Privacy Policy

Effective Date: April 28, 2026

1. Introduction

Welcome to SiteStatus ("we," "our," "us," or the "Service"). We are committed to protecting your personal data and your right to privacy. This Privacy Policy details how we collect, use, process, and safeguard your information when you visit our website or use our automated uptime monitoring services.

2. Data Controller

For the purposes of the GDPR, the Data Controller for your personal information is:

  • Service Name: SiteStatus
  • Jurisdiction: Ukraine
  • Contact Email: support@sitestatus.dev
  • Note: SiteStatus is operated as an independent project by an individual developer based in Ukraine.

3. Information We Collect

3.1. Information You Provide to Us

  • Account Information: We collect your email address and account credentials (hashed passwords) for direct registration.
  • OAuth Data: If you sign in via Google (including Google One Tap) or GitHub, we receive your email and a unique identifier from these providers.

3.2. Information We Collect Automatically

  • Security & Session Data: To provide you with a "Security Dashboard" to identify active sessions, we collect:
    • IP Address: For security and fraud prevention.
    • Device Information (User Agent): Browser type, OS, and device category.
    • Approximate Location: Country and City determined via IP.
  • Monitoring Data: To provide the uptime service, we store:
    • Target URLs, HTTP status codes, response times, and error messages.
    • Privacy Guarantee: We do not log or store response bodies or sensitive payloads from monitored servers.

4. Legal Basis for Processing (GDPR)

  • Performance of a Contract: Necessary to provide monitoring and account management.
  • Legitimate Interests: To secure our platform, prevent abuse, and ensure technical stability.
  • Consent: For non-essential processing, such as Google Analytics 4.

5. Data Retention Policy

  • Raw Monitoring Logs: Retained for a maximum of 24 hours.
  • Hourly Aggregated Logs: Retained for 30 days.
  • Daily Aggregated Logs: Retained indefinitely while the account is active for historical reports.
  • Account Data: All data is erased within 30 days of account deletion.

6. Cookies and Tracking Technologies

  • Strictly Necessary Cookies: Essential for maintaining login sessions.
  • Analytics Cookies: We use Google Analytics 4 (GA4) with Consent Mode v2. We ask for explicit consent before setting these cookies.

7. Data Sharing and Third-Party Processors

We only share data with trusted infrastructure providers acting on our behalf:

  • Infrastructure: Vercel (Hosting), DigitalOcean (Backend), Microsoft Azure (Regional Workers).
  • Databases: Neon (PostgreSQL) and Turso (Edge DB).
  • Communications: Brevo (SMTP Relay) for alerts.

8. International Data Transfers

SiteStatus is operated from Ukraine. Your data is processed on servers provided by our cloud partners, primarily in the US and EU. We ensure providers maintain high security standards.

9. Data Security

We implement technical measures (encryption, hashed passwords) to protect your data. However, no internet transmission is 100% secure, and we cannot guarantee absolute security.

10. Your Data Protection Rights

Under GDPR, you have the right to:

  • Access, correct, or request deletion of your data.
  • Object to or restrict data processing.
  • Withdraw cookie consent at any time.

11. Children's Privacy

SiteStatus is intended for users at least 16 years old. We do not knowingly collect data from individuals under 16. If we discover such data, we will take steps to delete it immediately.

12. Changes to This Privacy Policy

We may update this policy to reflect changes in our practices. We will notify you of material changes by updating the "Effective Date" or via email notification.

13. Contact Us

If you have any questions or requests regarding this policy, please contact: Email: support@sitestatus.dev