Privacy Policy

Last updated: March 2025

1. Data Controller

Leo Voss
Bremen, Germany
Email: privacy@leovoss.de

2. What Data We Collect

• Account data: Email address
• Domain data: Domains you submit for monitoring
• Scan results: Breach data, paste mentions, phishing domain alerts associated with your monitored domains
• Usage data: IP address, browser type, access timestamps (for security and rate limiting)

3. Purpose of Processing

We process your data to provide the DarkWatch monitoring service, including scanning, alerting, and dashboard access.

4. Legal Basis

Art. 6(1)(b) GDPR — processing is necessary for the performance of a contract (providing the monitoring service you signed up for).

5. Data Retention

Account data and associated scan results are deleted 30 days after account deletion. Aggregated, anonymized statistics may be retained indefinitely.

6. Third Parties

• Stripe — payment processing (subject to Stripe's Privacy Policy)
• Email provider — for sending alert notifications and magic link emails

We do not sell your data to third parties.

7. Your Rights (GDPR)

You have the right to:

• Access — request a copy of your personal data
• Rectification — correct inaccurate data
• Erasure — request deletion of your data
• Data portability — receive your data in a structured, machine-readable format
• Object — object to processing in certain circumstances
• Complaint — lodge a complaint with your supervisory authority (in Germany: Die Landesbeauftragte für Datenschutz und Informationsfreiheit)

8. Contact

For any privacy-related inquiries: privacy@leovoss.de