Privacy Policy

Last updated: March 2026

For controller contact details, please see our Legal Notice & Contact page.

1. Controller Information

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is OnlineBuilders LLC. For our full address and contact details, please refer to our Legal Notice & Contact page.

If you have any questions about data protection, you can reach us at: info@watchfind.io

2. Data Collection Overview

Automatically Collected Data

When you visit our website, the following data is automatically collected by our systems:

  • IP address (anonymized where possible)
  • Date and time of access
  • Browser type and version
  • Operating system
  • Referring URL
  • Pages visited and time spent

Voluntarily Provided Data

We collect data that you actively provide to us:

  • Email address (registration, login, communication)
  • Display name and profile information
  • Search queries and saved filters
  • Subscription and payment information
  • Support requests and communications
  • WhatsApp phone number (if using the bot feature)

3. Legal Basis for Processing

  • Art. 6(1)(a) GDPR β€” Consent: For marketing communications, analytics cookies, and optional features
  • Art. 6(1)(b) GDPR β€” Contract Performance: For providing our services, managing subscriptions, and user account operations
  • Art. 6(1)(f) GDPR β€” Legitimate Interest: For security, fraud prevention, platform improvement, and anonymized analytics
  • Art. 6(1)(c) GDPR β€” Legal Obligation: For data retention required by tax or commercial law

4. Firebase Services

Firebase Authentication

We use Firebase Authentication by Google for user login and registration. The following data is processed:

  • Email address (for login and communication)
  • Password (stored encrypted, never accessible in plain text)
  • Login timestamps and frequency
  • IP address (for security and fraud prevention)
  • Google Sign-In profile data (if using Google authentication)

Firebase Firestore

We use Google Firestore for storing:

  • User profiles and preferences
  • Search histories and saved filters
  • Subscription status information
  • Anonymized watch offer metadata

Firebase Analytics, Crashlytics & Performance

We use Firebase Analytics to understand user behavior, Firebase Crashlytics for error reporting, and Firebase Performance Monitoring to track app performance. These services collect anonymized usage data, crash reports, and performance metrics. Data is processed by Google in accordance with their privacy policy.

5. Google Gemini AI Processing

AI-Powered Data Processing

We use Google Gemini AI (Gemini 2.5 Pro and Gemini 2.5 Flash) to parse and structure watch offer data from unstructured text sources. This processing is performed on dealer messages and does not involve personal user data. The AI extracts structured information such as brand, model, price, condition, and specifications.

For WhatsApp bot interactions, Gemini 2.5 Flash is used for natural language understanding to interpret user search queries. User messages are processed to extract search parameters but are not stored permanently beyond the session.

6. Payment Processing

Mollie (Web Payments)

Web payments are processed by Mollie B.V. (Keizersgracht 126, 1015 CW Amsterdam, Netherlands). Mollie may process your name, email, payment method details, and transaction data. We do not store credit card numbers or bank account details on our servers. Mollie's privacy policy: mollie.com/privacy

RevenueCat (Mobile Payments)

Mobile in-app purchases are managed by RevenueCat, Inc. RevenueCat processes anonymized purchase data, subscription status, and device identifiers. Actual payment processing is handled by Apple (App Store) or Google (Play Store). RevenueCat's privacy policy: revenuecat.com/privacy

7. WhatsApp Integration

We use WHAPI.Cloud as a technical provider for WhatsApp message processing. This involves two distinct use cases:

Offer Collection (Dealer Groups)

Watch offers are automatically collected from WhatsApp dealer groups. All personal dealer information (phone numbers, names) is removed during processing. Only anonymized product data is stored.

WhatsApp Bot (User Interaction)

If you connect your WhatsApp number to your watchfind.io account, the following data is processed:

  • Your WhatsApp phone number
  • Messages you send to our bot
  • Search queries and alert configurations
  • Connection status and session data

You can disconnect your WhatsApp number at any time through your account settings or by sending "/disconnect" to the bot.

8. Push Notifications (OneSignal)

We use OneSignal for sending push notifications. OneSignal may collect device identifiers, notification interaction data, and approximate location. You can opt out of push notifications at any time through your device settings or account preferences. OneSignal's privacy policy: onesignal.com/privacy_policy

9. Tracking & Analytics

Google Analytics

We use Google Analytics 4 to analyze website usage. IP addresses are anonymized. We have concluded a data processing agreement with Google. You can opt out of Google Analytics by using the Google Analytics Opt-out Browser Add-on.

AppsFlyer (Mobile Attribution)

Our mobile app uses AppsFlyer for attribution and analytics. AppsFlyer may process device identifiers, app usage data, and install attribution. AppsFlyer's privacy policy: appsflyer.com/privacy-policy

10. Hosting & Infrastructure

Firebase App Hosting (Google Cloud): Our website is hosted on Firebase App Hosting, which uses Google Cloud Platform infrastructure. Data may be processed in EU and US data centers.

Amazon Web Services (AWS RDS): Our primary database is hosted on AWS RDS (PostgreSQL) with writer and reader instances. AWS data centers are located in the EU (Frankfurt).

VPS (Python/PHP Services): Background processing services (parser, webhook handler) run on dedicated VPS servers.

11. Cookies & Local Storage

Our website uses cookies and local storage technologies:

Essential Cookies

Required for the Platform to function. Include session cookies, authentication tokens, and CSRF protection. Cannot be disabled.

Analytics Cookies

Used by Google Analytics to understand visitor behavior. Set only with your consent. Can be managed through our cookie banner.

Local Storage

Used to store user preferences (language, currency, theme), cached data for performance, and authentication state.

12. Data Retention Periods

Data CategoryRetention Period
User account dataUntil account deletion + 30 days
Watch offer data6 months after last update
Payment records10 years (tax law requirement)
Server logs90 days
WhatsApp bot sessions30 days after last interaction
Analytics data26 months (Google Analytics default)
Support communications3 years

13. Your Rights (GDPR Art. 15–21)

Under the GDPR, you have the following rights regarding your personal data:

  • Right of Access (Art. 15): You can request information about what personal data we hold about you
  • Right to Rectification (Art. 16): You can request correction of inaccurate personal data
  • Right to Erasure (Art. 17): You can request deletion of your personal data ("right to be forgotten")
  • Right to Restriction (Art. 18): You can request restriction of processing of your data
  • Right to Data Portability (Art. 20): You can request your data in a structured, machine-readable format
  • Right to Object (Art. 21): You can object to processing based on legitimate interest or for direct marketing

To exercise any of these rights, contact us at info@watchfind.io. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. The competent authority is the data protection authority of the German federal state in which you reside, or the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

14. International Data Transfers

Some of the services we use (Google/Firebase, OneSignal, AppsFlyer, RevenueCat) may transfer data to servers located in the United States. These transfers are safeguarded through:

  • EU-US Data Privacy Framework (DPF) certification of the service providers
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Additional technical and organizational safeguards

Our primary database (AWS RDS PostgreSQL) is hosted in the EU (Frankfurt, Germany).

15. Children's Privacy

Our Platform is not intended for children under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided us with personal data, we will take steps to delete such information promptly.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by email or through a prominent notice on the Platform. The "Last updated" date at the top of this policy indicates when it was last revised.

17. Data Protection Contact

For any questions or concerns regarding data protection or to exercise your rights, please contact:

Email: info@watchfind.io
Subject: Data Protection Request

For our full company address, please see our Legal Notice & Contact page.