Privacy Policy

Effective date: June 15, 2026

1. Introduction

Leoric Watch ("we", "us", "our") operates the Leoric Watch service. This Privacy Policy explains how we collect, use, store, and share personal data when you use our uptime monitoring, SSL monitoring, alerting, monthly reporting, billing, and account management features.

2. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our service to you.

Types of Data Collected:

  • Account data: Email address, display name, password hash, email verification state, monthly report preference, and authentication tokens
  • Usage data: Browser type, IP address, pages visited, time spent, and security or abuse-prevention events
  • Monitoring data: Endpoint URLs you monitor, group names, check intervals, timeout settings, degraded thresholds, response times, HTTP status codes, error logs, incidents, and SSL certificate metadata
  • Alert data: Alert channel names, destination addresses, Telegram chat IDs, Discord webhook URLs, generic webhook URLs, optional webhook headers, signing-secret metadata, notification preferences, and test-send diagnostics
  • Reporting data: Monthly uptime report preference, report recipient, report month, send status, attempt count, sent timestamp, and last error when delivery fails
  • Billing data: Paddle customer, subscription, transaction, price, invoice, payment-method summary, plan, and entitlement identifiers
  • Cookies and local storage: Authentication state, checkout state, preferences, and product-session data

3. Use of Data

Leoric Watch uses the collected data for various purposes:

  • To provide and maintain our service
  • To run uptime, degraded-response, and SSL checks for your configured monitors
  • To send alert notifications through email, Telegram, Discord, or your configured webhooks
  • To send monthly uptime summary emails unless you opt out
  • To notify you about changes to our service
  • To provide customer support
  • To process subscriptions, invoices, taxes, renewals, cancellations, and billing history through Paddle
  • To gather analysis or valuable information so that we can improve our service
  • To monitor the usage of our service
  • To detect, prevent and address technical and security issues

4. Security of Data

The security of your data is important to us. We use security measures including:

  • Password storage with bcrypt hashing
  • HTTPS/TLS encryption for data in transit
  • JWT-based authentication tokens
  • SSRF validation for monitor and webhook URLs
  • Masked owner-facing display for webhook and Discord URLs, secret-like headers, and signing secrets
  • PostgreSQL database with security best practices

However, no method of transmission over the Internet or method of electronic storage is 100% secure and we cannot guarantee absolute security.

5. GDPR Rights

As a service based in the EU (Greece), we respect your GDPR rights:

  • Right to Access: You can request access to your personal data
  • Right to Rectification: You can request correction of inaccurate data
  • Right to Erasure: You can request deletion of your data (right to be forgotten)
  • Right to Data Portability: You can request your data in portable format
  • Right to Restrict Processing: You can restrict how we process your data
  • Right to Object: You can object to processing of your personal data

6. Data Retention

We retain account, monitor, billing, and alert-channel data while your account is active and as needed to provide the service. Check results and SSL checks are retained for 60 days by default unless the configured retention period changes.

Monthly report send-state and SSL alert sent-state are retained while the owning account and monitors exist so we can prevent duplicate reports and duplicate certificate warnings. Failed report-send records may be retained so the service can retry delivery and diagnose failures.

Account deletion requires password confirmation and cannot be completed while an active paid subscription remains on the account. When deletion completes, user-owned active application records are deleted, including monitors, groups, historical check results, SSL checks, incidents, alert channels, notification settings, authentication tokens, verification tokens, monthly report send-state, and profile data.

We may retain billing, security, backup, tax, legal, fraud-prevention, dispute, and platform-level operational records where required or where we have a legitimate business need. Paddle webhook events and worker heartbeats may be preserved for reconciliation and service integrity.

7. Third-Party Services

Leoric Watch may use third-party services for:

  • Email delivery (SMTP)
  • Telegram alert delivery when you connect a bot destination
  • Discord alert delivery when you configure a Discord webhook
  • Customer-configured generic webhooks, where alert payloads are sent to URLs you provide
  • CAPTCHA verification (Cloudflare Turnstile)
  • Payment processing, tax calculation, receipts, and invoices (Paddle)
  • Advertising conversion measurement for sign-ups and campaign performance (Google Ads)

These third parties have their own privacy policies. We are not responsible for their practices.

8. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

9. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

[email protected]

Last updated: June 15, 2026

Leoric Watch | Greece

Compliant with GDPR and Greek Data Protection Law (Law 4624/2019)