Privacy Policy

Last updated: 2026-06-04

1. Introduction

ZenoWatch ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This privacy policy explains how we collect, use, store, and protect your information when you use our service.

2. Data Controller

ZenoWatch is the data controller for the personal data we process. For any privacy-related inquiries, please contact us at privacy@zenowatch.dev.

3. What Data We Collect

  • Account data: Email, name, username, avatar URL
  • GitLab tokens: OAuth access tokens and personal access tokens (encrypted)
  • Project data: Metadata about projects you choose to monitor
  • Webhook data: Merge requests, issues, pipeline statuses, and job data from GitLab
  • Usage data: API call counts, webhook event counts, token consumption
  • Billing data: Top-up amounts, token balances

4. Legal Basis for Processing

We process your data based on:

  • Consent: When you sign up and connect your GitLab account
  • Contract: To provide the monitoring service you requested
  • Legitimate interest: For security, fraud prevention, and service improvement

5. How We Use Your Data

  • To provide GitLab project monitoring and AI-powered insights
  • To process webhooks and keep your dashboard up to date
  • To calculate billing based on token usage
  • To send service-related notifications
  • To improve our service and fix issues

6. Data Retention

Project data is retained for 90 days by default (configurable per project). After the retention period, data is automatically deleted. Account data is retained until you delete your account.

7. Your Rights Under GDPR

  • Right to access: Export your data from the Privacy page
  • Right to rectification: Update your profile information
  • Right to erasure: Delete your account and all data from the Privacy page
  • Right to restrict processing: Disable monitoring for specific projects
  • Right to data portability: Download your data in JSON format
  • Right to object: Withdraw consent at any time

8. Data Security

GitLab tokens are encrypted at rest using AES-256-GCM. All communications use HTTPS/TLS. We never store your GitLab password.

9. Third Parties

We only share data with GitLab (to create webhooks and fetch project data) and optionally with LLM providers (OpenAI, Anthropic) for AI features if configured. We do not sell your data to any third parties.

10. Cookies

We use essential cookies for session management and authentication. We do not use tracking or advertising cookies.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any significant changes via email or through the service.