Privacy Policy

Last updated: February 5, 2026

Luxury Watcher ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, newsletters, and related services (the "Service"). Please read this policy carefully. By using the Service, you consent to the practices described here. If you do not agree, please do not use the Service.

1. Who Is Responsible for Your Data

Luxury Watcher is the data controller for the personal data we collect through the Service. If you have questions about this policy or your data, you may contact us through the contact or support option available on our website.

2. Information We Collect

2.1 Information You Provide

  • Account and profile: When you register, we collect your email address and any profile information you choose to provide (e.g. name, preferences).
  • Newsletter: When you subscribe to our newsletter, we collect your email address and subscription preferences.
  • Payment: When you subscribe to a paid plan, payment details (e.g. card information) are collected and processed by our payment provider, Stripe. We do not store full card numbers on our servers. We may receive and store limited payment-related information (e.g. last four digits, billing country) as needed for billing and support.
  • Communications: If you contact us (e.g. for support), we collect the information you provide in those communications.

2.2 Information Collected Automatically

When you use the Service, we may automatically collect certain information, such as:

  • Usage data: How you use the Service (e.g. pages visited, links clicked, time spent). We may use this to improve the Service and understand usage patterns.
  • Device and technical data: Browser type, device type, operating system, IP address, and similar technical identifiers. We use this for security, compatibility, and basic analytics.

We keep our use of cookies and similar technologies minimal. See the "Cookies and Similar Technologies" section below for more detail.

2.3 Information from Third Parties

If you sign in using a third-party provider (e.g. Google), we may receive basic profile information (such as email and name) that the provider shares with us in accordance with your settings and their policies.

3. Legal Basis for Processing (EEA/UK)

If you are in the European Economic Area or the United Kingdom, we process your personal data on the following bases:

  • Contract: To provide the Service, manage your account, process payments, and send service-related communications.
  • Legitimate interests: To improve and secure the Service, prevent fraud, and communicate about the Service, where our interests are not overridden by your rights.
  • Consent: Where we ask for your consent (e.g. for certain marketing or optional features), you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legal obligation: Where we must process data to comply with applicable law.

4. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service (including newsletters, articles, and subscription features).
  • Create and manage your account and authenticate you.
  • Process payments and manage your subscription.
  • Send you service-related emails (e.g. confirmations, password resets, important updates about the Service).
  • Send you our newsletter and other content you have subscribed to, in accordance with your preferences.
  • Respond to your inquiries and provide support.
  • Improve the Service, develop new features, and understand how the Service is used.
  • Protect the security and integrity of the Service and our users.
  • Comply with legal obligations and enforce our Terms of Service.

We do not use your personal data for automated decision-making that significantly affects you, except where permitted by law (e.g. fraud prevention).

5. Sharing Your Information

We do not sell your personal data. We may share your information only in the following circumstances:

  • Service providers: We use trusted third parties to operate the Service, such as hosting (e.g. Vercel), databases (e.g. Supabase), payment processing (Stripe), and email delivery (e.g. Resend). These providers process data on our behalf and are contractually required to protect your data and use it only for the purposes we specify.
  • Legal requirements: We may disclose information if required by law, court order, or government request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to the same privacy commitments.

We do not share your personal data with third parties for their own marketing purposes.

6. Data Retention

We retain your information only for as long as necessary to fulfill the purposes described in this policy, unless a longer retention period is required or permitted by law. For example:

  • Account and profile data: retained while your account is active and for a reasonable period after deletion for backup and legal purposes.
  • Payment records: retained as required for accounting, tax, and dispute resolution.
  • Newsletter and marketing preferences: retained until you unsubscribe or ask us to delete your data.
  • Logs and security-related data: retained for a limited period necessary for security and troubleshooting.

When we no longer need your data, we will delete or anonymize it in accordance with our retention practices.

7. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption in transit (e.g. HTTPS), secure storage, access controls, and regular review of our practices. No method of transmission or storage is completely secure; we encourage you to use a strong password and keep your account credentials confidential.

8. International Transfers

Your information may be processed in countries other than your country of residence. Those countries may have different data protection laws. When we transfer data from the European Economic Area or the United Kingdom to other countries, we ensure appropriate safeguards are in place (e.g. standard contractual clauses or adequacy decisions) as required by applicable law.

9. Your Rights

Depending on where you live, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to certain exceptions (e.g. where we must retain data for legal reasons).
  • Restriction: Request that we restrict processing in certain circumstances.
  • Portability: Request a copy of your data in a structured, machine-readable format where applicable.
  • Objection: Object to processing based on legitimate interests or for direct marketing.
  • Withdraw consent: Where processing is based on consent, withdraw consent at any time.
  • Complaint: Lodge a complaint with a supervisory authority in your country.

To exercise these rights, please contact us through the contact or support option on our website. We will respond within the timeframes required by applicable law. You may also unsubscribe from our newsletter at any time using the unsubscribe link in every email. For payment and subscription changes, you can use the customer portal we provide (e.g. Stripe Customer Portal).

If you are in California, we do not sell your personal information as defined under the California Consumer Privacy Act (CCPA). You may have additional rights under the CCPA; contact us to exercise them.

10. Cookies and Similar Technologies

We use minimal cookies and similar technologies. We use only what is necessary to provide and secure the Service (e.g. session and authentication cookies). We do not use third-party advertising cookies or sell data derived from cookies for advertising. You can control cookies through your browser settings; note that disabling certain cookies may affect the functionality of the Service.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated policy on this page and update the "Last updated" date. For material changes, we may provide additional notice (e.g. by email or a notice on the Service). We encourage you to review this policy periodically. Your continued use of the Service after the effective date of changes constitutes acceptance of the updated policy.

13. Contact

If you have questions about this Privacy Policy or how we handle your personal data, please contact us through the contact or support option available on our website.