Privacy Policy
Effective Date: March 27, 2026
1. Introduction
JABB Watch ("the Service") is operated by JABB Consulting ("we", "us", "our"), a consulting company registered in Finland (business ID FI24971346). We are committed to protecting your privacy and handling your personal data in compliance with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.
Data Controller: JABB Consulting, Finland
Contact: support@jabbwatch.com
This Privacy Policy explains what data we collect, how we use it, how we protect it, and what rights you have regarding your personal data.
2. Shared Authentication
JABB Watch uses a shared authentication system powered by AWS Cognito. If you also use JABB Fusion (our AI research workbench), you will use the same login credentials for both services.
Important points about shared authentication:
- Your login credentials (email and password) are managed centrally via AWS Cognito
- Your JABB Watch business data (competitor URLs, business description, reports) is stored separately and is not accessible from JABB Fusion
- Account deletion from one service does not automatically delete your account from the other; you must request deletion from each service separately
3. Data We Collect
Onboarding data (provided by you):
| Data Type | Purpose |
|---|---|
| Company name | Account identification, report personalization |
| Contact person name | Communication, report delivery |
| Business email address | Authentication, report delivery, communication |
| Business description | Contextualizing AI analysis in reports |
| Product/pricing information | Enabling comparative analysis in reports |
| Competitor URLs (up to 5) | Monitoring target pages for changes |
Automatic data (collected by our systems):
| Data Type | Purpose |
|---|---|
| Page snapshots (competitor URLs) | Change detection and comparison |
| Generated reports | Delivery to you, historical reference |
| Subscription and payment metadata | Billing management (via Stripe) |
What we do NOT collect:
- We do not store credit card numbers or bank details (handled entirely by Stripe)
- We do not use tracking cookies or analytics pixels
- We do not collect IP addresses or device fingerprints for tracking purposes
- We do not monitor pages behind logins or paywalls
4. How We Use Your Data
| Processing Activity | Legal Basis (GDPR) |
|---|---|
| Monitoring competitor URLs and detecting changes | Performance of contract (Art. 6(1)(b)) |
| Generating and delivering AI-powered reports | Performance of contract (Art. 6(1)(b)) |
| Processing payments via Stripe | Performance of contract (Art. 6(1)(b)) |
| Sending service-related communications | Legitimate interest (Art. 6(1)(f)) |
| Maintaining account security and preventing fraud | Legitimate interest (Art. 6(1)(f)) |
| Complying with legal obligations (e.g., tax records) | Legal obligation (Art. 6(1)(c)) |
5. AI Processing
We use Claude, an AI model developed by Anthropic, to analyze competitor page changes and generate reports. The following data is sent to the AI for processing:
- Competitor page content (current and previous snapshots)
- Your business description and product/pricing information (to contextualize the analysis)
Important points about AI processing:
- We use Anthropic's API, which does not use your data to train AI models
- Data sent to the API is not retained by Anthropic after processing
- AI-generated content is clearly labeled in reports
- AI analysis may contain inaccuracies; you should independently verify any insights before making business decisions
6. Data Storage and Security
We take data security seriously and implement the following measures:
- Infrastructure: All data is stored on Amazon Web Services (AWS) in the EU (Frankfurt, Germany, eu-central-1 region)
- Encryption at rest: AES-256 encryption for all stored data
- Encryption in transit: TLS 1.2+ for all data transfers
- Access control: Strict role-based access; data is accessible only by authorized systems and personnel
- Authentication: AWS Cognito with secure password hashing and token-based session management
7. Data Sharing
We do not sell, rent, or share your personal data with third parties for their own purposes. We share data only with the following service providers, who act as data processors on our behalf:
| Provider | Purpose | Data Shared |
|---|---|---|
| Amazon Web Services (AWS) | Infrastructure hosting, authentication | All service data (stored in EU) |
| Stripe | Payment processing | Email, payment details |
| Anthropic | AI analysis for report generation | Competitor page content, business context (not retained after processing) |
8. Data Retention
| Data Type | Retention Period |
|---|---|
| Account information | Duration of subscription + 30 days after closure |
| Business description and competitor URLs | Duration of subscription + 30 days after closure |
| Page snapshots | Rolling 90-day window (older snapshots automatically deleted) |
| Generated reports | Duration of subscription + 30 days after closure |
| Payment records | As required by Swedish tax law (typically 7 years) |
| Authentication data (AWS Cognito) | Until you request account deletion |
You may request earlier deletion of your data at any time by contacting support@jabbwatch.com.
9. Your Rights Under GDPR
Under the EU General Data Protection Regulation, you have the following rights regarding your personal data:
- Right of access (Art. 15): You have the right to request a copy of all personal data we hold about you
- Right to rectification (Art. 16): You have the right to request correction of inaccurate or incomplete personal data
- Right to erasure (Art. 17): You have the right to request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements
- Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format
- Right to restriction (Art. 18): You have the right to request that we restrict the processing of your personal data in certain circumstances
- Right to object (Art. 21): You have the right to object to processing based on legitimate interests
- Right to withdraw consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of prior processing
How to exercise your rights: Send a request to support@jabbwatch.com with the subject line "GDPR Request". We will verify your identity and respond within 30 days. If we need additional time, we will notify you within the initial 30-day period. Exercising your rights is free of charge.
10. Cookies
JABB Watch uses minimal cookies strictly necessary for the Service to function:
- Session cookies: Used to maintain your authenticated session. These are temporary and deleted when you close your browser.
- Authentication tokens: Stored securely to keep you logged in across sessions.
We do not use:
- Third-party tracking cookies
- Analytics cookies or pixels
- Advertising or remarketing cookies
- Social media tracking cookies
Because we only use strictly necessary cookies, no cookie consent banner is required under GDPR.
11. International Data Transfers
Your data is primarily stored and processed within the European Union (AWS Frankfurt, Germany).
Some data processing involves transfers to the United States:
- Anthropic (AI processing): Competitor page content and business context are sent to Anthropic's API for analysis. This data is processed transiently and not retained by Anthropic.
- Stripe (payment processing): Payment data is processed by Stripe, which maintains EU-US data protection compliance.
For all international transfers, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the European Commission.
12. Children's Privacy
JABB Watch is a business-to-business (B2B) service designed for professional use. We do not knowingly collect personal data from individuals under the age of 16. If you believe we have inadvertently collected data from a minor, please contact us immediately at support@jabbwatch.com and we will promptly delete such data.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 14 days before they take effect by sending a notice to your registered email address.
The "Effective Date" at the top of this page indicates when this policy was last updated. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.
14. Supervisory Authority
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority. The relevant authority for Finland is:
Tietosuojavaltuutetun toimisto
Office of the Data Protection Ombudsman
tietosuoja.fi
We encourage you to contact us first at support@jabbwatch.com so that we can try to resolve any concerns directly.
15. Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact us:
- Email: support@jabbwatch.com
- Company: JABB Consulting
- Location: Finland