This Privacy Policy explains how WatchDog Security Technologies Inc. ("WatchDog Security," "WatchDog," "we," "our," or "us") collects, uses, discloses, retains, and safeguards personal data across our websites, applications, portals, proposal workflows, and related services.
This Privacy Policy applies globally to users of services that link to it, including watchdogsecurity.io, app.watchdogsecurity.io, hub.watchdogsecurity.io, usewatchdog.com, and freecompliancequiz.com. Product- or site-specific privacy notices are available where a particular service has additional context or narrower data practices.
01.How This Policy Works
This policy is the main privacy notice for WatchDog's services. It should be read together with the following documents where relevant:
| Document | When It Applies |
|---|---|
| Marketing Site Privacy Notice | When you visit or interact with watchdogsecurity.io |
| Application Privacy Notice | When you use app.watchdogsecurity.io |
| Partner Hub Privacy Notice | When you use hub.watchdogsecurity.io |
| Proposal Workflow Privacy Notice | When you review or accept proposals through usewatchdog.com |
| Free Compliance Quiz Privacy Notice | When you use freecompliancequiz.com |
| Cookie Policy | For cookies and similar technologies used on watchdogsecurity.io and related public pages |
| Data Processing Addendum | When WatchDog processes Customer Data on behalf of a customer |
02.Our Privacy Roles
WatchDog may act in different roles depending on the data and service involved.
2.1 When WatchDog Acts as Controller
We act as a controller, business, operator, or equivalent role when we decide why and how personal data is processed for our own business purposes. This generally includes account registration data, profile information, billing and invoicing data, CRM and relationship-management data, support communications, proposal workflow data, website and product analytics used for our own operations, and security or audit records.
2.2 When WatchDog Acts as Processor or Service Provider
We act as a processor, service provider, or equivalent role when we process Customer Data on behalf of a customer to provide our services under the customer's instructions and the applicable agreement. This may include uploaded documents, evidence, files exchanged through our services, imported records, and other customer-managed content.
When WatchDog acts as a processor or service provider for Customer Data, the customer remains responsible for its own lawful basis, notices, consents, and instructions relating to that Customer Data. See our Data Processing Addendum for more detail.
03.Services Covered by This Policy
| Service | Main Function | Typical Data Handled |
|---|---|---|
watchdogsecurity.io | Marketing website and public pages | inquiries, meeting bookings, website analytics, consent choices, chat interactions |
app.watchdogsecurity.io | SaaS application | account data, billing records, support communications, secure file exchange, uploaded content, audit logs |
hub.watchdogsecurity.io | Partner portal | partner account data, portal activity, support records, proposal workflow activity |
usewatchdog.com | Proposal access and acceptance workflows | recipient name/title, proposal open/download/acceptance records, e-signature or equivalent acceptance records |
freecompliancequiz.com | Public quiz tool | privacy-focused analytics, essential security data, browser-local quiz activity |
04.Personal Data We Collect and Why
The data we collect depends on the service you use and how you interact with us.
| Category | Examples | Main Purposes |
|---|---|---|
| Identity and contact data | name, business email, phone number, title, company | account creation, communications, proposals, support, relationship management |
| Account and profile data | login records, profile settings, role, profile photo | authentication, account administration, security, service delivery |
| Billing and transaction data | invoices, payment status, subscription details, accounting records | billing, bookkeeping, tax compliance, fraud prevention |
| Communication data | contact forms, chat messages, support tickets, meeting requests | responding to inquiries, onboarding, support, service communications |
| Technical and usage data | IP address, device/browser details, user agent, session activity, logs | service operation, security, troubleshooting, analytics, fraud prevention |
| Proposal workflow data | recipient name/title, acceptance timestamp, e-signature or equivalent acceptance data | proposal lifecycle management, audit trail, business recordkeeping |
| Customer content and files | uploaded documents, evidence, secure file exchange attachments, CSV imports | providing the services, file exchange, auditability, customer-requested workflows |
| Marketing and preference data | newsletter choices, opt-in/opt-out records, consent records | communications management and compliance with marketing rules |
We do not intentionally design our services to collect large-scale special-category or criminal-offence data. If a customer uploads such data into Customer Data, the customer is responsible for ensuring it has a lawful basis and appropriate controls for that processing.
