Vulnerability scanning • Real-time security alerts • AI Security Assistant
Ask questions about your security alerts
Click any website card to see its specific security issues and vulnerabilities.
Each alert shows exactly which website it affects. Click any alert for detailed remediation instructions.
We started SecureWatch because we saw a gap in the market. Small businesses and startups need security monitoring just as much as enterprises, but existing tools are either too expensive or too complicated. We're building a solution that changes that.
What we're building. SecureWatch automatically scans your website for common vulnerabilities—missing security headers, outdated libraries, weak encryption, and dangerous misconfigurations. When we find something, we show you exactly how to fix it, step by step, in plain English.
Where we are today. We're currently in early access, working closely with early users to refine and improve the platform. Your feedback shapes our roadmap.
Our commitment: Every business deserves good security, regardless of size or budget. That's why we offer 10 websites completely free, forever. No credit card required. No time limit.
To make website security monitoring accessible, understandable, and affordable for startups and small businesses.
Effective Date: January 15, 2026 | Version: 4.0
You must be at least 18 years old. You are responsible for maintaining the security of your account credentials. You may not share your account credentials with unauthorized users. We reserve the right to suspend accounts that provide false information.
Free Plan: 10 websites, basic security scanning, email alerts. No credit card required. No time limit.
Pro Plan ($15/month): Unlimited websites, advanced security scanning (50+ checks), 99.9% SLA with service credits, push notifications, 2FA security, priority email support, 12-month data retention, AI Security Assistant access.
Business Plan ($49/month): All Pro features plus dedicated account manager, 99.99% SLA, quarterly business reviews, 24-month data retention, 24/7 AI Chat Support.
All payments are processed securely via Stripe. Plans are billed monthly in advance. You may cancel at any time. No refunds for partial months. Taxes may apply based on your location.
You may not use SecureWatch to monitor illegal content, launch attacks, violate laws, or infringe on intellectual property. We reserve the right to suspend or terminate accounts for violations.
SecureWatch is not liable for indirect, incidental, or consequential damages exceeding the amount paid in the previous 3 months (or $100 if no payments made).
These terms are governed by the laws of the State of California. Disputes shall be resolved in San Francisco County courts or binding arbitration for claims under $10,000.
Effective Date: January 15, 2026 | Version: 4.1
At SecureWatch, we take your privacy seriously. We never sell your personal data.
Account Information: When you create an account, we collect your name, email address, company name (optional), and billing information. Credit card payments are processed securely by Stripe—we never store full credit card numbers.
Monitoring Data: Website URLs you choose to monitor, uptime metrics, security scan results, and alert history. This data is encrypted and used solely to provide you with monitoring services.
Usage Data: Anonymous analytics about how you use our platform to help us improve. You can opt out in account settings.
Technical Data: IP address, browser type, and device information for security purposes. Retained for 30 days.
Our platform is designed using security best practices and built with SOC 2 principles in mind.
To exercise your data rights: Use the "Account Data" section in your dashboard settings. You can export your data or delete your account instantly without waiting. For other requests, click the chat icon at the bottom right of any page to contact our support team. We aim to respond within 7 business days.
We retain monitoring data for 12 months on paid plans, 30 days on Free. Account data is retained until you request deletion using the "Delete Account" feature in your settings.
At Rest: AES-256 encryption for all stored data. All data is encrypted before storage in Google Cloud Firestore. Keys are managed by Google Cloud KMS with automatic rotation every 90 days.
In Transit: TLS 1.3 exclusively. We do not support older protocols (SSLv3, TLS 1.0, TLS 1.1) that have known vulnerabilities. All API endpoints require HTTPS with HSTS preloading.
Password Hashing: We use bcrypt with a work factor of 12. Each password is salted (unique 128-bit random data) before hashing to prevent rainbow table attacks.
Two-Factor Authentication (2FA): We support TOTP (Google Authenticator, Authy, Microsoft Authenticator). 2FA adds a second lock to your account - even if someone steals your password, they still need a 6-digit code from your phone.
Session Management: Sessions expire after 1 hour of inactivity. Failed login attempts are rate-limited: 5 attempts per minute, 20 per hour. After 50 failed attempts, account is locked for 15 minutes.
Report security issues through our chat widget or support channels. We commit to:
Version: 4.0 | Effective Date: January 1, 2026
Formula: Uptime % = (Total Time - Downtime) / Total Time × 100%
Downtime Definition: A service is considered "down" when it cannot be reached from at least 3 geographically distinct monitoring locations for 60 consecutive seconds.
Services Covered: Dashboard, API endpoints, and Alert Delivery system. Your website's uptime is excluded.
| Monthly Uptime | Pro Credit | Business Credit |
|---|---|---|
| 99.0% - 99.89% | 10% | 10% |
| 95.0% - 98.99% | 25% | 25% |
| Below 95.0% | 50% | 50% |
Maximum Credit: 50% of monthly fee. Credits expire after 90 days.
All plans include: 70+ global monitoring locations, AI Security Assistant, real-time alerts, security dashboards, and email support.
Need a custom enterprise plan? Chat with our sales team →