Privacy Policy

InariWatch ("we", "our", or "us") is operated by Jesus Bernal. This policy explains what data we collect when you use InariWatch at inariwatch.com and app.inariwatch.com, how we use it, and your rights regarding it.

InariWatch is fully open source under the MIT License. You can review all data handling code at github.com/orbita-pos/inariwatch.

Account data: your name and email address when you register, and OAuth profile info (name, email, avatar) if you sign in with GitHub, Google, or GitLab.

Authentication data: hashed passwords, 2FA secrets (encrypted), session tokens, and password reset tokens. Session cookies (next-auth.session-token) are set with a 30-day expiry and are required for the app to function.

Integration data: webhook payloads and API responses from services you connect (GitHub, Vercel, Sentry, Datadog). This may include stack traces, deployment logs, and error messages from your systems. All integration credentials are stored encrypted.

AI API keys: keys you provide under Settings (Anthropic, OpenAI, Google, Grok, DeepSeek) are stored encrypted and used only to make requests on your behalf. We never share them or use them for any other purpose.

Notification data: configuration for your notification channels (email, Telegram, Slack, browser push). Webhook endpoints and secrets are stored encrypted.

Email interaction data: alert notification emails include an open-tracking pixel and click-tracking links so we can show you whether notifications were received. This data is stored in your account and visible to you in the app.

Audit logs: we log certain account actions (login, settings changes) along with IP addresses for security purposes.

Blog newsletter: if you subscribe to the blog newsletter, we store your email. You can unsubscribe at any time via the link in any email.

• To provide and operate the InariWatch service.
• To send transactional emails (password reset, workspace invites, alert notifications).
• To send blog updates if you opted in.
• To debug errors and improve reliability.
• To detect and prevent abuse (rate limiting, audit logs).

We do not sell your data. We do not use your data for advertising. We have no analytics or behavioral tracking on our website.

• Neon — PostgreSQL database hosting. All your data is stored here.
• Vercel — application hosting and edge functions.
• Resend — transactional email delivery.
• AI providers — when you use AI features, requests are sent to the provider whose key you configured (Anthropic, OpenAI, Google, xAI/Grok, DeepSeek). We do not store AI responses beyond what is shown in the app.
• GitHub / Google / GitLab — optional OAuth sign-in. We only store the provider account ID, email, and name returned by the provider.
• Plausible Analytics — privacy-friendly, cookieless analytics. No personal data is collected. See plausible.io/privacy.
• Telegram / Slack — if you configure these as notification channels, alert data is sent to your Telegram bot or Slack webhook.

We use one session cookie (next-auth.session-token) to keep you logged in. It expires after 30 days. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

We retain your account and alert data for as long as your account is active. If you delete your account, your data is deleted within 30 days. You can request deletion at any time by emailing info@jesusbr.com.

We use HTTPS for all connections, bcrypt for password hashing, encrypted storage for API keys and integration secrets, HMAC signature verification on all incoming webhooks, and rate limiting on all authentication endpoints. If you discover a vulnerability, please report it to info@jesusbr.com.

InariWatch is MIT-licensed open source software. If you self-host InariWatch, you are responsible for your own data handling and privacy compliance. This policy applies only to the hosted service at inariwatch.com.

You have the right to access, correct, export, or delete your personal data at any time. To exercise these rights, contact us at info@jesusbr.com or delete your account directly from Settings.

We may update this policy occasionally. We will notify registered users by email of any material changes. Continued use of the service after changes constitutes acceptance.

Questions? Email us at info@jesusbr.com.