Skip to main content

Privacy Policy

Last updated: 2026-06-24

This Privacy Policy explains how the uptimepage service ("we", "us") collects and processes personal data. It is intended to satisfy our obligations under the EU General Data Protection Regulation (GDPR) and similar laws.

1. Data Controller

uptimepage-inc is the data controller for personal data processed via the Service.

Contact: hello@uptimepage.dev For data-subject requests: hello@uptimepage.dev (see §10)

We do not have a designated Data Protection Officer as we do not meet the thresholds under GDPR Article 37.

2. What Data We Collect

We collect data in three ways:

You provide:

We generate automatically:

We collect via your browser:

Analytics (public marketing pages only): We run self-hosted, cookieless analytics (Umami) on our own EU infrastructure. It records aggregate page views, referrer, browser, operating system, device type, and coarse location (country and region) derived from a daily-rotating hash of your IP address and user agent. It sets no cookies, never stores your raw IP, and cannot identify you or follow you across sites or sessions. The data stays on our infrastructure and is never sent to a third party.

We do not use third-party analytics services that export your data (no Google Analytics, no Mixpanel, no tracking pixels).

3. Why We Process This Data

DataPurposeLawful basis (GDPR Art. 6)
Email, display name, OAuth identityProvide authenticationContract
Targets, check resultsProvide monitoring serviceContract
Sessions, API tokensAuthenticate API requestsContract
Hashed IP, login attemptsDetect security threatsLegitimate interest
Audit logCompliance and accountabilityLegitimate interest
Aggregate analytics (marketing pages)Understand site usage and improve contentLegitimate interest

We do not engage in automated decision-making with significant effects on you (no profiling, no scoring).

4. How Long We Keep It

CategoryRetention
Account data (email, OAuth)Until account deletion
Sessions90 days maximum
API tokensUntil you revoke them
Check results (raw per-check detail)30 days
Check result history (aggregated, hourly)13 months
Login attempts180 days
Audit log2 years
Quota events90 days
Server access logs30 days
Application error logs30 days
Aggregate analytics (marketing pages)Indefinite (aggregate only; no identifiers that single you out)

Deleted accounts are recoverable for 30 days, after which data is permanently purged.

5. Who We Share It With

We use these third-party processors:

ProcessorPurposeLocationSafeguard
Hetzner Online GmbHHosting and DNSGermanyDPA in place
ResendTransactional emailsUSAStandard Contractual Clauses
GitHubOAuth authenticationUSAStandard Contractual Clauses

We do not sell or rent your data. We do not share it for marketing.

We may disclose data:

6. International Transfers

Data is primarily stored in Germany (Hetzner data centre, Nürnberg). Resend and GitHub are based in the United States; transfers to them are protected by Standard Contractual Clauses adopted by the European Commission.

7. Security

Technical measures include:

We will notify affected users without undue delay if we become aware of a personal-data breach affecting your data, and we will notify the competent supervisory authority within 72 hours where required.

8. Your Rights

Under GDPR, you have the right to:

9. Cookies

We use one cookie: _sm_session, which holds your session identifier. This is strictly necessary for the Service to function and does not require consent.

We do not use analytics, advertising, or third-party tracking cookies.

See our Cookie Policy for details.

10. Data Subject Requests

Two channels — use whichever is convenient:

Self-service (recommended):

Email: Send a request to hello@uptimepage.dev. We will:

You can use the email channel if you are locked out of your account, if you are acting on behalf of someone else (e.g., deceased user), or if you have requirements beyond what the self-service tools provide.

11. Children

The Service is not directed to children under 16. We do not knowingly collect data from children under 16. If you become aware that a child has provided us with personal data without parental consent, please contact us so we can delete it.

12. Changes

We may update this Policy. Material changes will be announced via email 30 days in advance.

13. Contact

hello@uptimepage.dev