Privacy policy
Last Updated: 12 June 2026
This Privacy Policy describes how Anthony DePasquale (“we”, “us”, “our”) collects, uses, and protects your information when you download and use Watchful (“the App”).
Data Controller: Anthony DePasquale – Calle del Dr. Castelo, 44 – 28009 Madrid, Spain – [email protected]
Your privacy is at the core of how we designed Watchful. Our fundamental promise is simple: We do not collect, view, or process your photos and videos.
Information We Do Not Collect
- Your Photos and Videos: All photos and videos captured by Watchful are stored on your device or, if you enable iCloud, in your private iCloud account. They are never uploaded to or processed by our servers.
- Live Video Streams: All live video streams are end-to-end encrypted. This means that only you, on your authorized devices, can view the video feed. We cannot decrypt or view your stream.
Information We Collect
To provide the App’s functionality, we collect a minimal amount of data. Under the GDPR, we must have a valid legal basis for processing your data.
- Service and Connection Data
- Data Collected: Your IP address and related connection data (timestamps)
- Purposes and Legal Bases (GDPR)
- To provide the service: We temporarily use your IP address to establish a connection with our servers and with our partner Twilio, which is necessary to facilitate live video streaming between your devices.
- Legal Basis (GDPR): Performance of a Contract (to provide the core functionality of the App).
- For security, performance, and abuse prevention: To protect our service from abuse, we process a pseudonymous hash of your IP address. We also generate aggregated, anonymous statistics in order to monitor server load.
- Legal Basis (GDPR): Legitimate Interest. Our legitimate interest is in maintaining the security, stability, and operational integrity of our services.
- For billing: Our partner Twilio logs request timestamps, data center regions, and the amount of data transmitted for billing purposes. This data is typically stored by Twilio for a period of one month.
- Legal Basis (GDPR): Performance of a Contract and Legitimate Interest.
- To provide the service: We temporarily use your IP address to establish a connection with our servers and with our partner Twilio, which is necessary to facilitate live video streaming between your devices.
- Purposes and Legal Bases (GDPR)
- Data Collected: Your IP address and related connection data (timestamps)
- Purchase Information
- Data Collected: When you make a purchase or start a trial, Apple provides us with a pseudonymous purchase identifier and basic transaction information (e.g., subscription start date, product purchased). We do not receive your name, email address, Apple ID, or payment details.
- Purpose
- To validate purchases that unlock premium features
- Legal Basis (GDPR): Performance of a Contract
- For internal, anonymized financial reporting
- Legal Basis (GDPR): Legitimate Interest
- To validate purchases that unlock premium features
- Anonymized Crash and Performance Data
- Data Collected: If you opt in to share diagnostics with app developers on your device, we may receive anonymized reports from Apple containing information about app crashes or performance issues. This data is fully anonymized and cannot be tied to an individual user.
- Purpose: To identify errors and improve the stability and performance of the App.
- Legal Basis (GDPR): Consent (you provide your consent for this processing by opting to share this data through your device’s system settings, and you can withdraw it at any time).
- Public Reviews from the App Store
- Data Collected: When you post a review on the Apple App Store, we may collect a copy of that review using Apple’s public APIs. This includes your username as it appears on the App Store and the content of your review.
- Purpose: To better understand our users’ feedback, identify bugs or potential improvements, and respond to customer service issues.
- Legal Basis (GDPR): Legitimate Interest. Our legitimate interest is in improving our App and services based on the public feedback provided by users.
Data Storage and Security
- On-Device and iCloud Storage: Your photos and videos are stored on your device or in your private iCloud storage.
- Server Security: We implement appropriate technical and organizational measures to protect the minimal personal data we process. This includes encrypting data in transit and at rest and restricting access to our systems.
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected.
- Service and Connection Data (IP Address): Your IP address is processed for the duration of the live video session for the purpose of establishing the connection. A pseudonymous hash of your IP address, used for abuse prevention, may be retained for up to 24 hours.
- Purchase Information: We retain pseudonymous purchase identifiers for as long as you have an active subscription or purchase and for a reasonable period thereafter to comply with legal and financial reporting obligations.
- Public Feedback and Reviews: We may retain a copy of App Store reviews for as long as they are relevant to our product development and improvement cycles.
Third-Party Services
We rely on the following third-party services to provide the App:
- Apple (App Store & iCloud): For processing in-app purchases and, if you choose to use iCloud, for cloud storage of your media. You can review Apple’s privacy policy here.
- Twilio: For facilitating the WebRTC connection for live video streaming. You can review Twilio’s privacy policy here.
- DigitalOcean: For hosting the server infrastructure that supports the App’s connectivity. You can review DigitalOcean’s privacy policy here.
International Data Transfers
We use service providers in the United States to operate the App. To ensure all data transfers from the EEA, UK, and Switzerland are lawful, we rely on appropriate data transfer mechanisms.
For transfers to U.S. providers certified under the EU-U.S. Data Privacy Framework (DPF), the UK Extension to the DPF, and the Swiss-U.S. DPF, we rely on their certification. This applies to our use of Twilio and DigitalOcean.
In addition, and as a fallback mechanism, our agreements with all third-party providers include the European Commission’s Standard Contractual Clauses (SCCs) to ensure your data is protected to a standard equivalent to that of the EU.
Your Data Rights
You have certain rights regarding the personal data we hold about you.
For Residents of the EEA, UK, and Switzerland:
You have the following rights under the GDPR:
- Right of Access: To ask for a copy of the data we hold about you.
- Right to Rectification: To ask us to correct any inaccurate information.
- Right to Erasure (Right to be Forgotten): To request the deletion of your data.
- Right to Restrict Processing: To ask us to temporarily halt the processing of your data.
- Right to Data Portability: To ask for your data in a structured, machine-readable format.
- Right to Object: To object to our processing of your data where we rely on legitimate interest as our legal basis.
- Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority. For users in Spain, this is the Agencia Española de Protección de Datos (AEPD).
For Residents of California:
You have the following rights under the CCPA/CPRA:
- Right to Know: To know what personal information we have collected about you, including the categories of information, the sources, the purposes for collecting it, and the categories of third parties to whom we disclose it.
- Right to Delete: To request the deletion of your personal information.
- Right to Correct: To request the correction of inaccurate personal information.
- Right to Opt Out of Sale/Sharing: You have the right to opt out of the “sale” or “sharing” of your personal information. We do not “sell” or “share” your personal information as those terms are defined under the CCPA.
- Right to Limit Use of Sensitive Personal Information: The CCPA allows you to limit the use of your sensitive personal information. We do not collect any sensitive personal information.
- Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.
How to Exercise Your Rights: To exercise any of these rights, please email us at [email protected]. As we collect very little personal data, we need to verify your request. To delete your purchase history, please include a copy of the purchase receipt from Apple so we can locate the corresponding pseudonymous identifier.
Children’s Privacy
The App is not intended for or directed at individuals under the age of 16 in the EEA/UK, 14 in Quebec (Canada), or 13 in the United States. We do not knowingly collect personal data from children. If we become aware that we have, we will take steps to delete such information immediately.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The latest version will always be published on this page with the “last updated” date at the top. If we make a material change, we will notify you through a prominent notice in the App.
Contact Us
If you have any questions or concerns about this Privacy Policy, please contact us at [email protected].