Your privacy is critically important to us at updown.io. This document describes our privacy practices as well as your choices regarding use, access and correction of personal data.
What do we collect
We only collect information about you if we have a reason to do so, for example to provide our service or to communicate with you. It can either be information you provide or collected automatically. Let’s have a look:
Necessary to our service
- Basic account information (ex: screenname, email, password) are required to operate your service and allow you to log in. If you register using and OAuth provider (Github or Google) the screename and email are imported and the password is not required.
- Billing information (ex: name, company, address, VAT number) are only collected at your initiative to provide invoices addressed to you.
- Credentials (ex: basic auth, API key) can be collected at your initiative to monitor a URL requiring authentication.
- Extra contact details (ex: email address, phone numbers) can be collected at your initiative to send alerts to additional people.
- Private data can potentially be collected from the web page you're monitoring if you choose to use the text search feature for example as updown.io have to keep the body of the page in case of downtime.
- Log Information: like most online service providers, we collect information that web browsers typically make available, such as the browser type, IP address, language preference, referring site, the date and time of access, operating system.
- Location Information: we may determine the approximate location of your servers from their IP addresses. We collect and use this information at the moment only to provide an accurate world map of monitored sites on the home page. In the future we may use this to help detect regional outages.
Note: Financial information (ex: credit card number, name, postal code) are not collected by us, they go directly to the payment services provider and only when you make a purchase.
What do we share, and why
We share information about you as least as possible to protect your privacy, here are the information we share and why:
- Employees and Contractors may gain access to some information about you in order to help provide our service. For example if we need to assist you with something or if we're investigating an issue on your account.
- Third Party Vendors may gain access to some information about you in order to provide their services to us, or to you. Like payment providers that process your credit card information, SMS and email delivery services. These vendors are listed in in the "List of data sub-processors" section below.
- Legal Requests may force us to disclose information about you in response to a subpoena, court order, or other governmental request
- To Protect Rights, Property, and Others we may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of updown.io, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- With Your Consent we may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so.
- Aggregated or De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our service.
You're in control
- If you have an account with us, you can choose not to provide the optional account information. Of course if you do this certain features may not be accessible or degraded.
- You can also choose at any time to close your updown.io account, in which case all data (personal or not) associated with your account will be removed from the service database instantly. Some information may still be present in our logs and backups though, and will definitely be gone after up to one week.
- You can access and update most of your personal information from the website directly, but if you have a more specific request (right to portability, to object, etc.) feel free to reach out to firstname.lastname@example.org.
- Remember that you can always submit a request to the CNIL (Commission Nationale de l'Informatique et des Libertés, the French Data Protection Authority).
Note: we didn't say anything about opting out from mailing lists because there's none. We don't send any marketing email, only personal emails related to your account.
By default we keep all the information provided in your settings or collected by your monitors (e.g. downtimes, metrics) up until you choose to delete your account (or monitors). But we automatically delete inactive checks and accounts after 3 years of inactivity.
Additionally we do reduce the level of details persisted after some time for active checks, for example the Apdex metrics (initially stored per hour) are grouped by day after 2 days and then by months after 40 days. The detailed responses for the last 5 requests which started a downtime are deleted after 3 years, the downtime is kept but only with basic information (error and timing).
Logs and usage information that are not necessary for the execution of our service are only kept for one month after their collection.
While no online service is 100% secure, we work very hard to protect your information against unauthorized access or alteration, and take reasonable measures to do so, such as keeping software up-to-date, restricting access to internal services and using state-of-the-art authentication and encryption methods.
Other Things You Should Know (Keep Reading!)
List of sub-processors
updown.io uses the following products/services (which are all GDPR compliant):
- OVH, Vultr, Digital Ocean and Hetzner for sending monitoring requests, hosting the website and storing data.
- Stripe, Paypal and CoinGate for payments.
- Postmark and MailerSend for sending Email notifications.
- Vonage (formerly Nexmo) for sending SMS notifications.
- Uservoice for support and feedback widget.
- July 28th, 2022: Added more details about the automatic data purge and compaction in the "Retention" section
- May 5th, 2022: Renamed Nexmo to Vonage in the list of sub-processors (same service but acquired)
- March 5th, 2021: Replaced SendGrid by MailerSend in the list of sub-processors
- Jan 23th, 2020: Replaced Bitpay by CoinGate in the list of sub-processors as payment service provider for cryptocurrencies.
- June 7th, 2020: Replaced Scaleway by Hetzner in the list of sub-processors
- August 14th, 2019: Replaced Mandrill by SendGrid in the list of sub-processors
- June 23rd, 2018: Removed Google Analytics and added Uservoice to the list of sub-processors
- May 25th, 2018: Initial version