Privacy Policy

SourceWatch is an AI-search analytics service operated by Enzak Inc (“we”, “us”). This policy explains what we collect, why, and your choices. Questions? Reach us through our contact form.

We act in two roles: as a controller for information about our customers and site visitors to SourceWatch; and as a processor for the analytics data our capture layer collects on the websites our customers choose to track (the customer is the controller of that data).

Account data. When you sign in we process your email address and any name or branding you add. Authentication is handled by our infrastructure provider; we store an allow-list of who may access each workspace.

AI-visibility data. To run visibility checks we send the prompts and brand/competitor terms you configure to third-party AI engines and a search-volume provider, and store their responses.

First-party AI traffic (the capture layer). When you install our Cloudflare Worker, a server snippet, or the browser tag on a site you control, we record AI crawler and AI referral events: the request path and host, user-agent, referrer, UTM parameters, country, and HTTP status.

• We do not store raw visitor IP addresses. Crawler IPs are used only to verify a bot is genuine, then discarded. For human visitors we store only a truncated, irreversible SHA-256 hash of the IP — never the IP itself.
• Our tracking is cookieless. The capture layer sets no cookies and does not fingerprint or follow individuals across sites.

Cookies. We use a strictly-necessary session cookie to keep you signed in, a cookie that records your cookie-consent choice, and — only if you consent — Google Analytics cookies on our marketing site. See our Cookie Policy.

• Provide, operate, and secure the service and your dashboards.
• Run the AI-visibility checks and traffic analytics you request.
• Communicate with you about your account, support, and (where permitted) product updates.
• Detect, prevent, and investigate abuse, fraud, and security incidents.
• Comply with legal obligations.

Where GDPR/UK GDPR applies, we rely on: performance of our contract with you (providing the service); our legitimate interests (securing and improving the service); your consent (non-essential analytics cookies); and compliance with legal obligations.

We share data only with vendors who process it on our behalf under contract, including:

• Cloud database, authentication, and hosting providers that run the application and store your data.
• A content-delivery / edge provider for the capture worker and site delivery.
• An email provider for transactional and alert messages.
• AI engines (e.g. OpenAI, Anthropic, Google, Perplexity) and a search-volume provider — these receive the prompts and terms you configure to produce visibility results, not your site visitors’ data.
• Google Analytics on our marketing site, only with your consent.

We do not sell your personal information.

We keep account data while your account is active and as needed to provide the service. Analytics events are retained for the period associated with your plan and then pruned; aggregated, non-identifying data may be kept longer. You can request deletion via our contact form.

We protect data with encryption in transit, tenant isolation (row-level security), least-privilege access, and the IP-minimization described above. No method of transmission or storage is perfectly secure, but we work to protect your information and review our controls.

We and our providers may process data in countries other than yours. Where required, we use appropriate safeguards (such as Standard Contractual Clauses) for such transfers.

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict processing, and to withdraw consent. To exercise any of these, use our contact form. If we process data on a customer’s behalf (visitors to a tracked site), please contact that site’s operator.

SourceWatch is a business tool not directed to children and is not intended for anyone under 16.

We may update this policy; we’ll revise the “last updated” date and, for material changes, provide additional notice. Questions or requests: please use our contact form.