue
• How to fix it — step-by-step instructions with code examples
• Where to learn more — links to authoritative resources

Our Team

We're a small, passionate team of security engineers and product designers who have worked at companies like Google, Microsoft, and Stripe. We bring decades of combined experience in cybersecurity, cloud infrastructure, and product development.

Our Core Values

• Security First: We build with security in mind, not as an afterthought.
• Transparency: We're open about our practices, pricing, and performance.
• Simplicity: We make complex security concepts easy to understand.
• Customer Obsession: Our users come first. We listen, learn, and iterate.
• Innovation: We constantly improve our technology to stay ahead of threats.
• Community: We believe in sharing knowledge and helping others stay secure.

Our Commitment

Every business deserves good security, regardless of size or budget. That's why we offer 10 websites completely free, forever. No credit card required. No time limit.

We're committed to making the internet a safer place, one website at a time. Whether you're a solo entrepreneur, a growing startup, or an established business, SecureWatch is here to help you protect what matters most.

Privacy Policy

Effective Date: June 1, 2025

Last Updated: June 27, 2025

At SecureWatch, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services. Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Name — Your full name for personalization and communication
• Email Address — For account verification, notifications, and support
• Company Name (optional) — To better understand our user base
• Billing Information — Processed securely by Stripe; we never store full credit card numbers on our servers
• Password — Encrypted using bcrypt with a work factor of 12

1.2 Monitoring Data

To provide our security monitoring service, we collect:

• Website URLs — The websites you choose to monitor
• Uptime Metrics — Availability and response time data
• Security Scan Results — Vulnerability findings, severity levels, and remediation suggestions
• Alert History — Records of security alerts generated for your websites
• User Flow Data — Automated browser test results you create
• Heartbeat Data — Cron job monitoring results

Important: We do not access, scan, or modify your website content. All monitoring is performed from our secure infrastructure without interacting with your users.

1.3 Usage Data

We collect anonymized usage data to improve our platform:

• Page Views — Which pages you visit and how you interact with them
• Feature Usage — Which features you use most frequently
• Session Duration — How long you use the platform
• Performance Metrics — Load times and error rates

You can opt out of usage tracking in your account settings at any time.

1.4 Technical Data

For security and fraud prevention, we collect:

• IP Address — For authentication and security monitoring
• Browser Type and Version — To ensure compatibility
• Device Information — Operating system, screen size, and device type
• Referrer URL — Where you came from to reach our site

This data is retained for 30 days for security purposes.

2. How We Use Your Data

3. Security Practices

We implement a variety of security measures to maintain the safety of your personal information:

Our platform is designed using security best practices and built with SOC 2 principles in mind. We undergo regular security assessments and penetration testing.

4. Your Data Rights

Under GDPR (Europe) and CCPA (California), you have the following rights:

• Access: Request a copy of all data we hold about you at any time
• Correction: Update inaccurate information directly in your account settings
• Deletion: Permanently delete your account and all associated data using the "Delete Account" button in Settings → Account Data
• Export: Download all your monitoring data in JSON format using the "Export Data" button in Settings → Account Data
• Opt-out: Unsubscribe from marketing communications via email preferences
• Portability: Transfer your data to another service provider
• Object: Object to processing of your data for specific purposes
• Restrict: Request restriction of data processing in certain circumstances

5. Data Retention Policy

Data Type	Free Plan	Pro Plan	Business Plan
Monitoring Data	30 days	12 months	24 months
Account Data	Until deletion	Until deletion	Until deletion
Billing Records	7 years	7 years	7 years
Technical Data (IP, etc.)	30 days	30 days	30 days
Security Scan Results	30 days	12 months	24 months
User Flow Data	30 days	12 months	24 months

Billing records are retained for 7 years to comply with tax regulations.

6. Third-Party Services

We use trusted third-party services to power SecureWatch:

Service	Purpose	Data Shared
Stripe	Payment processing	Name, email, billing address, payment method
Google Cloud Firestore	Data hosting and storage	All user and monitoring data
Firebase Authentication	User authentication	Email, password hash
SendGrid	Email delivery	Email address
Postmark	Transactional emails	Email address

7. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use tracking cookies for advertising or marketing purposes.

Cookie Types We Use:

• Session Cookies: Maintain your login state across pages (expire when you close your browser)
• Preference Cookies: Remember your settings and preferences
• Security Cookies: Prevent cross-site request forgery (CSRF) attacks

8. Data Breach Notification

If we discover a data breach that may affect your personal information:

• We will notify affected users within 72 hours of discovery
• We will provide regular updates on remediation efforts
• We will report to relevant data protection authorities as required by law
• We will conduct a thorough investigation and implement preventive measures

9. Children's Privacy

SecureWatch is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last Updated" date at the top
• Notifying you via email for significant changes
• Showing a notification in the dashboard for 30 days after changes

Your continued use of SecureWatch after changes constitutes acceptance of the updated policy.

