We take security seriously. Here's exactly how we protect your data and privacy โ explained in plain English.
Data Protection
We collect only what's necessary to provide our service:
Account data: Email address (for login/notifications). Passwords are hashed using bcrypt before storage โ we never see or store your actual password.
Monitoring data: Endpoint URLs you configure and incident logs. This is stored securely and retained based on your plan (30-90 days).
Payment data: We don't store credit card numbers. All payment processing is handled by Stripe, which is PCI DSS compliant.
How We Secure Your Data
๐ Encryption in transit
All communication between your browser and our servers is encrypted via HTTPS/TLS 1.2+.
๐ Secure passwords
Passwords are hashed with bcrypt. Even if our database were compromised, attackers couldn't recover your password.
๐ก๏ธ Access control
Your endpoint data is isolated by account. Other users cannot access your endpoints, incidents, or settings.
โก Minimal data collection
We don't sell your data. We don't track you across the web. We collect only what's needed to run the service.
๐ณ Stripe for payments
Card numbers never touch our servers. Stripe handles all payment data with bank-level security.
๐ Regular updates
We keep dependencies updated and monitor for security vulnerabilities in our software stack.
Infrastructure
Our service runs on secured cloud infrastructure:
Servers are kept up-to-date with security patches
Firewall rules restrict access to essential ports only
SSH access is key-only (password authentication disabled)
Database access is restricted to application layer only
Your Rights
You have control over your data:
Access: Request a copy of all data we hold about you
Deletion: Request complete deletion of your account and associated data
Export: Download your incident logs and endpoint configurations
Portability: We provide data in standard formats (JSON, CSV)