Privacy Policy

Last updated: March 8, 2026

1. Data Controller

The Witness is operated by Saul Molinero. For privacy-related inquiries, contact us at support@thewitness.app.

2. Data We Collect

We collect and process the following personal data:

Data	Purpose	Lawful Basis	Retention
Email address	Account creation, authentication, notifications	Contract (Art. 6(1)(b))	Until account deletion
Password (securely hashed)	Authentication	Contract	Until account deletion
Monitor URLs and configuration	Core service — web page monitoring	Contract	Until account deletion
Screenshots (encrypted at rest)	Visual change detection and evidence	Contract	7 / 90 / 365 days by plan
AI analysis results	Semantic change summaries and significance scoring	Contract	Until account deletion
Billing records	Payment processing, invoicing	Legal obligation (Art. 6(1)(c))	7 years (tax compliance)
Authentication cookies	Session management	Contract	30 days
Analytics events	Product improvement, conversion measurement	Legitimate interest (Art. 6(1)(f))	14 months (GA4), until account deletion (internal)

We do not collect device fingerprints, build advertising profiles, or sell any data to third parties. We do not process special categories of personal data (Art. 9 GDPR).

Monitored URLs are chosen exclusively by you. Screenshots may incidentally capture personal data visible on publicly accessible web pages (names, profile photos). This data is processed solely for change detection and is subject to the same encryption and retention policies as all screenshot data.

3. AI Processing & Transparency

The Witness uses artificial intelligence to analyze detected changes and generate semantic summaries. We believe in full transparency about how your data is processed by AI systems.

What is sent: When a visual change is detected, the before/after screenshots and extracted text content are sent to Google Gemini for analysis. No account details (email, name, billing) are included.
What is returned: Gemini produces a change summary, significance score, and recommendation — displayed in your change report.
Data processing: Google acts as a data processor under their Cloud Data Processing Addendum. Paid API data is not used to train Google's models.
AI-generated content: All change summaries and significance scores are generated by AI and clearly labeled as such in the interface.
No automated decisions with legal effect: AI analysis is purely informational — it produces alerts and reports but does not make decisions that produce legal effects or similarly significant consequences for you (Art. 22 GDPR).

4. Legal Basis for Processing

We process your data under multiple lawful bases, specified per data category in the table above:

Contract (Art. 6(1)(b)): Account data, monitoring, screenshots, AI analysis — necessary to deliver the service you signed up for.
Legal obligation (Art. 6(1)(c)): Billing records — required by EU/Spanish tax law for 7 years.
Legitimate interest (Art. 6(1)(f)): Analytics — to improve product quality and measure conversions. You can object at any time (see Section 7).

5. Sub-processors & Data Sharing

We share data with the following third-party processors. Each operates under a signed Data Processing Agreement (DPA) with appropriate safeguards:

Processor	Purpose	Location	Transfer Mechanism
OVH	Primary hosting (database, application)	France (EU)	No transfer required
Cloudflare R2	Encrypted screenshot storage	EU (auto-region)	EU-US DPF + SCCs
Google Gemini	AI analysis of screenshots	EU/US	EU-US DPF + SCCs
Google Analytics (GA4)	Product analytics, conversions	EU/US	EU-US DPF + SCCs
Resend	Transactional email delivery	US	EU-US DPF + SCCs
Stripe	Payment processing (PCI-DSS Level 1)	US	EU-US DPF + SCCs

We do not share data with any parties beyond those listed above. Payment information is collected and processed directly by Stripe — we never receive or store full card numbers. Stripe acts as both a processor (payment on our behalf) and an independent controller (fraud prevention, compliance) under their own privacy policy.

6. Data Retention

We apply specific retention periods to each data category:

Data	Retention Period
Account data (email, settings, monitors)	Until account deletion
Screenshots	Free: 7 days / Pro: 90 days / Agency: 365 days
AI analysis results	Until account deletion
Billing records	7 years after transaction (tax compliance)
Analytics (GA4)	14 months
Internal analytics events	Until account deletion
Server logs	30 days

When you delete your account, all associated data — monitors, snapshots, change reports, alert configurations, encrypted screenshots, and internal analytics events — are permanently and irreversibly deleted. Billing records are retained for the legally required period.