11. Contact Information

If you have any questions about this Privacy Policy, please contact us:

• Email: privacy@securewatch.com
• Address: 548 Market Street, Suite 12345, San Francisco, CA 94104
• Phone: +1 (555) 123-4567

For data protection inquiries, you may also contact our Data Protection Officer at dpo@securewatch.com.

Terms of Service

Effective Date: June 1, 2025

Last Updated: June 27, 2025

Version: 3.1

These Terms of Service ("Terms") govern your use of SecureWatch ("we", "us", "our", or "the Service"). By creating an account or using our Service, you agree to be bound by these Terms. If you do not agree to these Terms, please do not use our Service.

1. Account Terms

1.1 Eligibility

• You must be at least 18 years old to create an account
• You must provide accurate and complete information when creating your account
• You are responsible for maintaining the security of your account credentials

1.2 Account Security

• You are responsible for all activities conducted under your account
• You must notify us immediately of any unauthorized use of your account
• We recommend enabling Two-Factor Authentication (2FA) for enhanced security
• You may not share your account credentials with unauthorized users

1.3 Account Termination

We reserve the right to suspend or terminate accounts that:

• Provide false or misleading information
• Violate any applicable laws or regulations
• Engage in abusive or harmful behavior
• Attempt to bypass security measures
• Use the Service for illegal activities

2. Subscription Plans

2.1 Free Plan

• Websites: 10 websites
• Scan Type: Basic security scanning (20+ checks)
• Alerts: Email alerts
• Retention: 30-day data retention
• Support: Community support
• Features: Security Score, Site Health, Prioritized Tasks, Headers Check
• No credit card required
• No time limit

2.2 Pro Plan ($15/month)

• Websites: Unlimited websites
• Scan Type: Advanced scanning (50+ checks)
• SLA: 99.9% uptime guarantee with service credits
• Alerts: Push notifications and email alerts
• Retention: 12-month data retention
• Support: Priority email support (1-hour response)
• Features: All Free features + 2FA, User Flows, Heartbeat Monitoring, WAF Protection, Malware Removal, Backup & Restore

2.3 Business Plan ($49/month)

• Websites: Unlimited websites
• Scan Type: Advanced scanning (50+ checks)
• SLA: 99.99% uptime guarantee with service credits
• Alerts: Push notifications and email alerts
• Retention: 24-month data retention
• Support: Dedicated account manager and 24/7 support
• Features: All Pro features + Dedicated account manager, Custom SLAs, Quarterly business reviews, Advanced analytics

3. Payment and Billing

3.1 Payment Processing

• All payments are processed securely via Stripe
• We accept all major credit cards and debit cards
• We do not store full credit card numbers on our servers
• Stripe is PCI Level 1 compliant

3.2 Billing Cycle

• Plans are billed monthly in advance
• Invoices are generated at the beginning of each billing cycle
• You will receive a receipt via email after each payment
• Taxes may apply based on your location

3.3 Cancellation

• You may cancel at any time through your account settings
• Cancellation takes effect at the end of the current billing period
• No refunds for partial months
• Your data will be retained for 30 days after cancellation

3.4 Price Changes

• We reserve the right to change pricing with 30 days' notice
• Price changes will be communicated via email
• You may cancel before the price change takes effect

4. Upgrade and Downgrade Policy

4.1 Upgrades

• You may upgrade your plan at any time
• The new plan takes effect once payment is confirmed
• Pro-rated adjustments are applied for mid-cycle upgrades
• All features of the new plan become available immediately

4.2 Downgrades

• Downgrades are not available on this platform
• If you are on a higher plan, you cannot move to a lower plan
• To downgrade, you must cancel your current subscription and start a new one
• Your data will be retained for 30 days after cancellation

4.3 Duplicate Payments

• If you pay twice for an upgrade (e.g., if the first upgrade is pending), we will automatically refund the duplicate payment
• Please do not attempt to upgrade again while a previous upgrade is pending
• Contact support if you experience billing issues

5. Acceptable Use Policy

You may not use SecureWatch to:

• Monitor illegal content or websites engaged in illegal activities
• Launch attacks against any system or network
• Violate any applicable laws or regulations
• Infringe on intellectual property rights
• Distribute malware, viruses, or harmful code
• Attempt to bypass security measures or access unauthorized data
• Interfere with the proper functioning of the Service
• Harass, abuse, or threaten others
• Share account credentials with unauthorized users
• Resell or sublicense the Service without permission

6. Service Level Agreement (SLA)

6.1 Uptime Guarantee

Plan	Uptime Target	Monthly Downtime	Credit If Breached
Free	Best effort	—	—
Pro	99.9%	≈ 43 minutes	10-50%
Business	99.99%	≈ 4.3 minutes	10-50%

