Skip to main content

Privacy Policy

Last updated: 2026-01-10

Overview

PkgWatch ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and safeguard your information when you use our package health monitoring service.

Information We Collect

Account Information

When you sign up for PkgWatch, we collect:

  • Email address (for account authentication and communication)
  • API usage data (request counts, timestamps)

API Usage Data

When you use our API, we collect:

  • Package names queried (e.g., "express", "lodash")
  • Request timestamps and IP addresses
  • API key identifiers (not the keys themselves)

What We Do NOT Collect

  • Your source code
  • The contents of your package.json files (only package names)
  • Any personal data beyond email addresses

How We Use Your Information

  • To provide and maintain our service
  • To enforce rate limits and prevent abuse
  • To send transactional emails (magic links, API key notifications)
  • To improve our service based on aggregate usage patterns

Data Storage and Security

Your data is stored securely on AWS infrastructure in the United States. We implement industry-standard security measures including:

  • Encryption in transit (TLS 1.2+)
  • Encryption at rest for all stored data
  • API key hashing (we cannot see your full API keys)

Data Retention

We retain your account data for as long as your account is active. API usage logs are retained for 90 days for debugging and abuse prevention purposes. You may request deletion of your account and associated data at any time.

Third-Party Services

We use the following third-party services:

  • AWS - Infrastructure and data storage
  • Stripe - Payment processing (for paid tiers)
  • Plausible Analytics - Privacy-focused website analytics (no cookies, no personal data)

Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Export your data in a portable format

To exercise these rights, contact us at privacy@pkgwatch.laranjo.dev.

Cookies

We do not use tracking cookies. We use Plausible Analytics, which is cookie-free and does not track individual users. Session authentication uses secure HTTP-only cookies that are essential for the service to function.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@pkgwatch.laranjo.dev.