Privacy
ChannelWatch app privacy
Section titled “ChannelWatch app privacy”ChannelWatch does not include first-party telemetry, analytics, or phone-home behavior by default. It does not report usage data to a ChannelWatch-operated service.
That does not mean the app never makes outbound requests. It talks to the Channels DVR servers you configure, and it sends alerts only to the notification destinations you configure. If you supply an optional error-reporting DSN, unhandled exception reports go to that destination and nowhere else.
Local artifacts under /config
Section titled “Local artifacts under /config”The self-hosted app keeps its local state in the /config volume. The main artifacts are:
| Path | What it stores | Notes |
|---|---|---|
/config/settings.json | Main app settings, DVR connection details, thresholds, provider configuration, and shared secrets | Persistent config file used by both the core service and the web UI |
/config/channelwatch.log | Rotating application log file | Local log file, operator-readable, rotated with retention configured in app settings |
/config/channelwatch.db | SQLite data for alert history, delivery records, and other persisted app state | Current installs use the database for operational history and delivery data |
/config/activity_history.json | Legacy local activity history store | Older installs may still have this file; current installs also use channelwatch.db |
/config/session_state_<dvr_id>.json | Per-DVR alert and session state | One file per DVR identity |
/config/watchdog_status.json | Persisted watchdog and freshness state | Used to retain health snapshot information across restarts |
/config/migration.journal | Migration progress and recovery metadata | Used during schema and storage migrations |
/config/backups/* | Local backup zips and migration backup files | Includes migration backups, archived legacy state files, and pre-restore snapshots |
/config/env_overrides.json | Environment-derived overrides surfaced to the UI | Generated by the container entrypoint when env overrides are present |
/config/encryption.key | Encryption key used for per-DVR API key encryption | This does not mean every secret in settings.json is encrypted at rest |
Credential storage, masking, and encryption scope
Section titled “Credential storage, masking, and encryption scope”Only per-DVR API keys have confirmed encryption-at-rest coverage today. Those keys use /config/encryption.key for local Fernet encryption before they are written back to the settings store.
That protection does not apply to every secret. Shared API keys, notification provider credentials, webhook secrets, webhook URLs, and similar provider settings are masked in the UI and in sanitized debug output, but they are not all fully encrypted at rest today. Filesystem permissions on the /config volume still matter.
Outbound traffic, what leaves your machine
Section titled “Outbound traffic, what leaves your machine”ChannelWatch sends outbound traffic only to the systems you choose to connect:
- configured Channels DVR servers
- configured notification destinations such as Apprise-backed providers, Discord webhooks, or other webhook endpoints
- an optional user-supplied error-reporting DSN, if you configure one
Notification payloads contain alert content from your DVR environment, such as channel name, program name, and device name. They do not send the full ChannelWatch configuration file or the local database.
Backups, logs, and manual exports
Section titled “Backups, logs, and manual exports”ChannelWatch uses local backups, not a cloud backup service. The app creates backup artifacts in /config/backups/, including timestamped migration backups and pre-restore snapshots created before a restore operation.
Backup zips and local export flows are operator-controlled. They stay on disk until you move, copy, or share them yourself.
The debug bundle is also a local manual export. It produces a zip for manual sharing and does not transmit anything automatically.
Multi-user and RBAC status
Section titled “Multi-user and RBAC status”RBAC is source-backed and optional in the current app. The backend exposes admin, operator, and viewer roles, session-based auth, and a security-status endpoint that reports whether RBAC is enabled. Deployments can also run in shared API-key mode, or in an RBAC mode that still keeps the shared API key as a fallback.
That does not turn the privacy story into “everything is encrypted and centrally managed.” The main privacy guarantees are still local storage, operator-controlled sharing, and limited encryption scope. For current auth and role behavior, see Security modes and RBAC.
This website, not the self-hosted app
Section titled “This website, not the self-hosted app”The ChannelWatch docs and marketing site, the site you are reading now, uses Cloudflare Web Analytics. It is cookieless, does not set cookies, and does not use cross-site tracking. Cloudflare documents that product at cloudflare.com/web-analytics-privacy-policy/.
This website analytics setup is separate from the self-hosted ChannelWatch app. The app does not send analytics to Cloudflare.
Related pages
Section titled “Related pages”- API Keys, masking and per-DVR key handling
- Security modes, current auth and access model
- RBAC, current scope and deployment caveats
- Backup & Restore, backup zip contents and restore behavior
- Disclaimer, trademark and affiliation notice