ExeWatch

Privacy Policy

Last updated: February 2026

1. Data Controller

The data controller for ExeWatch is:

bit Time Professionals s.r.l.
Via di Valle Morta 10
00132 Roma (RM), Italy
P.IVA: IT13018661002
Email: exewatch@bittime.it

2. Information We Collect

ExeWatch collects information that you provide directly to us:

  • Account Information: Email address, name, company name (optional), and password when you register
  • Billing Information: Payment details processed securely by Stripe (we do not store your credit card numbers)
  • Application Data: Log events, device information, and performance metrics sent by your applications through our SDK
  • Contact Information: Data you provide when contacting us through our contact form

3. Legal Basis for Processing

We process your personal data based on the following legal grounds (Art. 6 GDPR):

  • Contract Performance (Art. 6(1)(b)): Processing necessary to provide our monitoring services
  • Legitimate Interest (Art. 6(1)(f)): Security, fraud prevention, and service improvement
  • Legal Obligation (Art. 6(1)(c)): Compliance with tax and accounting requirements

4. Cookies and Local Storage

We use only strictly necessary technologies for the operation of our website:

HTTP Cookies

Name Purpose Duration
access_token Authentication (keeps you logged in) 24 hours

Browser Local Storage

Name Purpose
ew-theme Your preferred color theme (dark/light)
timezoneDisplayMode Your preferred timezone display
cookie-consent Records that you've seen the cookie notice

We do not use tracking cookies, advertising cookies, or third-party analytics.

5. Third-Party Services

We use the following third-party services to operate ExeWatch:

These services may process data in the United States. Transfers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.

6. Data Retention

We retain your data for the following periods:

  • Account data: Until you delete your account
  • Log data: According to your subscription plan:
    • Hobby (Free): 7 days
    • Pro: 30 days
    • Business: 90 days
  • Billing records: 10 years (legal requirement)
  • Contact form submissions: 2 years

Backup Retention

We maintain regular database backups for disaster recovery purposes. Important information about backups:

  • Backup frequency: Daily automated backups
  • Backup retention: 30 days
  • Deleted data in backups: When you delete data or your account, the deletion applies immediately to the active database. However, deleted data may persist in backup snapshots until those backups expire (maximum 30 days).
  • GDPR compliance: This backup retention is considered "technically feasible" under GDPR Article 17(1), as immediate backup purging would compromise system integrity and disaster recovery capabilities.
  • Security: All backups are encrypted and stored securely with access restricted to authorized personnel only.

After 30 days, old backups are automatically deleted, ensuring deleted data is completely removed from our systems within this timeframe.

7. Data Security

We implement appropriate technical and organizational measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS 1.3)
  • Secure password hashing (bcrypt)
  • HTTP-only, secure cookies
  • Regular security updates and monitoring
  • Access controls and audit logging

8. Your Rights (GDPR)

Under the General Data Protection Regulation, you have the right to:

  • Access - Request a copy of your personal data
  • Rectification - Correct inaccurate personal data
  • Erasure - Request deletion of your data ("right to be forgotten")
  • Restriction - Limit how we process your data
  • Portability - Receive your data in a machine-readable format
  • Object - Object to processing based on legitimate interest

To exercise these rights, contact us at exewatch@bittime.it. We will respond within 30 days.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali).

9. SDK Data Processing

When you use our SDK to collect logs from your applications:

  • You are the Data Controller for data collected from your end users
  • We act as Data Processor on your behalf
  • You are responsible for informing your users about data collection
  • A Data Processing Agreement (DPA) is available to view online

Data Collected by the Delphi Native SDK

On desktop, server, and mobile platforms (Windows, Linux, macOS, Android), the SDK automatically collects:

  • Device identifier: composed as username@hostname (e.g., jack@MYWORKLAPTOP), where username is the currently logged-in operating system user and hostname is the machine name
  • System info: OS version, timezone, locale, system language
  • Hardware info: CPU model, core count, RAM, disk drives, screen resolution
  • Application info: executable path, file version, working directory
  • Log events: level, message, tag, thread, timestamps, session ID (random per app run)
  • Performance data: operation names and durations (if timing is used)

Data Collected by the JavaScript SDK

In browser environments, the SDK does not have access to the OS username or hostname. Instead, it generates a random persistent device ID stored in the browser's localStorage. No personally identifiable device information is collected. The SDK collects:

  • Device identifier: random 8-character string (e.g., a3f8b2c1)
  • Browser info: user agent, screen size, language
  • Log events: level, message, tag, timestamps, session ID

10. Age Requirement

ExeWatch is intended for users aged 16 and above. We do not knowingly collect personal data from individuals under 16 years of age. By creating an account, you confirm you are at least 16 years old (GDPR Art. 8). If we become aware that we have collected data from a person under 16 without appropriate consent, we will delete that data promptly.

11. Data Protection Contact

As a small company not required to appoint a formal Data Protection Officer under GDPR Art. 37, we have designated a Data Protection Contact who oversees our privacy compliance:

12. Automated Decision-Making

ExeWatch does not engage in automated decision-making or profiling that produces legal effects or similarly significant effects on users (GDPR Art. 22). Alert notifications are based on user-configured thresholds and do not constitute automated individual decision-making.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a notice on our website. The "Last updated" date at the top indicates when this policy was last revised.

14. Contact Us

For any questions about this Privacy Policy or to exercise your rights:

ExeWatch is a service of bit Time Professionals s.r.l.

Back to Home
© 2026 ExeWatch by bit Time Professionals