Legal

Privacy Policy

Last updated June 8, 2026Watchover, Inc.

This policy explains what Watchover collects, how we use and protect it, and the choices you have — including how read-only bank data is accessed through Plaid. We never move your money, and we never sell your information.

Overview

Watchover, Inc. (“Watchover,” “we,” “us,” or “our”) helps people watch over the bank accounts of family members they care about and alerts them when a transaction looks like a scam. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. It applies to our mobile app, our website at usewatchover.com, the bank-connection flow we host for invited family members, and related services (together, the “Services”).

Because our product is built around financial information, we hold ourselves to a simple promise: we have read-only access and can never move your money. We do not sell personal information.

Two kinds of people

Watchover involves two roles, and the information we hold differs for each:

  • The protector — the adult who installs the app, creates an account, and invites one or more loved ones to be watched.
  • The watched person (“loved one”) — the family member whose accounts are monitored. A loved one does not create an account or install anything. They interact with Watchover exactly twice: once to consent and connect their bank from their own phone, and again only if they choose to disconnect.

If you are a loved one who received an invitation, the section Choices for the person being watched is written for you.

Information we collect

Information the protector provides

  • Account details — the protector's mobile phone number (used to sign in by one-time code) and name.
  • Details about each loved one — the name, relationship, approximate age, and mobile phone number the protector enters in order to send an invitation. The protector represents that they have permission to provide this information (see our Terms of Service).
  • Monitoring preferences — the watch rules, thresholds, and merchant limits you configure, and the actions you take on alerts.

Financial information (via Plaid)

When a loved one connects a bank account, we receive financial data through Plaid on a read-only basis. See Bank connections & Plaid for exactly what this includes and what it deliberately excludes.

Information we collect automatically

  • Device & push tokens — to deliver the alert notifications that are the core of the product, we store the push token for the protector's device.
  • Log & usage data — device type, app version, IP address, and diagnostic events, used to operate, secure, and improve the Services.
  • Cookies on our website — our marketing site uses only strictly necessary and basic measurement cookies. The bank-connection pages are kept lean and do not run advertising trackers.

Bank connections & Plaid

We connect to financial institutions through Plaid Inc., the same technology used by apps like Venmo, Chime, and Robinhood. When a loved one taps their invitation link and chooses their bank:

Read-only, always

Bank credentials are entered directly with Plaid or the bank — Watchover never sees, receives, or stores bank usernames or passwords. Our access is read-only: we cannot move money, make payments, transfer funds, issue cards, or change anything about the account.

Through Plaid, on a read-only basis, we receive:

  • Transactions and amounts, including merchant, date, and category — the information our scam-pattern detection runs on.
  • Account information — account names, types, masked numbers, and balances.
  • Account and routing numbers, where available.
  • Identity information (such as the account holder's name) at the time of connection, used to confirm the right account was linked.

Plaid's collection and use of information is governed by Plaid's Privacy Policy and End User Privacy Policy. A loved one can disconnect at any time, which revokes our access through Plaid (see Choices for the person being watched).

How we use information

We use the information we collect to:

  • Provide the core service — monitor connected accounts and match transactions against known scam patterns and the watch rules you set.
  • Send alerts and notifications — deliver push notifications to the protector when something needs attention, and a periodic digest.
  • Send invitations and security codes — text the invitation link to a loved one, and send one-time codes used to sign in.
  • Keep the Services secure — detect abuse, prevent fraud against the Services, and protect accounts.
  • Improve the Services — understand which detections are accurate, reduce false alarms, and develop new protections. We use de-identified or aggregated data where we can.
  • Comply with law and enforce our Terms of Service.

We do not use your financial information for advertising, and we do not sell it.

How we share information

We share information only as described here. We do not sell personal information, and we do not share it for cross-context behavioral advertising.

  • With the protector who invited a loved one. The whole purpose of the Services is to show the protector the watched person's account activity and alerts.
  • Service providers that operate the Services under contract, including: Plaid (bank connectivity), our SMS provider (invitation links and one-time codes), Expo (push-notification delivery), and our cloud hosting and database providers. They may process information only to provide services to us.
  • For legal reasons — to comply with law, valid legal process, or to protect the rights, safety, and property of users, the public, or Watchover.
  • Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.
  • With your direction — for example, when you choose to share an alert or loop in another family member.

Choices for the person being watched

If a family member invited you to Watchover, you stay in control:

  • You choose whether to connect. Nothing is shared until you tap your invitation link and connect your bank yourself.
  • Your password stays yours. You sign in through Plaid or your bank — Watchover never receives your bank credentials.
  • You can stop at any time. Reply STOP to the invitation text, or return to your personal link, to disconnect. When you disconnect, we revoke our access through Plaid and delete the connected financial data associated with you, except limited records we must keep for legal or security reasons. The protector is notified.

Data retention & deletion

We keep personal information for as long as needed to provide the Services and for legitimate business or legal purposes. When a loved one disconnects, or when a protector closes their account, we revoke bank access and delete the associated financial data within a commercially reasonable period, except where we must retain limited records (for example, to comply with law, resolve disputes, or prevent abuse). De-identified or aggregated data that can no longer be linked to you may be retained.

To request deletion, contact us at privacy@usewatchover.com.

How we protect your information

We use administrative, technical, and physical safeguards designed to protect personal information. Data is encrypted in transit, access tokens and one-time codes are stored only in hashed form, and access to financial data is limited to what the Services require. Bank access tokens are held server-side and are never exposed to the app or the browser.

No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security. If we learn of a breach affecting your information, we will notify you and the appropriate authorities as required by law.

Your privacy rights

Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. We honor these rights regardless of where you live, to the extent practicable.

U.S. state privacy rights (including California)

We do not sell personal information or share it for cross-context behavioral advertising. California residents and residents of other states with privacy laws may request access to or deletion of their personal information and may appeal a decision. We will not discriminate against you for exercising these rights.

EU/UK rights

Where the GDPR or UK GDPR applies, our legal bases for processing are performance of a contract, your consent (which you may withdraw), our legitimate interests in operating and securing the Services, and compliance with legal obligations. You may have the right to lodge a complaint with your local supervisory authority.

To exercise any right, email privacy@usewatchover.com. We may need to verify your identity before acting on a request.

Children's privacy

The Services are intended for adults and are not directed to children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it.

Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised Policy.

Contact us

Questions about this Policy or your information? Reach us at:

Watchover, Inc.