Last updated: March 2026

Overwatch Report ("we", "us", "our") is published by xbard, a sole trader based in Ireland. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and the Irish Data Protection Acts 1988–2018.

This policy explains what data we collect, why, and your rights regarding that data.

What We Collect

Analytics Data (Legitimate Interest)

When you visit our site, we record the following to understand how our content is performing:

  • Page path — which pages you visited
  • Referrer — the website that linked you here
  • User agent — your browser type (e.g. "Firefox on Linux")
  • IP hash — a one-way SHA-256 hash of your IP address (we never store your actual IP)
  • Session ID — a random identifier stored in a cookie (or_sid)

For articles, we also record:

  • Read time — how long you spent on the page
  • Scroll depth — whether you reached the end of the article

This data cannot identify you personally. We do not use third-party analytics services. All analytics data is stored on our own servers in Ireland.

Newsletter Subscription (Consent)

If you subscribe to our newsletter, we store:

  • Email address
  • Name (if provided)
  • Subscription source (e.g. "website")

You can unsubscribe at any time by contacting us.

Contact Form (Consent)

If you contact us through our contact form, we store:

  • Name
  • Email address
  • Subject and message

This data is used solely to respond to your enquiry.

Vote Alerts (Consent)

If you subscribe to vote alerts for upcoming EU or Oireachtas votes, we store:

  • Email address
  • Policy domain preferences (e.g. Environment, Trade)
  • Country focus (if specified)
  • Verification status

You can unsubscribe at any time using the link in every alert email. Email addresses are verified via double opt-in before any alerts are sent.

Supporter Access (Contract)

If you become a supporter, we store:

  • Email address
  • Name
  • Access token (stored in a cookie, or_supporter)
  • Tier and payment reference

This data is necessary to provide your supporter benefits.

Cookies We Use

Cookie Purpose Duration Type
or_sid Anonymous session identifier for analytics 1 year Functional
or_supporter Supporter access authentication 90 days Functional
or_theme Your light/dark mode preference Permanent Functional
or_consent Records your cookie consent choice 1 year Strictly necessary

We do not use any third-party tracking cookies. We do not use Google Analytics, Facebook Pixel, or any similar services.

Legal Basis for Processing

  • Analytics: Legitimate interest (Article 6(1)(f) GDPR) — we have a legitimate interest in understanding how our content performs. This data is pseudonymised and cannot identify you.
  • Newsletter: Consent (Article 6(1)(a) GDPR) — you actively opt in.
  • Contact form: Consent (Article 6(1)(a) GDPR) — you choose to contact us.
  • Vote alerts: Consent (Article 6(1)(a) GDPR) — you actively opt in via double opt-in verification.
  • Supporter data: Contract (Article 6(1)(b) GDPR) — necessary to provide the service.

Your Rights Under GDPR

You have the right to:

  • Access — request a copy of the data we hold about you
  • Rectification — ask us to correct inaccurate data
  • Erasure — ask us to delete your data ("right to be forgotten")
  • Restriction — ask us to limit how we use your data
  • Portability — receive your data in a machine-readable format
  • Object — object to processing based on legitimate interest
  • Withdraw consent — withdraw consent at any time for consent-based processing

To exercise any of these rights, use our data request page or contact us at contact page.

You can also delete all analytics data associated with your browsing session at any time from the data request page.

Data Retention

  • Analytics data: Retained for 24 months, then automatically deleted
  • Newsletter subscriptions: Until you unsubscribe
  • Vote alert subscriptions: Until you unsubscribe
  • Contact messages: Retained for 12 months
  • Supporter data: For the duration of your supporter status plus 12 months

Data Security

All data is stored on our own servers in Ireland. Data in transit is encrypted via HTTPS (TLS 1.2+). We do not share, sell, or transfer your data to any third parties.

Third-Party Services

  • Cloudflare — provides DNS, CDN, and DDoS protection. Cloudflare may process metadata (IP addresses, headers) under their own privacy policy. We use Cloudflare's "Full" SSL mode.

We do not use any other third-party services that process personal data.

Public Data Sources

Our accountability and transparency tools display publicly available data from:

  • Oireachtas Open Data API (api.oireachtas.ie) — TD profiles, Dáil votes, and legislation
  • European Parliament Open Data Portal (data.europarl.europa.eu) — MEP profiles, plenary votes, and legislative procedures

This is publicly available institutional data. No personal data about citizens is collected through these sources. MEP and TD information displayed on this site is official public record.

Children

Our site is not directed at children under 16. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. Material changes will be noted at the top of this page.

Contact

For privacy-related enquiries, contact us via our contact page or write to:

xbard
Ireland

Supervisory Authority

You have the right to lodge a complaint with the Irish Data Protection Commission:

Data Protection Commission
21 Fitzwilliam Square South
Dublin 2, D02 RD28
Ireland
dataprotection.ie