Last updated: 5 April 2026
We collect different categories of information depending on how you interact with the Service:
| Data | Purpose | Retention |
|---|---|---|
| Email address | Account creation, login, and transactional emails (verification, password reset) | Until you delete your account |
| Password | Authentication (stored as a one-way bcrypt hash — we never store or see your plaintext password) | Until you delete your account |
| Display name (optional) | Shown alongside your activity within the platform | Until you delete your account |
| IP address | Rate limiting and abuse prevention (login lockout, signup throttle) | In-memory only, not persisted to disk |
| Currency preference | Display prices in your preferred currency | Until you delete your account |
| Watchlist entries | Your saved brand/model alerts | Until you delete your account |
| Contact form messages | To receive and respond to your inquiries | Until resolved and deleted by admin |
The watch listings displayed on Catch Watch are sourced from WhatsApp trading groups. Listing messages — including trader contact details, prices, and watch descriptions — are parsed by AI and stored to power the marketplace view. This data originates from messages voluntarily posted by traders in group chats and is not submitted by platform users.
We process this third-party data on the basis of legitimate interest: providing market intelligence to the luxury watch trading community. Traders whose information appears on the platform may contact us at support@catch.watch to request removal of their data.
We do not use your information for advertising, profiling, or marketing purposes.
We use the following third-party services to operate the platform:
We do not sell, rent, or share your personal information with any other third parties.
We use a single session cookie to keep you logged in. This cookie is:
We do not use tracking cookies, analytics scripts, or third-party cookies of any kind.
We protect your data with industry-standard security measures including encrypted connections (TLS), bcrypt password hashing, CSRF protection, rate limiting, and security headers. However, no system is 100% secure and we cannot guarantee absolute security.
You can at any time:
Account data is retained until you delete your account. When you delete your account, all personal data (email, password hash, display name, watchlist entries, and activity logs) is permanently removed.
The Service is not intended for anyone under 18 years of age. We do not knowingly collect information from children.
Your data is stored on servers located in Germany (Hetzner). If you access the Service from outside the European Union, your data may cross international borders. By using the Service, you consent to the transfer of your information as described in this policy.
We may update this Privacy Policy from time to time. We will indicate the date of the most recent update at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy.
For questions about this Privacy Policy or to exercise your data rights, contact us or email support@catch.watch.