Privacy Policy

Effective date: March 6, 2026 · Last updated: March 20, 2026

1. Introduction

Watch Forte LLC ("Watch Forte," "we," "us," or "our") operates a luxury watch dealership management platform. This Privacy Policy explains how we collect, use, store, and protect your information when you use our services.

2. Information We Collect

We collect the following categories of information:

  • Account information — name, email address, and profile image provided via Google OAuth sign-in.
  • Business data — watch inventory listings, purchase and sale records, contacts, invoices, payment methods, and business settings you enter into the platform.
  • Financial data — bank account names, transaction descriptions, amounts, and dates imported via Plaid to support expense tracking, classification, and reconciliation. Plaid access tokens are encrypted at rest and revoked when you disconnect a bank or delete your account. Plaid collects and transmits this data subject to its own privacy policy.
  • Integration data — Shopify store information and product listings synced via our Shopify integration; Dropbox OAuth tokens and the folder paths you designate for photo sync.
  • Usage and technical data — IP address, browser type, device information, and session data collected automatically for security and analytics purposes.

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Watch Forte platform.
  • Authenticate your identity and manage your account session.
  • Sync data with third-party integrations you authorize (Shopify, Plaid, Dropbox).
  • Generate reports, invoices, and business analytics.
  • Monitor for security incidents and prevent unauthorized access.
  • Communicate important service updates.

4. Third-Party Services

Watch Forte integrates with the following third-party services, each governed by their own privacy policies:

  • Google — OAuth authentication for sign-in.
  • Plaid— bank account linking and transaction import for expense tracking. Plaid's data handling is governed by the Plaid End User Privacy Policy.
  • Shopify — product listing sync and store management.
  • Dropbox — photo sync from your Dropbox account. When you connect Dropbox, Watch Forte receives read-only access to your /Apps/WatchForte/ folder only. We read image files to attach them to your product listings. We do not write to, modify, or delete any files in your Dropbox. Your files remain stored in your Dropbox account at all times. You can disconnect Dropbox at any time from Settings, which immediately revokes our access token.
  • Sentry — error tracking and application monitoring (no personal data is intentionally sent).

5. Data Security

We implement the following security measures to protect your data:

  • All data in transit is encrypted using TLS 1.2 or higher with HSTS preloading enabled.
  • Sensitive tokens (OAuth, API keys) are encrypted at rest using AES-256-GCM encryption.
  • Authentication sessions use HTTP-only, secure, same-site cookies to prevent cross-site attacks.
  • All API endpoints enforce session-based access control with row-level data isolation.
  • Input validation is applied to all user-submitted data.

6. Data Retention and Deletion

Your data is retained for as long as your account is active. You may delete your account at any time from the Settings page. Account deletion is immediate and permanent — all associated data (listings, contacts, purchases, sales, invoices, expenses, bank connections, integrations, and settings) will be permanently removed from our systems. Plaid access tokens are revoked on Plaid's servers when you disconnect a bank account or delete your account. Dropbox access tokens are deleted from our systems when you disconnect Dropbox or delete your account.

If you connected a Shopify store, Shopify may independently request data redaction through their GDPR webhooks, which we process to remove Shopify-specific data.

7. Your Rights

You have the right to:

  • Access — view all data stored in your account through the platform.
  • Correction — update or correct your data at any time through the platform.
  • Deletion — permanently delete your account and all associated data.
  • Portability— export your data through the platform's reporting features.
  • Revoke integrations — disconnect third-party services at any time from Settings.

8. Consent

By creating an account, you consent to the collection and use of your information as described in this policy. For financial data imported via Plaid, consent is obtained through the Plaid Link authorization flow before any data is accessed.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the "Last updated" date at the top of this page. Continued use of the platform after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at privacy@watchforte.com.