7. Your Rights

Under the GDPR, you have the following rights. We provide self-service tools for most of these directly in your account settings:

Access (Art. 15) — Request a copy of your data. Available in Settings > Export data, which provides a machine-readable JSON export of all your personal data.
Rectification (Art. 16) — Update your email or other account details in Settings.
Erasure (Art. 17) — Delete your account and all data from Settings > Danger zone. Deletion is immediate and irreversible.
Portability (Art. 20) — Export your data in structured, machine-readable format via Settings > Export data.
Objection (Art. 21) — Object to processing based on legitimate interest (e.g., analytics). Contact us and we will cease that processing unless we have compelling legitimate grounds.
Restriction (Art. 18) — Request that we limit processing of your data while a dispute is resolved.
Withdraw consent — Where processing is based on consent (analytics cookies), you may withdraw at any time via your browser settings.

To exercise any of these rights, email support@thewitness.app or use the self-service tools in your account settings. We will respond within 30 days.

You also have the right to lodge a complaint with your local supervisory authority. For Spain: Agencia Española de Protección de Datos (AEPD).

8. Cookies & Analytics

We use essential cookies for authentication (required for the service to function) and analytics services to improve our product.

Cookie / Storage	Type	Purpose	Duration
Session cookies	Essential	Authentication and session management	Up to 30 days
cookie_notice (localStorage)	Essential	Remember cookie notice dismissal	Persistent
_ga, _ga_* (Google Analytics)	Analytics	Product analytics, conversion measurement	Up to 14 months

Google Analytics collects pseudonymous usage data (page views, events, conversions) to enable cross-session analysis and conversion measurement. IP addresses are anonymized by default. This data is not used for advertising and we do not enable Google Ads remarketing features.

You can opt out of Google Analytics using the Google Analytics opt-out browser add-on or by blocking cookies in your browser settings.

9. International Transfers

Your primary data (database, application) is stored in the EU (OVH, France). Specific processing activities involve transfers to the United States:

AI analysis — screenshots sent to Google Gemini (US/EU)
Email delivery — transactional emails via Resend (US)
Payment processing — billing via Stripe (US)
Analytics — usage data via Google Analytics (US/EU)

All US transfers are protected by the EU-US Data Privacy Framework (DPF) adequacy decision and Standard Contractual Clauses (SCCs). Each sub-processor listed in Section 5 operates under a signed DPA with these transfer mechanisms in place.

10. Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit: All connections use TLS 1.2+.
Encryption at rest: All screenshots are encrypted before storage using industry-standard authenticated encryption. Only authenticated account owners can view their own screenshots. No other user, third party, or staff member can access your screenshot data.
Password security: Passwords are irreversibly hashed using industry-standard algorithms. We never store plaintext passwords.
Access controls: Infrastructure access is restricted to authorized personnel. Database systems are not directly accessible from the public internet.
Data isolation: Each user's data is logically isolated. API endpoints enforce ownership checks on every request.

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours (Art. 33 GDPR) and affected users without undue delay if the breach poses a high risk to their rights (Art. 34 GDPR).

11. Children's Privacy

The Witness is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that a user is under 16, we will promptly delete their account and all associated data.

12. US State Privacy Rights

If you are a resident of California or another US state with comprehensive privacy legislation (CCPA/CPRA, VCDPA, CPA, and others), you have additional rights:

Right to know — what personal information we collect, use, and disclose (detailed in Section 2).
Right to delete — request deletion of your personal information (Settings > Danger zone).
Right to opt out of sale/sharing — we do not sell or share your personal information for cross-context behavioral advertising.
Non-discrimination — we will not discriminate against you for exercising your privacy rights.

13. Changes to This Policy

We may update this policy to reflect changes in our practices, sub-processors, or legal requirements. We will notify registered users by email of any material changes at least 30 days before they take effect. Non-material changes (clarifications, formatting) take effect immediately upon posting.

14. Contact & Governing Law

For any privacy concerns or to exercise your rights, contact support@thewitness.app.

This policy is governed by the laws of Spain and the European Union. You have the right to lodge a complaint with the Spanish Data Protection Authority (AEPD) or your local EU supervisory authority.