Nightwatch logo
'Nightwatch' text with white and gray letters
HomeMapNewsMilitary PulseSituation ReportsDaily ReportsList View
Sign In
Contact Support

Privacy Policy

Last updated: 23 June 2025

Who we are

Nightwatch (“Service,” “we,” “our,” “us”) is provided and controlled by:

Aleksi Lemmetyinen (sole proprietor)
support@nightwatch.services

Scope

This Privacy Policy explains how we collect, use, share and protect personal data when you:

  • visit nightwatch.services or its sub-domains;
  • use our APIs, dashboards or email digests;
  • sign in with Google, Twitter or GitHub OAuth.

The data we collect

A. Data you give us through OAuth

  • email address (primary identifier)
  • public profile name, photo and provider account ID

B. Data we generate or observe

  • subscription tier, billing status (via Stripe)
  • API usage logs: endpoints, timestamps, IP address
  • access-control flags (admin privileges)
  • server logs and error reports

C. Cookies & local storage

  • NextAuth.js session cookie (encrypted JWT) – required for login
  • No advertising, analytics or third-party tracking cookies.

Purposes & legal bases (GDPR Art. 6)

  • Perform our contract with you – provide the Service, authenticate users, enforce rate limits.
  • Legitimate interests – secure the platform, prevent fraud, improve features.
  • Consent – marketing e-mails (opt-in only).
  • Legal obligation – tax, accounting and consumer-protection laws.

How we share data

  • Stripe – payment processing (card data never touches our servers).
  • OpenAI – processing user-submitted text to create AI summaries.
  • Copernicus/Sentinel – satellite-imagery queries (geo-coordinates only).
  • Currents API – news aggregation searches.
  • OAuth providers – as required for sign-in and user-info sync.

All vendors are bound by data-processing agreements and may process data only on our instructions.

International transfers

Our servers are currently hosted in the European Economic Area (EEA). If we later transfer data outside the EEA we will rely on EU adequacy decisions or Standard Contractual Clauses (SCCs) per GDPR Art. 46.

Retention

  • Account data: kept as long as your account is active and up to the maximum period allowed by applicable law after closure.
  • Back-ups: rolling seven-day encrypted snapshots.
  • API logs: up to 24 months, then anonymised or deleted.

Your rights

If you are in the EU/EEA you have the right to access, correct, delete, restrict or port your data, and to object to processing. Contact privacy@nightwatch.services.

California residents have CCPA rights to know, delete and opt-out of “sale” (we do not sell personal data).

We will respond within one month (GDPR) or 45 days (CCPA). You may lodge a complaint with the Finnish Data Protection Ombudsman.

Security

We use TLS 1.2+, encryption at rest, least-privilege access controls, daily backups and routine penetration-testing. No method is 100% secure; you use the Service at your own risk.

Children

Nightwatch is not directed to children under 16. We do not knowingly collect data from minors. If we learn we have done so, we will delete it.

Changes

We may update this Policy for legal or operational reasons. We will post the new version and, for material changes, email or in-app notify you at least 14 days before it takes effect.

Contact

Data-Protection Officer: Aleksi Lemmetyinen
privacy@nightwatch.services
Graniittitie 20 A 34, 01150 Söderkulla, Finland