Compliance
Buddy Watch is in private beta. This page summarizes the compliance posture we're building toward. The full privacy policy and terms of service will go live before public launch.
Frameworks we honor at launch
- GDPR — General Data Protection Regulation (EU residents).
- UK GDPR — the UK's post-Brexit equivalent; substantively the same as GDPR for our purposes.
- CCPA / CPRA — California Consumer Privacy Act + Privacy Rights Act (California residents).
- EU minor parental consent — GDPR Article 8, with member-state age-of-consent variation handled on signup.
Age
Buddy Watch is 13+. Signup blocks under-13 account creation entirely. For 13–15 year olds in EU member states with an age of consent above 13 (e.g. France 15, Germany 16, Ireland 16), a parental consent flow gates the account.
Your rights
Whether or not you live in a jurisdiction where these are legally required, Buddy Watch honors them for every account:
- Access — see the data we hold about you.
- Portability — export your data in a machine-readable format.
- Rectification — correct inaccurate data.
- Erasure — delete your account and the personal data tied to it. Audit-log entries are retained with the user reference scrubbed, which is the standard defensible posture under GDPR Article 17(3)(e).
- Opt-out of sale / sharing — moot for us because we don't sell or share personal data, but the right is honored on request anyway.
Frameworks that don't apply, and why
- COPPA (US Children's Online Privacy Protection Act) — Buddy Watch is 13+ at launch; under-13 collection is blocked.
- UK Children's Code — same reason.
- PCI DSS — no payments at launch. Future monetization uses Stripe Checkout (hosted page), keeping us in PCI's lightest scope (SAQ A).
- HIPAA — Buddy Watch doesn't collect or process health data.
- SOC 2 certification — not pursued at launch. Architecture decisions (RBAC, MFA + step-up, encryption at rest, audit logging) are made to keep future certification cheap when it becomes relevant for B2B partners.
Requests + questions
Email hello@buddywatch.online for any rights request, compliance question, or concern. We aim to respond within 30 days, the GDPR-default response window.