Privacy Policy

1. Controller

FreshTokenWatch

Set `LEGAL_CONTACT_EMAIL` to publish a direct privacy contact address.

2. Account Data

If you register an account, the service stores your email address, a hashed password, and session records required to keep you signed in. The login cookie is technically necessary for account access and admin access.

3. First-Party Analytics

FreshTokenWatch uses its own server-side analytics only. No third-party analytics scripts are loaded. Page analytics are stored as aggregated counters per hour and page, plus coarse categories for country code, device type, browser family, and operating system family.

The system does not need marketing cookies for this. It does not store raw IP addresses in the analytics table and it does not persist full user-agent strings for reporting. Country data is only available when a reverse proxy or CDN forwards a country header.

4. Security and Operations

Server logs and database records may be processed when needed to keep the platform secure, to prevent abuse, and to maintain the token ingestion pipeline.

5. Legal Basis

Account processing is generally required for contract performance. Essential security logging and the small, privacy-preserving first-party analytics described above can generally be operated on the basis of legitimate interests, provided they remain proportionate and are documented correctly for your deployment.

6. Your Rights

Depending on the applicable law, users may have rights of access, rectification, deletion, restriction, objection, and complaint to a supervisory authority.

7. Important Setup Note

This page is a technical baseline, not individualized legal advice. Before public launch, fill in the operator contact details and review the text against your actual hosting, email, and support setup.