Privacy Policy — UptimeWiz

1. Who we are

UptimeWiz ("we", "us", "our") provides website and API uptime monitoring services. This Privacy Policy describes how we collect, use, store, and protect your personal information when you use the Service at uptimewiz.com. For the purposes of the GDPR, UptimeWiz acts as the data controller for personal data processed under this policy.

Contact: privacy@uptimewiz.com

2. Data we collect

Category	What	Why
Account data	Email address, hashed password	Authentication, account management
Monitor config	URLs, ports, names, alert settings	Performing checks, sending alerts
Check results	Status codes, response times, timestamps	Uptime history, analytics
Technical data	IP address, browser/device type, pages visited	Security, fraud prevention, debugging
Usage data	API calls, feature interactions	Service improvement, abuse prevention
Payment data	Processed via payment provider — we see only last 4 digits and billing country	Billing

We do not collect sensitive personal data (such as racial or ethnic origin, health data, or financial account numbers). We do not purchase or receive data about you from third parties.

3. How we use your data

To perform the monitoring checks you have configured.
To send alerts via Email, Slack, or Discord when your monitors change state.
To display your uptime history and analytics in the dashboard.
To manage your account and process billing.
To respond to support and legal requests.
To detect and prevent fraud, abuse, and security incidents.
To improve the Service based on aggregate, anonymised usage patterns.
To comply with legal obligations.

We do not use your data for advertising, profiling, or automated decision-making that produces legal or similarly significant effects.

4. Legal basis for processing (GDPR)

If you are located in the European Economic Area (EEA) or UK, we process your personal data under the following legal bases:

Processing activity	Legal basis (GDPR Art. 6)
Account creation and authentication	Performance of contract (Art. 6(1)(b))
Performing monitoring checks	Performance of contract (Art. 6(1)(b))
Sending downtime alerts	Performance of contract (Art. 6(1)(b))
Payment processing	Performance of contract (Art. 6(1)(b))
Fraud detection and security	Legitimate interests (Art. 6(1)(f))
Service improvement (aggregated/anonymised)	Legitimate interests (Art. 6(1)(f))
Compliance with legal obligations	Legal obligation (Art. 6(1)(c))

5. Third-party services

We use the following third-party providers:

Cloud infrastructure provider — compute, storage, and messaging (SOC 2, ISO 27001 certified). Data processed in the United States and EU.
Authentication provider — user account and session management. Data processed in the United States.
Resend — transactional email delivery for alerts. Data processed in the United States.
DodoPayments — payment processing (we never store or see full card numbers). Subject to DodoPayments' Privacy Policy.

Each provider is contractually bound to process your data only as instructed and to maintain appropriate security standards. We do not permit providers to use your data for their own purposes.

6. Data retention

Account data: retained until you delete your account, then purged within 30 days of deletion from live systems.
Ping logs: 7–30 days depending on plan, then automatically deleted.
Incident records: 90 days.
Access/security logs: 30 days.
Billing records: 7 years, as required by financial regulations.
Backups: System backups are retained for up to 35 days. Deleted account data will be purged from all backups within 35 days of the deletion date.

7. Cookies

We use only technically necessary cookies for session management (auth tokens stored as secure, httpOnly cookies). We do not use tracking cookies, advertising cookies, or third-party analytics cookies. We do not use Google Analytics or similar tracking tools. No cookie consent banner is shown because we do not use non-essential cookies.

8. Data transfers

Your data is processed in the United States and the EU (Ireland). If you are located in the EEA or UK, transfers to the United States are made under Standard Contractual Clauses (SCCs) as required by GDPR, providing equivalent protection to data processed within the EEA. You may request a copy of the applicable transfer safeguards by contacting privacy@uptimewiz.com.

9. Data breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33. If the breach is likely to result in a high risk to you personally, we will also notify you directly without undue delay at the email address on your account, describing the nature of the breach, the data affected, and the steps we are taking to address it.

10. Your rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your personal data (right to be forgotten).
Restriction: Request that we restrict processing of your data in certain circumstances.
Portability: Receive your data in a structured, machine-readable format.
Objection: Object to processing based on legitimate interests.
Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Automated decisions: We do not make solely automated decisions that produce legal or similarly significant effects about you. If this changes, you will have the right to human review.

To exercise any of these rights, contact us at privacy@uptimewiz.com. We will respond within 30 days. We may need to verify your identity before processing your request. We will not charge a fee unless the request is manifestly unfounded or excessive.

11. Right to complain to a supervisory authority

If you are located in the EEA or UK and believe we are processing your personal data unlawfully, you have the right to lodge a complaint with your local data protection supervisory authority. In the EU, you may contact the supervisory authority of your country of residence or the lead supervisory authority. In the UK, the relevant authority is the Information Commissioner's Office (ICO) at ico.org.uk. We ask that you contact us first so we can attempt to resolve your concern.

12. California residents (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) grants you additional rights:

Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months.
Right to delete: Request deletion of personal information we have collected, subject to certain exceptions.
Right to opt out of sale: We do not sell personal information as defined by the CCPA. No opt-out action is required.
Right to non-discrimination: We will not discriminate against you for exercising any CCPA rights.

To exercise CCPA rights, contact us at privacy@uptimewiz.com.

13. Children's privacy

The Service is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have inadvertently collected such data, contact us immediately at privacy@uptimewiz.com and we will delete it promptly.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email at the address on your account and update the "Last updated" date above. Where required by law (e.g. changes to the legal basis for processing), we will seek your consent. Continued use of the Service after changes take effect constitutes acceptance of the revised policy.

15. Contact us

For privacy-related questions or to exercise your rights:
privacy@uptimewiz.com

General contact: contact page