05.How We Collect Personal Data
We collect personal data directly from you when you submit forms, book meetings, create accounts, communicate with us, upload content, accept proposals, or otherwise provide information. We also collect certain data automatically through the operation of our websites and services, including logs, cookies, SDKs, security tools, diagnostics, and analytics, subject to applicable law. In some cases, we receive personal data from third parties or integrations, including customer invitations, identity providers, payment providers, CRM systems, support systems, and e-signature or records-management workflows.
06.How We Use Personal Data
We use personal data to provide, operate, maintain, and improve our services; create, administer, secure, and support accounts; authenticate users and manage access; process proposals, invoices, subscriptions, payments, and related commercial records; support secure file exchange, uploads, exports, and related audit trails; respond to inquiries, provide onboarding, and deliver support; monitor service performance, diagnose issues, maintain availability, and investigate abuse; protect against fraud, misuse, unauthorized access, and security incidents; send service notices, transactional communications, and, where permitted, marketing communications; manage relationships with prospects, customers, partners, vendors, and proposal recipients; and comply with legal, contractual, accounting, tax, security, and compliance obligations.
07.Sharing and Disclosure
We disclose personal data where necessary to support our services and operations.
| Recipient Category | Why We Share |
|---|---|
| Cloud, hosting, security, and infrastructure providers | to run, secure, and support our services |
| Payment, accounting, invoicing, and bookkeeping providers | to process payments and maintain financial records |
| CRM, support, communications, and email-delivery providers | to manage customer relationships, support, and service communications |
| Analytics, diagnostics, and monitoring providers | to understand product usage, investigate issues, and improve service reliability |
| Scheduling, e-signature, and workflow providers | to support meetings, proposals, and agreement workflows |
| Professional advisors and auditors | to obtain legal, accounting, insurance, audit, and compliance support |
| Authorities, courts, or law-enforcement bodies | where required by law or necessary to protect rights, systems, property, or safety |
| Transaction counterparties | in connection with a merger, acquisition, financing, restructuring, or asset sale, subject to appropriate protections |
We do not sell personal data for money. We do not use Customer Data for cross-context behavioral advertising.
08.International Transfers
As a Canadian company, we and our service providers may process personal data in Canada, the United States, and other jurisdictions where we or our providers operate. Where required by applicable law, we use appropriate safeguards for international transfers, such as contractual protections, recognized adequacy mechanisms, or other lawful transfer measures.
09.Retention
We retain personal data only for as long as necessary for the purposes described in this Privacy Policy, including service delivery, support, legal compliance, recordkeeping, security, and dispute resolution. Where exact periods are not appropriate for every record, we use documented retention criteria based on the purpose of processing, the sensitivity of the data, contractual obligations, operational needs, and legal requirements.
| Record Type | Standard Retention |
|---|---|
| Marketing inquiries, contact forms, meeting requests, chat inquiries, and CRM lead records | up to 3 years after the last meaningful interaction, unless deleted earlier upon request or no longer needed |
| Newsletter subscription and communication preference records | for as long as needed to maintain subscription, suppression, consent, or opt-out evidence |
| Account registration and profile data | for the duration of the account relationship and up to 12 months after closure or deletion request, unless a longer period is required for legal, security, fraud-prevention, or dispute-resolution reasons |
| Support tickets and support communications | up to 3 years from closure of the support matter, unless a longer period is required for security, legal, or operational reasons |
| Billing, invoicing, accounting, and tax records | 7 years, or longer where required by law |
| Executed agreements, DPAs, e-signature records, and related legal documents | 7 years, or longer where required by law or needed to establish, exercise, or defend legal claims |
| Proposal access, review, download, and acceptance lifecycle records | 7 years from the relevant proposal event, unless a longer period is required for legal, audit, fraud-prevention, or contractual reasons |
| Security, access, audit, and secure file exchange logs | up to 2 years, unless longer retention is required for an investigation, legal hold, abuse-prevention measure, security review, or regulatory requirement |
| Customer Data in encrypted backups after deletion or termination | up to 90 days before deletion as part of backup rotation |
Service-specific tools may also have shorter platform-level retention settings. For example, diagnostic event data may be retained for a shorter provider-configured period, and analytics providers may apply settings or plan-based limits.