6.2 Service Credits

• Credits are applied to future invoices
• Maximum credit is 50% of monthly fee
• Claims must be submitted within 30 days of incident
• Exclusions apply (see below)

6.3 Exclusions

The following events are excluded from the SLA:

• Scheduled maintenance (7 days' notice provided)
• DDoS attacks exceeding 100 Gbps
• Customer-caused issues (DNS, firewall, SSL certificates)
• Force majeure (natural disasters, war, pandemic)
• Third-party cloud provider outages (AWS, GCP, Azure)
• Beta features and optional preview features
• Issues caused by user's own code or infrastructure

7. Data Security and Privacy

• All data is encrypted at rest (AES-256) and in transit (TLS 1.3)
• We comply with GDPR and CCPA regulations
• You retain full ownership of your data
• You can export or delete your data at any time
• We do not sell your personal data to third parties
• We undergo regular security assessments and penetration testing

For full details, see our Privacy Policy.

8. Intellectual Property

• SecureWatch owns all intellectual property rights to the platform
• This includes software, design, branding, and content
• You may not copy, modify, or reverse-engineer any part of the platform
• You may not use our trademarks without permission
• You retain ownership of your content and data

9. Limitation of Liability

To the maximum extent permitted by law:

• SecureWatch is not liable for indirect, incidental, or consequential damages
• Our liability is limited to the amount paid in the previous 3 months (or $100 if no payments made)
• We are not responsible for any downtime or issues caused by third-party services
• We are not responsible for any damages resulting from misuse of the Service
• We are not responsible for any damages resulting from security breaches of your own systems

10. Indemnification

You agree to indemnify and hold SecureWatch harmless from any claims, damages, or expenses arising from:

• Your use of the platform
• Violation of these terms
• Infringement of any third-party rights
• Your conduct or content

11. Term and Termination

• You may cancel your account at any time
• We reserve the right to suspend or terminate accounts for policy violations
• Upon termination, you may export your data within 30 days
• After 30 days, your data will be permanently deleted

12. Governing Law

• These terms are governed by the laws of the State of California
• Disputes shall be resolved in San Francisco County courts
• For claims under $10,000, binding arbitration is required
• Both parties agree to waive the right to a jury trial

13. Changes to Terms

• We may update these terms from time to time
• We will notify you of significant changes via email
• Continued use after changes constitutes acceptance
• We will keep a history of all versions

14. Contact

Questions about these terms? Contact us:

• Email: legal@securewatch.com
• Address: 548 Market Street, Suite 12345, San Francisco, CA 94104

Security & Compliance

🔒 Data Encryption

Encryption at Rest

AES-256 encryption for all stored data. All data is encrypted before storage in Google Cloud Firestore. Keys are managed by Google Cloud KMS with automatic rotation every 90 days. This ensures that even if physical storage media is compromised, your data remains unreadable.

Encryption in Transit

TLS 1.3 exclusively. We do not support older protocols (SSLv3, TLS 1.0, TLS 1.1) that have known vulnerabilities. All API endpoints require HTTPS with HSTS preloading. Our certificate is issued by a trusted Certificate Authority and automatically renewed.

🔐 Authentication Security

Password Security

• bcrypt hashing with a work factor of 12 (2^12 rounds)
• Each password is salted with a unique 128-bit random salt
• This prevents rainbow table attacks and makes brute-force attacks computationally expensive
• Passwords are never stored in plain text or transmitted over the network

Two-Factor Authentication (2FA)

We support TOTP (Time-based One-Time Password) with the following authenticator apps:

• Google Authenticator
• Authy
• Microsoft Authenticator
• Duo Mobile
• And any other TOTP-compatible app

2FA adds a second lock to your account - even if someone steals your password, they still need a 6-digit code from your phone. We strongly recommend enabling 2FA for all accounts.

Session Management

• Sessions expire after 1 hour of inactivity
• Failed login attempts: 5 attempts per minute, 20 per hour
• After 50 failed attempts, account is locked for 15 minutes
• All sessions are encrypted with JWT tokens (JSON Web Tokens)
• Tokens are signed with a secret rotated every 24 hours
• Users can view and manage active sessions in account settings

💾 Backups & Disaster Recovery

• Daily automated backups at 02:00 UTC with 30-day retention
• Multi-region storage: us-central1, europe-west1, asia-southeast1
• RPO: 24 hours maximum (typically 4 hours)
• RTO: 4 hours
• Quarterly DR testing with simulated failover scenarios
• Automated recovery procedures documented and tested
• Backup verification ensures data integrity

🏆 Security Standards

🔍 Vulnerability Disclosure Program

We take security seriously. If you discover a vulnerability, please report it responsibly:

