Privacy Policy

Version: 2026-05-19

Draft. Replace with a counsel-reviewed version before commercial release.

What we collect

• Account information: email, display name, company name, password

hash (PBKDF2-SHA256), and timezone.

• Service data: the monitors you configure, incidents you record,

probe results, captures, and timeline updates.

• Email subscribers: addresses submitted by visitors to your status

pages. These belong to YOU as the page operator; we process them on your behalf.

• Operational data: server access logs, audit log entries (login,

webhook deliveries, API token use), IP addresses, and user-agent strings — retained for 90 days for security and abuse prevention.

What we don't collect

• We do not use third-party advertising trackers.
• We do not sell or rent personal information.
• We do not retain credentials, authorization tokens, or cookies

from URLs we probe on your behalf.

How we use email

• Account: password resets, security alerts, billing notifications.
• Status page subscribers: ONLY incident notifications for the pages

they subscribed to, plus a verification email at signup and an unsubscribe link in every message.

Sub-processors

• Cloudflare — hosting (Workers, Pages, D1, R2).
• Resend — transactional email delivery.
• Stripe *(when billing ships)* — payment processing.

Your rights

You may request export, correction, or deletion of your personal data at any time. Use the in-app data export, or contact [email protected].

Children

The Service is not intended for users under the age of 16. We do not knowingly collect data from children.

Contact

[email protected]