Privacy Policy

1. About This Policy & Accountability

WatchGuardLite (“we,” “us,” or “our”) operates the watch ownership registry at watchguardlite.ca. This policy explains how we collect, use, disclose, and protect your personal information in accordance with Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.

The designated Privacy Officer accountable for compliance can be reached at: privacy@watchguardlite.ca

2. Information We Collect & Why

We collect personal information only for the purposes identified below, at or before the time of collection:

• Account information – full name, email address, phone (optional), city, province, country – to create and manage your registry account.
• Watch details – brand, model, serial number, reference number, purchase date, photos – to generate your ownership record and Vault ID certificate.
• Government ID (optional) – uploaded only for verified ownership dispute resolution. Stored encrypted; never used for any other purpose.
• Proof of purchase – receipts or certificates of authenticity, stored securely and accessible only to you and, on your request, support staff.
• Payment information – processed by our payment processor; WatchGuardLite does not store full card numbers.
• Technical data – IP address, browser type, pages visited – collected automatically for security monitoring and platform improvement.

3. How We Use Your Information

Your information is used solely to:

• Provide, operate, and improve the WatchGuardLite registry and related services.
• Generate and maintain your watch ownership record and Vault ID.
• Respond to support requests you initiate.
• Process payments for paid registration tiers.
• Detect, investigate, and prevent fraud or misuse of the platform.
• Comply with applicable law or respond to valid legal requests.

We do not use your personal information for advertising, profiling, or sale to third parties.

4. Third-Party Service Processors

To operate the platform we engage the following categories of processors, each bound by confidentiality and data-protection obligations:

• Web hosting – our hosting provider stores all site data on servers located in Canada or the United States.
• Email delivery – a transactional email service is used to send registration confirmations and account notifications.
• Payment processing – payment card data is handled by a PCI-DSS-compliant payment processor. WatchGuardLite receives only a transaction token.
• Backup & recovery – encrypted site backups are retained by a third-party backup service.

We do not sell, rent, or trade your personal information to any third party for commercial purposes.

5. Watch Serial Numbers & Technical Data

Serial numbers, reference numbers, model and brand information are stored encrypted at rest and used solely to create your ownership record and enable third-party verification. Serial numbers are never displayed publicly. They may be disclosed only to law enforcement with a valid legal order, or to a verified insurer acting on a confirmed claim you initiated.

6. Stolen Watch Reports

If you file a stolen watch report, the watch’s reference data (serial number, model, brand, photo) may be shared with our watch intelligence database, accessible to verified law enforcement, licensed insurers, and authorized resellers. Your personal contact information is not included in public stolen listings. You may withdraw a stolen report at any time from your account dashboard.

7. Insurance & Law Enforcement Disclosure

WatchGuardLite may share watch registration or stolen report data with licensed Canadian insurance providers and law enforcement agencies when: (a) you initiate a claim or report, (b) a valid legal request or court order is received, or (c) you explicitly authorize the disclosure. We do not proactively share data without your consent or a lawful order. All third-party disclosures are logged and records retained for 7 years.

8. Data Retention

We retain your personal information for as long as your account is active plus a minimum of 5 years after account closure, to satisfy legal and insurance record-keeping obligations.

• Government ID uploads – deleted within 90 days of account closure or upon your written request, whichever comes first.
• Payment transaction records – retained for 7 years as required by Canadian tax law.
• Stolen watch reports – retained for the life of the report plus 3 years after withdrawal.
• Technical/server logs – retained for 90 days, then automatically deleted.

9. Your Rights (Access, Correction & Deletion)

Under PIPEDA you have the right to:

• Access – request a copy of the personal information we hold about you.
• Correction – request that inaccurate or incomplete information be corrected.
• Deletion – request deletion of your personal information, subject to legal retention obligations.
• Withdraw consent – withdraw consent to non-essential uses of your data at any time (see Section 10).

To exercise any of these rights, email privacy@watchguardlite.ca with the subject line “Privacy Request.” We will respond within 30 days. If you are unsatisfied with our response, you may contact the Office of the Privacy Commissioner of Canada.

10. Consent & How to Withdraw It

By registering an account and submitting your information, you consent to the collection, use, and disclosure of your personal information as described in this policy.

You may withdraw consent to non-essential data uses (e.g., platform improvement analytics) at any time by:

• Emailing privacy@watchguardlite.ca with subject “Withdraw Consent,” or
• Closing your account via your account dashboard (Settings → Close Account).

Note: withdrawing consent to essential uses (e.g., storing your ownership record) will require account closure and may affect your ability to use the registry.

11. Data Security

We implement industry-standard safeguards including encryption at rest for sensitive fields (serial numbers, government ID), TLS encryption in transit, access controls limiting staff access to personal data, and regular security reviews. No system is completely immune to breach; however, we take reasonable and appropriate technical and organizational measures to protect your information.

12. Breach Notification

In the event of a breach of security safeguards involving your personal information that poses a real risk of significant harm, WatchGuardLite will:

• Notify the Office of the Privacy Commissioner of Canada as soon as feasible.
• Notify affected individuals directly by email to the address on file.
• Maintain a record of all breaches for a minimum of 24 months.

Notifications will describe the nature of the breach, the information involved, steps taken to reduce risk, and what you can do to protect yourself.

13. Contact

For any privacy questions, access requests, or complaints:

Privacy Officer, WatchGuardLite
Email: privacy@watchguardlite.ca
Support: support@watchguardlite.ca