10.Security
We use technical, organizational, and administrative safeguards designed to protect personal data against unauthorized access, disclosure, loss, misuse, alteration, or destruction. These measures may include encryption, role-based access controls, multi-factor authentication, logging and monitoring, secure hosting and network protections, vulnerability management, vendor due diligence, confidentiality obligations, backup controls, and incident-response procedures.
No method of transmission or storage is completely secure. While we take reasonable measures to protect personal data, we cannot guarantee absolute security.
11.Your Privacy Rights
Depending on your location and applicable law, you may have the right to:
| Right | Description |
|---|---|
| Access | request access to personal data we hold about you |
| Rectification | request correction of inaccurate, incomplete, or outdated data |
| Erasure / Deletion | request deletion of personal data where legally applicable |
| Restriction / Objection | object to or request restriction of certain processing |
| Portability | request a copy of personal data in a structured, commonly used, and machine-readable format where applicable |
| Withdraw Consent | withdraw consent where processing is based on consent, without affecting prior lawful processing |
| Complaint | lodge a complaint with a competent privacy or data-protection authority |
To exercise your rights, contact us using the details below. We may need to verify your identity before acting on your request. Where your request relates to Customer Data that WatchDog processes on behalf of a customer, we may direct your request to the relevant customer or coordinate with them as required by law and the applicable agreement.
If you believe we have not adequately addressed your concern, you may have the right to lodge a complaint with the privacy or data-protection authority competent for your place of residence, place of work, or the location of the relevant processing activity, depending on applicable law.
11.1 Supervisory Authorities & Regional Contacts
Depending on your country or region of residence, you may contact:
- United Kingdom – Information Commissioner's Office (ICO). ico.org.uk
- European Union – Your local EU data protection supervisory authority.
- Canada – Office of the Privacy Commissioner of Canada (OPC). priv.gc.ca
- Brazil – Autoridade Nacional de Proteção de Dados (ANPD), Esplanada dos Ministérios, Bloco C, 2º Andar, CEP 70297-400 – Brasília – DF. gov.br/anpd
- South Africa – Information Regulator (South Africa), P.O. Box 31533, Braamfontein, Johannesburg 2017. Email:
complaints.IR@justice.gov.za - Australia – Office of the Australian Information Commissioner (OAIC). oaic.gov.au
- Jersey – Jersey Office of the Information Commissioner (JOIC).
- Singapore – Personal Data Protection Commission (PDPC). pdpc.gov.sg
- Other regions – If your country or region is not listed above, please contact your national or regional data protection or privacy authority.
12.Deletion Requests
Where legally applicable, you may request deletion of your personal data.
At this time, if you wish to request deletion of an account associated with app.watchdogsecurity.io, contact us through support, Intercom where available, or by emailing support@watchdogsecurity.io. If self-service account deletion becomes available in the future, we may update our workflows and this Privacy Policy accordingly.
Deletion requests may be subject to verification, lawful retention obligations, fraud-prevention needs, security requirements, backup cycles, and the rights of other parties.
13.Children
Our services are designed for businesses, organizations, partners, professionals, and adult users. They are not directed to children, and we do not knowingly collect personal data from children where such collection would require parental consent or otherwise violate applicable law.
14.Changes to This Policy
We may update this Privacy Policy from time to time to reflect legal, operational, technical, product, security, or business changes. When we update it, we will revise the lastUpdated date and, where required, provide additional notice through the relevant service or website.
15.Contact Details
For questions, concerns, or to exercise your privacy rights, contact us:
Privacy Officer
WatchDog Security Technologies Inc.
18 King St E, Suite 1400
Toronto, ON M5C 1C4
Canada
Website: watchdogsecurity.io
Privacy: privacy@watchdogsecurity.io
Support: support@watchdogsecurity.io
General: hello@watchdogsecurity.io
Have questions?
Our Privacy Officer is here to help clarify any points of this policy.
