Privacy policy

• Account data — name, email address, hashed password, organisation details, and team/role membership.
• Monitoring configuration — the URLs, hostnames, domains, certificates, DNS records, and check intervals you set up, plus the resulting check results and incident history.
• Billing data — handled by our payment processor Paddle (Merchant of Record). We receive limited billing metadata (e.g. plan, country, last four digits, invoice references); we do not store full card numbers.
• Usage & analytics — product analytics, feature usage counters, and (where you enable Real User Monitoring) aggregated performance telemetry from your visitors.
• Technical data — IP address, browser/user-agent, device and log data needed to operate, secure, and debug the service.

We process personal data to:

• Provide, maintain, and secure the service and your account.
• Run the monitoring checks you configure and deliver alerts, reports, and status pages.
• Process subscriptions and payments through our Merchant of Record.
• Provide support, communicate service and security notices, and prevent abuse or fraud.
• Improve the product using aggregated, where possible anonymised, usage data.
• Comply with legal obligations.

We rely on the following legal bases:

• Contract — to provide the service you signed up for (GDPR Art. 6(1)(b); KVKK Art. 5/2-c).
• Legitimate interests — to secure the service, prevent abuse, and improve the product, balanced against your rights (GDPR Art. 6(1)(f); KVKK Art. 5/2-f).
• Legal obligation — to meet accounting, tax, and other statutory duties (GDPR Art. 6(1)(c); KVKK Art. 5/2-ç).
• Consent — where required, e.g. for non-essential cookies or marketing email; you may withdraw consent at any time (GDPR Art. 6(1)(a); KVKK Art. 5/1).

We share personal data only with vendors who help us run the service, under data-processing agreements. Our key sub-processors are:

• Paddle — payment processing and Merchant of Record (billing, tax, invoicing, refunds).
• Cloud hosting & database — application hosting, managed PostgreSQL, and object storage.
• Email delivery — transactional and alert email (e.g. Resend).
• Error monitoring — application error and performance monitoring (e.g. Sentry).

We do not sell personal data to third parties.

We keep account and monitoring data for as long as your account is active. After you close your account, we delete or anonymise personal data within a reasonable period (typically up to 90 days), except where longer retention is required for legal, tax, or fraud-prevention purposes. Billing records held by Paddle are retained per Paddle’s own policies and applicable law.

To exercise any right, email [CONTACT EMAIL]. We respond within 30 days. Many requests (export, deletion) can also be self-served from the dashboard.

We use strictly necessary cookies for authentication and security, and—where you consent—analytics cookies to understand product usage. You can control non-essential cookies through your browser settings or our cookie controls where provided. Disabling essential cookies may break sign-in.

Our processors may store and process data outside your country, including outside the EU/EEA or Türkiye. Where personal data is transferred internationally, we rely on appropriate safeguards such as Standard Contractual Clauses (GDPR) and, for KVKK, explicit consent or other lawful transfer mechanisms permitted under Turkish law.

We use industry-standard measures including encryption in transit, hashed passwords, access controls, and least-privilege practices. No system is perfectly secure; you are responsible for keeping your credentials safe. See our security page for vulnerability disclosure.

The data controller is [LEGAL NAME], [BUSINESS ADDRESS], [JURISDICTION]. For any privacy question or to exercise your rights, contact [CONTACT EMAIL].