Our Commitment

• Acknowledging receipt within 24 hours
• Initial assessment within 72 hours
• Fixing critical vulnerabilities (CVSS 9.0+) within 14 days
• Safe harbor for good-faith security research
• Security researchers may be eligible for recognition on our wall of thanks
• We will not take legal action against researchers who follow responsible disclosure

How to Report

• Email: security@securewatch.com
• PGP Key: Available upon request
• Include: Detailed description, steps to reproduce, impact assessment
• Do not: Access other users' data, perform destructive testing, or disclose publicly

🛡️ Infrastructure Security

• Cloud Provider: Google Cloud Platform (us-central1, europe-west1, asia-southeast1)
• Network Security: VPC isolation, Cloud Armor WAF, Cloud DDoS Protection
• Monitoring: 24/7 intrusion detection with PagerDuty alerting
• Vulnerability Scanning: Weekly automated scans, regular dependency updates
• Penetration Testing: Quarterly third-party security assessments
• Zero Trust: Strict network segmentation with no lateral movement
• Access Control: Least-privilege principle with just-in-time access
• Logging: Comprehensive audit logging with tamper-proof storage

📊 Compliance Timeline

• SOC 2 Type II: Completed (2025)
• GDPR: Compliant (2025)
• CCPA: Compliant (2025)
• PCI DSS: Level 1 via Stripe (2025)
• ISO 27001: Planned (2026)
• HIPAA: Under consideration (2027)

🔐 Security Incident Response

Our incident response plan includes:

• Detection: Continuous monitoring and automated alerts
• Containment: Immediate isolation of affected systems
• Eradication: Removal of the threat and remediation
• Recovery: Restoration of normal operations
• Post-incident: Root cause analysis and preventive measures
• Notification: Affected users notified within 72 hours

Service Level Agreement (SLA)

Version: 4.0

Effective Date: January 1, 2026

Last Updated: June 27, 2025

1. Uptime Guarantee by Plan

2. Uptime Calculation Methodology

Formula

Downtime Definition

A service is considered "down" when it cannot be reached from at least 3 geographically distinct monitoring locations for 60 consecutive seconds.

Services Covered

• Dashboard web interface
• API endpoints
• Alert Delivery system
• Scanning infrastructure

Note: Your website's uptime is excluded from this SLA and is monitored separately.

3. Service Credits for SLA Breach

Maximum Credit: 50% of monthly fee. Credits expire after 90 days and cannot be exchanged for cash.

4. How to Claim Credits

1. Submit claim through support channels within 30 days of incident
2. Include:
   • Account email
   • Affected services and timestamps (UTC)
   • Impact description and business impact
3. We verify using internal logs (typically within 5 business days)
4. Approved credits appear on next invoice as a discount
5. You will receive email confirmation of credit approval

5. Performance Metrics

6. Support Response Times

7. Exclusions

The following events are excluded from the SLA and do not qualify for service credits:

• Scheduled maintenance — 7 days' notice provided via email and dashboard notification
• DDoS attacks exceeding 100 Gbps
• Customer-caused issues — DNS, firewall, SSL certificate issues
• Force majeure — Natural disasters, war, pandemic, civil unrest
• Third-party cloud provider outages — AWS, GCP, Azure (we provide status updates)
• Beta features and optional preview features
• Issues caused by user's own code or infrastructure
• Internet connectivity issues beyond our control

8. Maintenance Windows

• Planned Maintenance: Weekly on Sundays from 02:00 - 04:00 UTC
• Notice: 7 days advance notice for all planned maintenance
• Emergency Maintenance: As needed (notice provided when possible)
• Maintenance communication: Email notifications and dashboard banner
• Maintenance duration: Typically 15-30 minutes

9. SLA Monitoring and Reporting

• Monthly uptime reports available in the dashboard
• Real-time status page at status.securewatch.com
• Email notifications for significant incidents
• Quarterly SLA reviews for Business plan customers
• Incident post-mortems available upon request for critical incidents
• Historical uptime data available for the last 12 months

10. Service Credits Request Process

To request service credits, email sla@securewatch.com with:

• Your account email
• Incident date and time (UTC)
• Description of the impact
• Support ticket number (if applicable)
• Screenshots or logs (if available)

We will acknowledge your request within 24 hours and provide a decision within 5 business days.

11. SLA Exceptions Process

In cases where the SLA cannot be met due to exceptional circumstances, we will:

• Notify affected users immediately
• Provide regular updates on the situation
• Work to restore service as quickly as possible
• Provide a post-incident report within 7 days
• Review and improve our processes to prevent recurrence

12. Definitions

• Downtime: Period when the service is unavailable
• Response Time: Time from alert to first response
• Resolution Time: Time from alert to full resolution
• Service Credit: Financial credit applied to future billing
• RPO: Recovery Point Objective - acceptable data loss
• RTO: Recovery Time Objective - acceptable downtime