On this page

Privacy policy

How KWatch collects, uses and protects your data.

v1.1
Last updated: 2026-05-17
Introduction

KWatch ("we", "us", "our") is committed to protecting your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Swiss data protection law.

This policy explains what data we collect, why we collect it, and how you can exercise your rights.

Data collected
  • Account information — e-mail address, display name, hashed password.
  • OpenStack credentials — encrypted at rest (Fernet / AES-128 in CBC mode with HMAC-SHA256) and used solely to query your cloud infrastructure.
  • Cost data — cached temporarily from the OpenStack / CloudKitty APIs to display your dashboard.
  • Billing information — company name, billing address, VAT number when subscribing to a paid plan (stored alongside Stripe).
  • Audit trail — IP address, user-agent and action history kept for 30 days for security and compliance.
Purpose of processing
  • Authenticate you and manage your account.
  • Query OpenStack APIs on your behalf to display cost and resource data.
  • Send transactional e-mails (verification, password reset, invitations, cost alerts).
  • Process billing through Stripe when you subscribe to a paid plan.
  • Remember your preferences (language, currency, selected project / region).
Cookies

KWatch uses only first-party cookies. We do not run third-party analytics or advertising trackers.

Cookie Purpose Category Retention
session Keeps you signed in across pages. Essential Session
csrf_token Protects form submissions against cross-site requests. Essential Session
cce_theme Remembers your light / dark theme choice. Preference 1 year
cf_* (Turnstile) Anti-bot challenge served by Cloudflare on the login / signup pages only. Essential Session
Sub-processors

Third-party services that may process your data on our behalf. Each is bound by a data processing agreement.

Provider Purpose Location Data accessed
Infomaniak Application + database hosting (Public Cloud). 🇨🇭 Switzerland All data at rest
Stripe Payment processing for paid subscriptions. 🇮🇪 Ireland (EU) Billing information + payment method
Cloudflare Anti-bot challenge (Turnstile) on the public login + signup pages. 🇺🇸 US (regional anycast) IP address, browser fingerprint at sign-in only
Data retention

Account data is kept for as long as the account exists. Cost cache is refreshed periodically; stale entries are purged automatically. The audit trail is kept for 30 days. You may delete your account at any time from the Preferences page — this triggers immediate erasure of personal data and cancellation of any active subscription.

Your rights

Under the GDPR you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Request erasure of your data ("right to be forgotten").
  • Restrict or object to processing.
  • Data portability.

To exercise any of these rights, please reach out via the contact page.

Hosting

Application servers and database are hosted on Infomaniak Public Cloud in Switzerland (datacentres dc3-a and dc4-a). Switzerland is recognised by the European Commission as offering an adequate level of data protection.

Data controller

Kevin Allioli
contact@kwatch.cloud

Policy version 1.1 · Last updated 2026-05-17

Back