Privacy notice
Last updated · 21 May 2026
WatchLogR is a private archive for watch collectors. This notice explains what personal data we hold, how we hold it, and the rights you have over it under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We have written this in plain English on purpose. If anything below is unclear, write to us at support@watchlogr.com and we will explain.
1 · Who we are
WatchLogR is operated by WatchLogR Ltd [company number and registered address to be added once incorporated], a company registered in England & Wales. We are the data controller for the personal data described below.
For privacy questions, write to support@watchlogr.com.
2 · What we collect
We collect only what we need to operate the archive.
Account information
- Name
- Email address
- Encrypted password (we never see your password in readable form)
Records you upload
- Watch identifiers (brand, model, reference)
- Provenance entries (acquisition, service, ownership transfer)
- Documents (receipts, certificates, service records)
- Images
- Optional notes, valuations and storage labels
Technical and security data
- IP address (held briefly for security and abuse prevention)
- Browser type, device type, time of access (held in server logs)
- Session identifiers needed to keep you signed in
We do not collect special-category data (health, biometrics, political views, etc.) by design. Please do not upload special-category data into your records.
We do not collect children’s data. WatchLogR is intended for adults aged 18 and over.
3 · How we use your data
| Purpose | Lawful basis (UK GDPR Article 6) |
|---|---|
| Operating your account and authenticating you | Performance of a contract (Art. 6(1)(b)) |
| Storing the records and documents you upload | Performance of a contract |
| Keeping the service secure (abuse detection, rate limiting, audit logs) | Legitimate interests (Art. 6(1)(f)) — the integrity of the archive |
| Responding to support requests | Performance of a contract / Legitimate interests |
| Complying with legal obligations (e.g. tax, lawful disclosure requests) | Legal obligation (Art. 6(1)(c)) |
| Sending service notices (security, terms changes) | Legitimate interests |
| Future optional marketing emails (none currently sent) | Consent (Art. 6(1)(a)) — and only if you opt in |
We do not sell your data. We do not share your records with dealers, insurers, auction houses or any third party without your explicit instruction.
4 · Disclosure and the privacy posture of the archive
Records are private by default. They are visible only to you inside your account. Other collectors do not see them. WatchLogR staff do not browse them. Disclosure — to a buyer, dealer, insurer, or other third party — only occurs when you explicitly choose to share, and only the items you select.
5 · Who processes your data on our behalf
We use a small number of trusted infrastructure providers. Each one acts as a data processor under a written agreement.
| Processor | Purpose | Location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU region where available. [region to be confirmed] |
| Vercel | Web hosting and edge delivery | Global edge network; primary regions to be confirmed |
| Email provider | Account, security and support email | Provider to be confirmed |
We will keep this list current.
6 · International transfers
If any of our processors transfer your personal data outside the United Kingdom or European Economic Area, we rely on transfer mechanisms recognised under UK GDPR — typically the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses with the UK Addendum, together with the supplementary technical measures (encryption in transit and at rest) those mechanisms require.
7 · How long we keep your data
| Data | Retention |
|---|---|
| Account data | While your account is active, and for up to 90 days after you close it |
| Records you upload | While your account is active; deleted on request or on account closure, subject to §8 |
| Security and audit logs | Up to 12 months, then deleted or fully anonymised |
| Billing records (where applicable in future) | 6 years, to meet UK tax law |
| Support correspondence | Up to 24 months |
We will hold data longer only where we have a lawful obligation to do so (for example, in response to a court order) and only for as long as that obligation requires.
8 · Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you
- Rectify inaccurate data
- Erase your data (the “right to be forgotten”)
- Restrict how we process your data
- Object to processing based on legitimate interests
- Receive a portable copy of your data in a common machine-readable format
- Withdraw consent at any time where consent is the lawful basis
- Not be subject to fully automated decisions with legal or similarly significant effects (we do not make any)
To exercise any of these rights, write to support@watchlogr.com. We respond within one calendar month. There is no fee for reasonable requests.
Where we cannot fulfil a deletion request immediately — for example because we are required to retain a record for tax or legal reasons — we will explain what we are keeping, why, and when it will be deleted.
You also have the right to lodge a complaint with the Information Commissioner’s Office (ico.org.uk), which is the UK’s data protection regulator. We would prefer the chance to address your concern first.
9 · Security
We treat the archive as infrastructure. Practical measures include:
- Transport encryption (HTTPS) on every page
- Encryption at rest on the underlying storage
- Row-level security so each collector’s records are isolated by their account identity
- Service-role isolation: administrative database keys never reach browser code
- Independent timestamping for provenance events
- Regular review of access controls
No system is perfectly secure. We will notify you and the ICO without undue delay if a personal data breach is likely to put your rights at risk, in line with UK GDPR Article 33–34.
10 · Changes
We may revise this notice. When we do, we will update the date at the top and, for material changes, contact you directly.
11 · Contact
For privacy questions, deletion requests, or anything covered above:
See also our Cookie policy and Terms of use.