Home Privacy
Legal documents

Privacy Policy.

How WatchScope processes your data under the General Data Protection Regulation (EU) 2016/679. What we collect, where it goes, who sees it, how long it stays — and how to exercise your rights at any time.

Last updated · May 2026 Version · 3.0 Language · English
Article 01

Data controller

The data controller is WatchScope (the app and its developers), reachable at privacy@watchscope.app. For data protection requests you may contact the Data Protection Officer (DPO) at the same address.

Article 02

How we process your data

WatchScope processes personal data in compliance with the General Data Protection Regulation (EU 2016/679 — GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act as amended by the CPRA, the Brazilian Lei Geral de Proteção de Dados (LGPD), the revised Swiss FADP, and Google Play's User Data and Data Safety policies. Your collection travels encrypted in transit (TLS 1.3) and is stored on Firebase Firestore in data centres certified to ISO/IEC 27001, 27017, 27018 and SOC 2/3.

Article 03

Categories of data collected

Account data: email, Firebase user identifier, app language. Collection data: brand, model, reference, caliber, year, condition, purchase price, market value, notes, photos, service history. Technical data: timekeeping measurements (rate, amplitude, beat error, waveform samples). Diagnostic data: crash logs and anonymous identifiers via Firebase Crashlytics. Advertising data (via Google AdMob): Android advertising identifier (AAID), IP address, basic device and app information, ad interaction events — see the "Advertising" section for details and control options. We do NOT collect health, biometric, financial or precise-location data.

Article 04

Microphone audio

The microphone is used exclusively in real time to measure the balance wheel beat. No audio sample is ever saved, recorded, transmitted or used to train AI models. The audio stream is processed in memory and discarded instantly.

Article 05

Purposes and legal bases

Service delivery (contract performance, art. 6.1.b GDPR): authentication, collection sync, technical verdict computation. Security and fraud prevention (legitimate interest, art. 6.1.f): system logs, rate limiting. Product improvement (legitimate interest): aggregated and anonymous diagnostics. Legal obligations (art. 6.1.c): response to requests from competent authorities.

Article 06

Sharing and external processors

We do not sell, lease or transfer your collection data. To provide the service we rely on the following data processors: Google Ireland Ltd. (Firebase Authentication, Firestore, Crashlytics, Cloud Storage and Google AdMob for advertising — see dedicated section) and RevenueCat Inc. (subscription management, where active). The AdMob network may process advertising identifiers and ad interaction events subject to the consent you provide, modifiable at any time. If you enable the "Share profile" feature, a public version of your collection (without prices and serial numbers) becomes accessible via link until you disable it.

Article 07

Advertising (Google AdMob)

The app displays ads via Google AdMob (Google Ireland Ltd.). To serve ads, AdMob may process the Android advertising identifier (AAID), the IP address, basic device and app information, and ad interactions. For users in the European Economic Area, the United Kingdom and Switzerland, personalised ads require your prior consent under the GDPR, UK GDPR and the new Swiss FADP; without consent only non-personalised, context-based ads may be shown. You can reset or remove the AAID at any time via Android Settings › Privacy › Ads. California residents may opt out of the activity CCPA/CPRA classifies as "sharing" by writing to privacy@watchscope.app or by sending a Global Privacy Control (GPC) signal. We do not enable AdMob's child-directed mode because the app is not intended for minors (see "Minors" section). Google's advertising data practices are detailed at policies.google.com/technologies/partner-sites and policies.google.com/privacy.

Article 08

International transfers

Data is stored primarily on European servers (region europe-west1, Belgium). Any transfers to the United States occur under the European Commission's Standard Contractual Clauses (decision 2021/914) and, for Google, under the EU-U.S. Data Privacy Framework. Transfers to the United Kingdom rely on the UK International Data Transfer Addendum. Details are published in Google's and RevenueCat's notices.

Article 09

Retention

We keep account and collection data while the account is active. Upon account deletion, all data is removed from production systems within 30 days and from backups within 90 days. For fraud prevention purposes, a minimal pseudonymised record (one-way hash of the email, last known IP address and referral counters) is kept for up to 90 days on the basis of legitimate interest (art. 6(1)(f) GDPR) and then automatically deleted. Security logs are kept for up to 12 months. Aggregated and anonymous diagnostics may be retained indefinitely.

Article 10

Security

We adopt appropriate technical and organisational measures: TLS 1.3 in transit, encryption at rest, Firestore rules based on the authenticated identity, least-privilege staff access with multi-factor authentication, periodic audits. In the event of a personal data breach we notify affected users and competent authorities within 72 hours as required by art. 33 GDPR.

Article 11

Your rights

You have the right to access, rectification, erasure, restriction, portability and objection (art. 15-22 GDPR) and to withdraw consent at any time. California residents may exercise the right to know, delete, correct and limit the use of sensitive personal information, and the right not to have personal information sold or shared (CCPA/CPRA). Brazil residents have the rights under art. 18 LGPD. To exercise a right write to privacy@watchscope.app — we respond within 30 days. You are also entitled to lodge a complaint with the competent supervisory authority (e.g. the Garante per la protezione dei dati personali in Italy, the ICO in the United Kingdom, the CNIL in France, the CPPA in California).

Article 12

Account deletion

You can request complete deletion of your account directly from the app via Profile › Settings › Delete account, or by writing to privacy@watchscope.app. Deletion is permanent and removes your collection, measurements, photos and service history within the timeframes indicated in the "Retention" section.

Article 13

Minors

WatchScope is not intended for minors under 16 (or the higher age set by applicable local law) and we do not knowingly collect data from minors. If you believe a minor has provided us with personal data, contact us and we will arrange deletion.

Article 14

Cookies and tracking technologies

The app does not use HTTP cookies. We use technical identifiers (Firebase Installation ID) strictly necessary for operation and, via Google AdMob, the Android advertising identifier (AAID) for advertising purposes. See the "Advertising" section for the consent model applicable in the EEA/UK/Switzerland and for the controls at your disposal (AAID reset / removal, consent withdrawal, CCPA opt-out).

Article 15

Changes to this policy

We may update this policy to reflect changes to the service or regulatory requirements. The date of the last update is shown at the top. For material changes we will notify you in-app before they take effect.

Data Protection Officer
privacy@watchscope.app

To exercise your rights, lodge a complaint, or seek clarification about how we process your data.
We respond within 30 days.