WatchSpies

Privacy Policy

Effective Date: March 20, 2026 · Last Updated: March 20, 2026

1. Introduction and Who We Are

WatchSpies (“we”, “us”, “our”) operates watchspies.com, a watch listing aggregator that collects and displays secondhand watch listings from public forums, marketplaces, and classified advertisement websites. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our website and services.

By creating an account or using WatchSpies, you agree to the collection and use of information as described in this Privacy Policy.

For privacy questions or requests, contact us at: info@watchspies.com

2. Information We Collect

2.1 Information You Provide Directly

  • Account registration: email address and password (password is hashed — we never store plaintext passwords)
  • Profile information: optional display name
  • User preferences: saved search alerts, filter preferences, email notification settings
  • Seller following: list of forum sellers you choose to follow
  • Collection tracking: watch items you manually add to your personal collection tracker
  • Communications: messages you send to our support email

2.2 Information Collected Automatically

  • Usage data: pages visited, search queries entered, filters applied, listings clicked
  • Device information: browser type, operating system, screen resolution
  • IP address: collected for security and analytics purposes, stored in hashed form where possible
  • Referral source: which website or search query brought you to WatchSpies

2.3 Information from Third Parties

  • Listing data: Watch listing information scraped from publicly available sources including Reddit (r/Watchexchange, r/watch_swap), WatchUSeek classifieds, and eBay. This data is publicly posted by third-party sellers and does not constitute personal information we collect about our users.
  • Price data:Historical sold prices from multiple sources which may include but not be limited to eBay and public auction results from Christie's, Phillips, and Sotheby's watch auctions.
  • News content:Article summaries derived from RSS feeds published by watch industry publications which may include but not be limited to Hodinkee, Fratello Watches, worn&wound, A Blog To Watch, and WatchPro.

3. How We Use Your Information

3.1 To Provide Our Services

  • Authenticating your account and maintaining your session
  • Storing and displaying your saved search alerts
  • Sending alert notification emails when new listings match your saved searches
  • Displaying your followed sellers and their recent listings
  • Tracking your personal watch collection and estimated portfolio value

3.2 To Improve Our Services

  • Analyzing which search filters and features are most used
  • Understanding which listing sources provide the most value
  • Identifying and fixing technical errors and performance issues

3.3 To Communicate With You

  • Sending transactional emails: account verification, password reset, search alert notifications
  • Responding to support requests
  • We do not send marketing emails unless you explicitly opt in

3.4 Legal and Safety Purposes

  • Complying with applicable laws and regulations
  • Enforcing our Terms of Service
  • Protecting against fraud, abuse, and security threats

4. Affiliate Links and Third-Party Services

WatchSpies may in the future participate in affiliate marketing programs. When you click certain outbound links — including links to eBay listings, Jomashop, WatchBox, Amazon, B&H Photo, and other retailers — we may earn a commission if you make a purchase. These links are tracked using affiliate identifiers embedded in the URL.

Note:Clicking an affiliate link will share your visit data with the retailer and affiliate network (eBay Partner Network, CJ Affiliate, Amazon Associates). Each retailer's own privacy policy governs their use of that data. We do not share your WatchSpies account information with these third parties.

5. Data Retention

We retain your data for the following periods:

  • Account information (email, password hash): Until you delete your account, plus 30 days
  • Saved alerts and preferences: Until you delete them or close your account
  • Collection tracking data: Until you delete individual items or close your account
  • Usage analytics: 24 months in aggregated, anonymized form
  • Error logs (Sentry): 90 days
  • Email delivery logs (Resend): 30 days
  • Affiliate click data: 13 months (required by affiliate program terms)

Listing data scraped from public sources is retained indefinitely as price history data, but this does not contain personal information about our users.

6. Your Rights and Choices

6.1 Rights Available to All Users

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your account and associated personal data
  • Export: Request your data in a portable format
  • Opt-out of alert emails: Unsubscribe via the link in any alert email, or toggle off in Dashboard → Account Settings

6.2 Additional Rights for EEA/UK Users (GDPR)

  • Right to object to processing based on legitimate interests
  • Right to restrict processing in certain circumstances
  • Right to lodge a complaint with your local data protection authority

Our legal bases for processing under GDPR: contractual necessity (providing the services you signed up for), legitimate interests (analytics, security, improving the service), and consent (marketing emails, where applicable).

6.3 Additional Rights for California Residents (CCPA/CPRA)

  • Right to know what categories of personal information we collect and why
  • Right to delete personal information
  • Right to opt-out of the sale of personal information

We do not sell personal information to third parties. We do not share personal information with third parties for cross-context behavioral advertising.

6.4 How to Exercise Your Rights

Submit requests to: info@watchspies.com

We will respond within 30 days (45 days for complex requests). We may require identity verification before processing deletion or export requests.

7. Cookies, Analytics, and Tracking

7.1 Cookies We Use

WatchSpies uses a single cookie:

CookiePurposeType
sb-*-auth-tokenSupabase session — keeps you logged inStrictly necessary

7.2 Analytics — Plausible

WatchSpies uses Plausible Analytics to understand how visitors use the site. Plausible is designed to be fully privacy-respecting:

  • No cookies are set by Plausible
  • No personal data is collected
  • No cross-site tracking or fingerprinting
  • IP addresses are not stored
  • Data is not shared with advertisers or third parties
  • Fully compliant with GDPR, CCPA, and PECR — no cookie consent banner required

More information: plausible.io/privacy

7.3 What We Do NOT Use

  • Google Analytics or Google Tag Manager
  • Facebook Pixel or any Meta tracking
  • Advertising or retargeting cookies
  • Third-party tracking SDKs of any kind

7.4 Why No Cookie Banner Is Required

Because WatchSpies uses only one strictly necessary cookie (the Supabase session cookie required to keep you logged in) and a cookieless analytics service (Plausible), we are not required to display a cookie consent banner under GDPR, the ePrivacy Directive, CCPA, or PECR. The session cookie is exempt from consent requirements because it is essential to provide the service you have requested.

7.5 Future Changes

If WatchSpies adds any non-essential cookies, tracking pixels, or analytics that require consent, we will update this section and add a cookie consent mechanism before deploying those changes.

7.6 Managing Cookies

You can control cookies through your browser settings. Deleting or blocking the sb-auth-token cookie will log you out of WatchSpies and prevent you from logging in. No other WatchSpies functionality is affected by cookie settings.

8. Data Security

We implement industry-standard security measures including:

  • Passwords are hashed using bcrypt before storage — we cannot recover your password
  • All data in transit is encrypted using TLS 1.2 or higher
  • Database access is restricted to authorized server-side code via Row Level Security (RLS) policies in Supabase
  • API keys and credentials are stored as environment variables, never in source code
  • Error monitoring detects and alerts us to unusual activity

No security system is impenetrable. In the event of a data breach affecting your personal information, we will notify you and the relevant authorities as required by applicable law.

9. Children's Privacy

WatchSpies is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover we have collected personal information from a child under 13, we will delete it promptly. If you believe a child under 13 has provided us personal information, please contact us at info@watchspies.com.

10. International Data Transfers

WatchSpies is operated from the United States. If you are located outside the United States, your data may be transferred to and processed in the United States and other countries where our service providers operate (including Supabase in the EU and Vercel globally).

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Continued use of WatchSpies after the effective date constitutes acceptance of the updated policy.

The current version is always available at watchspies.com/privacy.

12. Contact Us

For privacy questions, data requests, or complaints:

Email or notices: info@watchspies.com
Website: watchspies.com

← Back to listings