Privacy Policy

This Privacy Policy describes how Prince Holdings LLC (“we”, “us”, or “our”), a Delaware limited liability company operating Talon (“the Service”) at talonwatch.com, collects, uses, and protects information. By using the Service you agree to the practices described here.

Email: admin@prince-holdings.com

• To run the security scan you requested and deliver your report.
• To send transactional emails: report delivery, scan status, payment confirmations, account magic links.
• To manage your account, subscription, and billing.
• To respond to support and contact requests.
• To detect abuse, enforce our Terms of Service, and maintain security of the Service.
• To comply with legal obligations.

We do not sell your personal data. We do not use your data for advertising.

If you are located in the European Economic Area or United Kingdom, our legal bases are:

• Contract performance — processing necessary to deliver the Service you purchased or requested.
• Legitimate interests — server logging, abuse prevention, and service security, where not overridden by your rights.
• Legal obligation — where required by applicable law.
• Consent — where you have given explicit consent.

We share data only with providers necessary to operate the Service:

• Supabase — database, authentication, and file storage.
• Stripe — payment processing. Subject to Stripe's Privacy Policy.
• Resend — transactional email delivery.
• Vercel — frontend hosting.

All providers are bound by data processing agreements. We do not share your personal data with any other third parties except where required by law or valid legal process.

• Test credentials — for one-time scans, deleted immediately after the scan completes. For monthly subscriptions, stored encrypted for the duration of the active subscription and deleted within 30 days of cancellation.
• GitHub installation ID — stored for monthly subscribers for the duration of the active subscription. Access tokens are never stored; generated fresh at scan time and discarded.
• Scan reports and findings — retained unless you request deletion.
• Account data — retained while your account is active; deleted within 30 days of an account deletion request.
• Server logs — up to 90 days.
• Payment records — retained as required by tax and financial regulations (typically 7 years).

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data. You can delete your account from the Settings page, which cancels your subscription and removes your profile. Scan reports may remain accessible via their PIN unless you separately request their deletion.
• Restrict or object to certain processing.
• Portability — receive a copy of your data in a structured, machine-readable format.
• Withdraw consent where processing is based on consent.

To exercise any of these rights, email admin@prince-holdings.com or use the contact form. We will respond within 30 days. We may request identity verification before fulfilling the request.

We use strictly necessary cookies only: session cookies to maintain your logged-in state, and cookies set by Stripe during the checkout process. We do not use analytics, advertising, or third-party tracking cookies. No consent banner is required because we do not set non-essential cookies.

The Service is intended for adults and businesses only. We do not knowingly collect personal information from anyone under the age of 18. If you are under 18, do not use the Service or submit any personal information. If we discover we have collected data from a person under 18 without verified parental consent, we will delete it promptly. If you believe we may have collected data from a minor, contact us at admin@prince-holdings.com immediately.

We implement technical and organisational safeguards including encrypted storage, scoped database access controls, and short-lived credential handling. Scan credentials are encrypted at rest and deleted after use. No internet transmission is 100% secure; we cannot guarantee absolute security but maintain commercially reasonable safeguards appropriate for the nature of the data we process.

We are based in the United States. If you access the Service from outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate. Where required by applicable law, we rely on appropriate transfer mechanisms (such as standard contractual clauses) for transfers from the EEA or UK.

If you are a California resident, you have the right to:

• Know what personal information we collect, use, and disclose.
• Request deletion of your personal information.
• Opt out of the sale or sharing of personal information. We do not sell or share personal information.
• Correct inaccurate personal information.
• Limit use of sensitive personal information. We do not use sensitive personal information for purposes beyond providing the Service.
• Non-discrimination for exercising your privacy rights.

To exercise these rights, email admin@prince-holdings.com.

We may update this Privacy Policy periodically. Changes are effective when posted on this page with an updated effective date. For material changes, we will notify registered users by email. Continued use of the Service after the effective date constitutes acceptance.

For privacy questions, data requests, or concerns:

Email: admin@prince-holdings.com

Contact form: talonwatch.com/contact