1. Who We Are
STRWatch ("Company," "we," "us") operates the website www.strwatch.io and the application at app.strwatch.io. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Service.
If you have questions, contact us at privacy@strwatch.io.
2. Information We Collect
We collect the following types of personal information:
| Data Type | Examples | How Collected |
|---|---|---|
| Account information | Name, email address | Provided by you at sign-up (via Clerk authentication) |
| Market preferences | Cities you choose to monitor | Provided by you in the dashboard |
| Payment information | Payment method, billing address | Collected by Stripe (our payment processor) — we do not store card numbers |
| Waitlist information | Email address | Provided by you via the waitlist form |
| Usage data | Pages viewed, features used, alert open rates | Collected automatically via server logs |
| Device information | Browser type, IP address, operating system | Collected automatically via server logs |
We do not collect property addresses, rental income, guest information, or any data from your Airbnb, VRBO, or other platform accounts.
3. How We Use Your Information
We use your personal information for the following purposes:
- Service delivery: To send you regulation alerts, deadline reminders, and compliance checklists personalized to your selected markets
- Account management: To create and maintain your account, process payments, and manage your subscription
- Communication: To send transactional emails (alerts, receipts, account updates) and, if you opt in, product updates and newsletters
- Service improvement: To understand how users interact with STRWatch and improve our features, performance, and reliability
- Legal compliance: To comply with applicable laws and respond to lawful requests from public authorities
We will never sell your personal information to third parties.
4. Third-Party Services
We use the following third-party services that may process your data:
| Service | Purpose | Data Shared |
|---|---|---|
| Clerk | Authentication & account management | Email, name, login activity |
| Supabase | Database (market preferences, alert history) | User ID, selected cities, alert records |
| Stripe | Payment processing | Payment method, billing details (Stripe handles PCI compliance) |
| Resend | Transactional email delivery | Email address, email content |
| Twilio | SMS alert delivery | Phone number, SMS content |
| Vercel | Website and application hosting | Server logs (IP, user agent) |
Each of these services maintains its own privacy policy. We encourage you to review them. We only share the minimum data necessary for each service to function.
5. Cookies
STRWatch uses essential cookies required for authentication and session management. We do not use advertising or tracking cookies. Our authentication provider (Clerk) sets cookies necessary to keep you logged in.
You can control cookies through your browser settings. Disabling essential cookies may prevent you from using the Service.
6. Data Retention
We retain your personal information as follows:
- Account data: Retained while your account is active and for 30 days after deletion request
- Alert history: Retained while your account is active
- Payment records: Retained for 7 years as required for tax and accounting purposes
- Waitlist emails: Retained until you unsubscribe or request deletion
- Server logs: Retained for 90 days
7. Data Security
We implement reasonable technical and organizational measures to protect your data, including:
- Encryption in transit (TLS/HTTPS on all connections)
- Authentication via Clerk (no passwords stored by STRWatch)
- Payment processing handled entirely by Stripe (PCI DSS compliant)
- Database access restricted to authenticated service accounts
- Row-level security (RLS) on user data in Supabase
No system is 100% secure. While we take reasonable steps to protect your information, we cannot guarantee absolute security.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the personal data we hold about you
- Correction: Request that we correct inaccurate data
- Deletion: Request that we delete your personal data
- Portability: Request your data in a portable format
- Opt-out: Unsubscribe from non-essential communications at any time
To exercise any of these rights, email privacy@strwatch.io. We will respond within 30 days.
9. California Residents (CCPA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):
- The right to know what personal information we collect and how it is used
- The right to request deletion of your personal information
- The right to opt out of the sale of personal information — we do not sell your data
- The right to non-discrimination for exercising your privacy rights
10. Children's Privacy
STRWatch is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.
11. International Data Transfers
STRWatch is operated in the United States. If you access the Service from outside the US, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.
12. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or through the Service at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when this policy was most recently revised.
13. Contact Us
For privacy-related questions or requests:
STRWatch
Email: privacy@strwatch.io
Web: www.strwatch.io