Privacy Policy

We collect the minimum needed to run the Service and bill you. We don't sell data, we don't run trackers, and the only third party that ever sees your traffic is Cloudflare (TLS + DDoS).

What we collect

Account data

• Email address (sign-in identifier, used for account-related notifications only)
• Argon2id hash of your password (we never see or store the plaintext)
• Organization name and slug (your input)
• Account creation timestamp

Service data

• Monitors you configure (name, URL, type, interval, alert destination)
• Check results (status, response time, status code, optional error message), retained 30 days
• Custom request headers you set, encrypted at rest with AES-256-GCM
• Webhook signing secret (HMAC-SHA256) — generated, rotatable on demand

Operational data

• Source IP of API requests (used for rate-limit + abuse defense, retained 7 days in logs)
• Audit log of every account-mutating action with the actor user, the org, the action, and a timestamp
• Request IDs for end-to-end tracing across api → scheduler → worker → alerter

What we don't collect

• No analytics cookies. The marketing site uses Cloudflare Web Analytics (cookieless, no fingerprinting) — see CF's privacy notes.
• No third-party trackers. No Google Analytics, no Facebook Pixel, no Hotjar, nothing.
• No payment card data. When billing ships, we'll use Stripe — they handle PCI scope, we never see your card number.

Subprocessors

Full list at /legal/subprocessors. In short: Cloudflare for DNS, TLS termination on the marketing/dashboard SPA, and DDoS protection. Everything else (Postgres, ClickHouse, Redis, the API, the workers) runs on infrastructure we control.

Your rights (GDPR, CCPA, and similar)

Email [email protected] from the address on your account to request:

• Access: a JSON export of every row associated with your org
• Deletion: immediate purge from production within 30 days, backups within 90
• Correction: direct edits, or via the dashboard yourself
• Portability: the access export is the same format the API returns

Retention

• Account data: until you delete the account
• Check results: 30 days rolling
• Audit logs: 1 year (kept for security forensics)
• Operational logs (HTTP access logs): 7 days
• Backups: 30 days, then overwritten

Security

TLS 1.3 in transit. Postgres at rest is on encrypted disks; sensitive columns (request headers, webhook secrets) are additionally AES-256-GCM-encrypted at the application layer with a key derived via scrypt from a master key never written to logs. See /security for the full picture.

Contact

Privacy questions: [email protected]
Operational issues: [email protected]
Security disclosures: [email protected]