Skip to main content
DeviceWatchDeviceWatchBack to Home

Privacy Policy

Last updated: March 2026

1. Introduction

DeviceWatch ("we," "our," or "us") operates the DeviceWatch platform at devicewatch.app. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use our service.

DeviceWatch is a SaaS platform that analyzes publicly available FDA MAUDE (Manufacturer and User Facility Device Experience) data. We do not process, store, or have access to protected health information (PHI).

2. Information We Collect

Account Information

When you create an account, we collect the following information:

  • Full name
  • Email address
  • Company name
  • Job title or role
  • Password (stored in hashed form)

Usage Data

We collect information about how you interact with our platform, including product codes you monitor, features you use, and actions you take within the application. This data helps us improve our service and provide relevant functionality.

Publicly Available FDA Data

DeviceWatch processes adverse event reports from the FDA MAUDE database, which is publicly available through the openFDA API. This data does not contain personally identifiable health information. We do not collect, process, or store any protected health information (PHI).

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the DeviceWatch platform
  • Send weekly email digests and safety signal alerts via our email provider, Resend
  • Authenticate your sessions and maintain account security
  • Provide AI-powered analysis of FDA adverse event data using Claude by Anthropic
  • Communicate with you about your account and our service
  • Comply with legal obligations

4. AI Processing

DeviceWatch uses artificial intelligence (Claude by Anthropic) to analyze and summarize publicly available FDA MAUDE adverse event reports. The AI processes clinical narrative text from these public reports to extract failure modes, severity levels, and generate executive summaries. Your personal account information is not sent to the AI for analysis. AI-generated summaries are stored within our platform and associated with your account configuration.

5. Cookies and Tracking

DeviceWatch uses cookies solely for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Our authentication cookies are essential for the service to function and cannot be disabled while using the platform.

6. Data Sharing

We do not sell, rent, or trade your personal information to third parties. We share data only with the following service providers, solely to operate our platform:

  • Supabase — database hosting and authentication
  • Vercel — application hosting and deployment
  • Anthropic (Claude) — AI analysis of public FDA data
  • Resend — transactional and digest email delivery

We may also disclose your information if required by law, legal process, or governmental request.

7. Data Storage and Security

Your data is stored securely in Supabase-managed databases with encryption at rest and in transit. We implement industry-standard security measures including access controls, audit logging, and session management in alignment with 21 CFR Part 11 requirements.

8. Data Retention

We retain your account data for as long as your account is active and you continue to use our service. If you request account deletion, we will delete your personal information within 30 days of your request, except where retention is required by law or for legitimate business purposes such as maintaining audit logs.

9. Your Rights (GDPR and CCPA)

Regardless of your location, we provide all users with the following rights:

  • Right to Access — request a copy of the personal data we hold about you
  • Right to Rectification — request correction of inaccurate personal data
  • Right to Erasure — request deletion of your personal data
  • Right to Data Portability — request an export of your data in a machine-readable format
  • Right to Object — object to processing of your personal data

To exercise any of these rights, please contact us at support@devicewatch.app. We will respond to all requests within 30 days.

10. Children's Privacy

DeviceWatch is a business-to-business service and is not directed at children under the age of 16. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

support@devicewatch.app

DeviceWatchDeviceWatch
Privacy PolicyTerms of Service

© 2026 DeviceWatch. All rights reserved.