Legal

Privacy Policy

Last updated: February 21, 2026

Introduction

RPA Watch ("we", "us", or "our") is operated by Relabs. This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you use our platform at rpawatch.com and related services (the "Service").

By using RPA Watch, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

Data We Collect

Account Information

  • Full name and email address
  • Organization/company name
  • Password (stored securely using industry-standard hashing)
  • Microsoft Entra ID profile data (if you sign in via Microsoft)

RPA Process Data

  • Process (flow) names, statuses, and execution logs
  • Job (run) details including start/end times and outcomes
  • Robot and schedule configurations
  • File attachments uploaded to processes

Usage & Technical Data

  • IP address and browser user-agent
  • Pages visited and features used
  • API request logs for security and debugging
  • Cookies and similar technologies (see Cookie Policy below)

How We Use Your Data

  • Providing the Service: To operate, maintain, and improve RPA Watch, including monitoring your RPA processes and generating analytics.
  • Authentication & Security: To verify your identity, manage access control, and protect against unauthorized access.
  • Communication: To send transactional emails such as invitations, password resets, and important service notifications.
  • Support: To respond to your inquiries and provide technical assistance.
  • Legal Compliance: To comply with applicable laws, regulations, and legal processes.

Data Sharing & Disclosure

We do not sell your personal data. We may share your data only in the following circumstances:

  • Within Your Organization: Data is shared with other members of your tenant and accounts based on their roles and permissions.
  • Service Providers: We use trusted third-party services for hosting, email delivery, and payment processing. These providers only access data necessary to perform their functions.
  • Legal Requirements: We may disclose data if required by law, court order, or governmental request.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures, including:

  • Encryption of data in transit (TLS/SSL) and sensitive data at rest (AES-256)
  • Secure password hashing with bcrypt
  • Role-based access control and tenant-level data isolation
  • Regular security audits and vulnerability assessments
  • Comprehensive audit logging of administrative actions
  • Rate limiting and brute-force protection on authentication endpoints

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

Data Retention

We retain your personal data for as long as your account is active or as needed to provide the Service. RPA process data (flows, jobs, run details) is retained according to your organization's subscription plan.

Upon account deletion or request, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

Cookie Policy

We use cookies and similar technologies to:

  • Essential Cookies: Maintain your authentication session and remember your preferences. These are necessary for the Service to function.
  • Analytics Cookies: Understand how visitors interact with our marketing site to improve the user experience.

You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent you from using certain features of the Service.

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing of your data for certain purposes.
  • Restriction: Request restriction of processing in certain circumstances.

To exercise any of these rights, please contact us at [email protected] or through our contact page. We will respond within 30 days.

International Data Transfers

Your data may be processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers in compliance with applicable data protection laws, including the use of standard contractual clauses where required.

Children's Privacy

RPA Watch is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: