We will update the policies as needed, but you will not be notified of changes.
If you have any questions, comments, or concerns, please send an email to [email protected]
Last updated 10/01/2020.
We are a privacy respecting company. We only do things in the best interests of our users.
None of the information we collect, outlined here, is ever sold, given to, or otherwise provided to any company other than the companies listed in the "Informaton Shared" section.
We collect everything you tell us, in addition to some data to help us improve NorthWatch.
When you create an account, you give us your Email, your Name (First and Last), and you set a password.
Once you have created your account, you are able to login and change settings.
In addition to settings, whenever your account is accessed, we collect and store the IP address used to login to the account.
This is visible in the Scambaiter Panel, and helps aid in the process of reporting scammers.
As with all other data, we use IP addresses to help catch scammers using NorthWatch.
By using NorthWatch, you agree to our usage of your data to help stop scammers from using the platform.
All settings are stored, so we can use them later to improve your experience.
We share information with Stripe, our payment processor, if you choose to upgrade your NorthWatch account.
This information is limited to the email address associated with your NorthWatch account, and any additional information you provide (credit card number, billing address, etc.).
We do not collect addition information other than what Stripe provides to us, and we only use the information provided to us by Stripe to prevent fraud and scammers from using the platform.
Upon requesting a password reset, the email address associated with your NorthWatch account is shared with MailGun, a transactional email provider. Your email address is only used for sending "Password Reset" emails, allowing you to reset your NorthWatch account password. You may opt out of these emails by using a fake email address, or by not requesting a password reset.
We use a veriety of Cloudflare services. Cloudflare logs IP addresses for the purposes of mitigating DDOS attacks, employing Rate Limiting, and blocking certain countries from using certain features. Cloudflare shares our values for user privacy.
Upon resetting your password, you will see an hCaptcha that you must solve to recieve your password reset email. We use this captcha strictly to prevent bots from sending massive amounts of password reset emails, and charging us money. Without hCaptcha, we would not be able to provide the password reset service. We do not explicitly provide information to hCaptcha, but they collect some data about your browser, etc. Similar to Cloudflare, they share a values for user privacy.
We use ProxyNet to allow scambaiters to know if the IPs used to log into NorthWatch were using a VPN.
The NorthWatch Newsletter uses MailChimp's TinyLetter service. TinyLetter allows us to deliver our newsletter at scale, without having to spend significant amounts of money. Your email address is only shared with MailChimp if you choose to sign up for the NorthWatch Newsletter.
We use AdEx to serve privacy respecting ads. When we made the decision to include ads on NorthWatch, AdEx was the only platform that fit our requirements for user privacy.
Terms of Service
Last updated 10/01/2020.
Additionally, you agree to follow any applicable laws while using NorthWatch, including but not limited to Copyright.
Feedback, Suggestions, and Ideas
We love to hear from users, and you can leave suggestions on various platforms, including but not limited to, the Forums, or via email ([email protected]).
By sending us feedback, you agree that,
(i) we are under no obligation to act on the feedback provided,
(ii) we are under no obligation of confidentiality,
(iii) by providing feedback, you grant us an irrevocable, non-exclusive, royalty-free, perpetual, worldwide license to use, modify, prepare derivative works from, publish, distribute, and sublicense the Feedback, regardless of any termination to your account, or NorthWatch or sections thereof,
(iiii) to your knowledge, your feedback does not violate the rights of any person or entity, and
(iiiii) your feedback does not contain confidential information.
Intellectual Property and Branding
Unless otherwise noted, all rights (including but not limited to, graphics, designs, artwork, logos, images, sounds), referred to as Branding Materials, are owned by NorthWatch and/or third party licensees.
You agree that you will not use, modify, copy, distribute, frame, reproduce, republish, download, scrape, display, post, transmit, or sell in any form or by any means, in whole or in part, or otherwise exploit the NorthWatch Branding materials.
Additionally, if you would like to promote NorthWatch, or use the NorthWatch Branding Materials, you must get explicit permission. To acquire permission, please email [email protected].
All rights not explicitly permitted in these terms are reserved for NorthWatch and third party licensees.
VPN and Proxy Checking Through ProxyNet
In order to allow scambaiters to know if a given login (as seen on the "Access Logs" page within the scambaiter panel) used a VPN, we use the ProxyNet API to detect usage of a VPN or Proxy on all Login pages.
By submitting the login form form on any of the above pages, you agree for your IP address to be sent to ProxyNet for analysis.
Your Rights to use NorthWatch
NorthWatch is a Fake Bank used to mess with refund scammers.
Additionally, we have a Forum platform that allow user interaction.
While we do moderate all sections of NorthWatch that contain user interaction to the best of our abilities, we are under no obligation to do so, and are not responsible for user generated content.
NorthWatch additionally allows you to purchase PRO, a digital upgrade to your NorthWatch account that allows you to access additional features and content.
Subject to compliance with these terms, we grant all users a limited, revocable, non-exclusive, non-transferable, non-sublicensable license to use and access NorthWatch.
By using NorthWatch and subsequently agreeing to these terms, you agree not to (and not to attempt to)
(i) use NorthWatch for any purpose other than as explicitly permitted by these terms,
(ii) copy, adapt, change, create derivative works based upon, distribute, license, sell, transfer, publicly display or perform, transmit, stream, broadcast, attempt to discover any source code, reverse engineer, decompile, disassemble, otherwise exploit, or
(iii) use data mining, spiders, bots, or similar data gathering/extraction and tools on NorthWatch, other than our official API(s).
The only exception to the above are for security researchers, during the process of finding and confirming vulnerabilities. This exception is only allowed while following the Vulnerability Disclosure Program Guidelines, found below. If the Vulnerability Disclosure Guidelines are broken in the process of finding and confirming vulnerabilities, your usage of NorthWatch no longer falls under this exception and you are subject to the standard NorthWatch terms.
No licenses or rights are ever granted by implication, all licenses and rights must be explicitly stated.
NorthWatch reserves the right to modify or discontinue NorthWatch (or any part thereof) at any time for any reason with or without notice.
If you violate these terms, we reserve the right to respond in any way necessary, including but not limited to, account closure/termination, warnings, or notifications.
NorthWatch additionally reserves the right to refuse access to NorthWatch or terminate your NorthWatch account without notice for any reason, including but not limited to a violation of the Terms of Service.
We use third-party services to help provide NorthWatch, but such use does not indicate that we endorse said third party services.
Finally, we are not responsible for any loss or damage caused, directly or indirectly, by a third party.
We use advertisements, placed on NorthWatch, to help support the hosting and ongoing development of the project.
We ask that you white list us on your AdBlocker, as we only show ads that have been tested, by us, to respect your privacy.
You can disable ads by purchasing any NorthWatch Product.
We currently partner with AdEx to deliver ads.
Your User Account
You are responsible for your login credentials, and actions taken by people logged in using your account.
Upon going to the NorthWatch website (or launching the NorthWatch desktop/mobile application(s)), you will be prompted to create an account or register.
You will be required to provide a First and Last Name, Email, Password, and Scambaiter Password.
These do not need to be valid, and we do not check, confirm, or otherwise research user information.
After registration, you may be prompted to set a Forum display name.
We reserve the right to
(i) reject any display name or to terminate your displayname, or
(ii) prevent use of a display name in our sole discretion.
You understand and agree that other users may have the same or similar display names as you.
You are responsible for maintaining the confidentiality of your log-in credentials.
You are additionally fully responsible for all activities that occur through the use of your credentials.
By using NorthWatch, you agree that we will not be liable for any loss or damage from any use of your credentials, regardless of if the usage was authorized.
You may terminate your NorthWatch account at any time for any reason by creating a Moderator Message (through the NorthWatch Forums New Post section) with the Title line of Account Termination, or by sending an email to [email protected] from the email associated with your account, with the subject of Account Termination.
We attempt to follow all termination requests within 14 business days.
Limitation of Liability
TO THE MAXIMUM EXTENT PERMITTED BY LAW, IN NO EVENT WILL NORTHWATCH, BE LIABLE TO YOU OR TO ANY THIRD PERSON FOR ANY CONSEQUENTIAL, INCIDENTAL, SPECIAL, PUNITIVE OR OTHER INDIRECT DAMAGES, INCLUDING ANY LOST PROFITS OR LOST DATA, ARISING FROM YOUR USE OF THE SERVICE OR OTHER MATERIALS ON, ACCESSED THROUGH OR DOWNLOADED FROM THE SERVICE, WHETHER BASED ON WARRANTY, CONTRACT, TORT, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT NORTHWATCH HAS BEEN ADVISED OF THE POSSIBILITY OF THESE DAMAGES.
NORTHWATCH SHALL NOT BE LIABLE TO YOU FOR MORE THAN THE GREATER OF (A) THE AMOUNT YOU HAVE PAID TO US IN ACCORDANCE WITH THESE TERMS IN THE THREE (3) MONTHS IMMEDIATELY PRECEDING THE DATE ON WHICH YOU FIRST ASSERT A CLAIM OR (B) $100.
THE LIMITATIONS AND DISCLAIMERS IN THESE TERMS DO NOT PURPORT TO LIMIT LIABILITY OR ALTER RIGHTS THAT CANNOT BE EXCLUDED UNDER APPLICABLE LAW. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OF IMPLIED WARRANTIES OR LIMITATION OF LIABILITY FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES, WHICH MEANS THAT SOME OF THE ABOVE DISCLAIMERS AND LIMITATIONS MAY NOT APPLY TO YOU.
IN THESE JURISDICTIONS, NORTHWATCH’S LIABILITY WILL BE LIMITED TO THE GREATEST EXTENT PERMITTED BY LAW.
Additionally, NorthWatch is not responsible for, in any way, shape, or form, user-generated content, including but not limited to, Forum Posts.
THE SERVICES AND THE SERVICE MATERIALS ARE PROVIDED AS IS AND AS AVAILABLE WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, AND NON-INFRINGEMENT.
YOUR USE OF THE SERVICES IS AT YOUR SOLE RISK.
IN ADDITION, WHILE NORTHWATCH ATTEMPTS TO PROVIDE A GOOD USER EXPERIENCE, WE CANNOT AND DO NOT REPRESENT OR WARRANT THAT THE SERVICES WILL ALWAYS BE SECURE OR ERROR-FREE OR THAT THE SERVICES WILL ALWAYS FUNCTION WITHOUT DELAYS, DISRUPTIONS, OR IMPERFECTIONS.
THE FOREGOING DISCLAIMERS SHALL APPLY TO THE EXTENT PERMITTED BY APPLICABLE LAW.
In the event that there is a dispute, controversy or claim between you and NorthWatch, the parties agree to submit the matter to confidential and binding arbitration. The arbitration will be conducted as follows:
(i) NorthWatch will select one (1) single arbitrator to conduct the hearing,
(ii) The arbitration hearing shall be conducted by teleconference. NorthWatch may, in its discretion, allow the hearing to be conducted by another technology, so long as all the parties can communicate simultaneously. All notices, submissions, arguments and evidence will be submitted electronically by any method of electronic communication acceptable to the arbitrator and NorthWatch,
(iii) Regardless of the fact that the arbitration is being conducted electronically, the seat of the arbitration will be deemed as Los Angeles, California, United States,
(iiii) The language used shall be English,
(iiiii) Any judgment, decision or award rendered by any arbitrator pursuant to this section is final and binding upon you and NorthWatch, and not be the subject of any further court proceedings except in connection.
In the event that the arbitration claim above gives rise to any legal proceedings for any purpose whatsoever, NorthWatch hereby elects the judicial courts Los Angeles, California, United States as the proper forum for the hearing of said claims.
Except for any applicable rights of cancellation that you may have under applicable consumer protection laws, if you purchase anything from NorthWatch you cannot cancel it.
Given the low cost of NorthWatch products, products purchased cannot be returned without express authorization from an owner of NorthWatch.
Vulnerability Disclosure Program
Last updated 6/6/2020.
We investigate all reported security issues. It you discover a bug, flaw, or issue in our security, please get in touch by sending an email to [email protected] detailing the issue. Be sure to include Security Vulnerability in the subject line. We will respond as soon as possible.
We ask that you do not publicity disclose the issue until we have addressed it.
We ask that you use common sense when looking for and reporting bugs.
Vulnerabilities must be disclosed privately, and reasonable response time must be given.
You may not compromise accounts or funds other than your own, so be sure to only test on your own account(s).
Vulnerabilities in third-party applications used by NorthWatch are not eligible, please contact the owner(s) of the third party service(s).
We only award the first reported of a bug.
Bugs that are publicly disclosed without reasonable time to respond will not be rewarded, and may be met with legal action.
Whether to reward the disclosure of a specific bug is entirely at our discretion.
Testing may not violate any laws in applicable region(s).
We consider some vulnerabilities ineligible, including but not limited to,
denial of service,
content/text spoofing (via Inspect Element of similar),
unconfirmed reports from automated vulnerability scanners,
disclosure of webserver being used or software version(s),
hypothetical sub-domain takeovers without supporting evidence,
session invalidation or other improved-security related to account management when a credential is already known (e.g., password reset link does not immediately expire, adding MFA does not expire other sessions, etc.),
perceived security weaknesses without concrete evidence of the ability to compromise a user (e.g., missing rate limits, missing headers, etc.),
reports exploiting the behavior of, or vulnerabilities in, outdated browsers or other software that we do not directly control or have say in,
use of weak TLS ciphers,
SSRF (unless there is evidence that the vulnerability allows an attacker to access internal systems or user data).
We hope you can understand that we are an entirely donation-funded project.
As such, the most we can offer as a reward for responsible bug disclosure is a free license to NorthWatch PRO.
While the offer may be small, we cannot afford more, and we hope you will be willing to disclose the issue responsibly to potentially receive an reward, and avoid potential legal action.
To encourage responsible disclosures, we will not pursue civil action or initiate a complaint to law enforcement for good faith violations of the Terms of Service. We consider security research and vulnerability disclosure activities conducted consistent with this policy to constitute authorized conduct under the Computer Fraud and Abuse Act, the DMCA and applicable anti-hacking laws such as Cal. Penal Code 502(c). We waive any DMCA claim against you for circumventing the technological measures we have used to protect the applications in scope.
If legal action is initiated by a third party against you and you have complied with this bug bounty policy, we will take steps to make it known that your actions were conducted in compliance with this policy.
Please understand that if your security research involves the networks, systems, information, applications, products, or services of another party (which is not us), that third party may determine whether to pursue legal action. We cannot and do not authorize security research in the name of other entities.
You are expected, as always, to comply with all applicable laws.
Please get in touch with us by sending an email to [email protected] before engaging in conduct that may be inconsistent with or unaddressed by this policy.