Uptime Platform Privacy Policy

Last updated: November 12, 2025

This policy explains how Uptime Platform (“Uptime”, “we”, “us”) collects, uses, and shares information when you use our Nuxt-based monitoring, incident, and support workspace, related APIs, public status pages, Docker/server agents, and other Services. By using the Services you consent to these practices.

1. Information We Collect

The data we process depends on the features you configure. The table below highlights the major categories.

Category	Description	Examples
Account & Profile Data	Information you or your organization submit to create and manage an account.	Name, email, TOTP secrets, roles/permissions, plan tier, billing contacts.
Service Configuration	Data required to run monitoring, alerting, and incident workflows.	Monitor URLs, headers, secrets, custom domains, status page content, incident drafts, webhook bindings.
Team & Collaboration Data	Content created by you or teammates in the dashboard or APIs.	Ticket threads, contacts, canned responses, comments, attachments, mailing list members, audit logs.
Device & Usage Data	Automatically captured telemetry about how the Services are accessed.	Browser type, IP address, timestamps, API latency, error reports, rate-limit logs, auth events.
Agent & Metrics Data	Information sent from optional server and Docker agents.	Hostnames, CPU/memory/disk/process metrics, monitor results, incident triggers, Jira sync metadata.
Third-Party Integrations	Data exchanged with external tools you connect.	Slack/Discord/webhook payloads, Jira references, email delivery metadata, DNS/SSL validation data.

2. How We Collect Information

Directly from you when registering, configuring monitors/status pages, opening tickets, or communicating with support.
Automatically through cookies, server logs, general usage analytics, and agent heartbeats whenever you use dashboards, APIs, or agents.
From workspace administrators or teammates who manage shared tenant resources.
From third parties when you enable integrations such as Jira, Slack, DNS providers, or email services.

3. How We Use Information

Provide, maintain, and secure the Services, including enforcing plan usage and account-level permissions.
Execute monitoring, alerting, support, and incident workflows you configure.
Send transactional communications (status notifications, support replies, security alerts) and respond to support requests.
Improve reliability and performance through analytics, debugging, and capacity planning.
Enforce acceptable use, investigate suspicious activity, and protect our rights, users, and infrastructure.
Comply with legal obligations, respond to lawful requests, and maintain audit-ready records.
Develop new features, roadmap initiatives, and beta programs informed by aggregated feedback.

4. Legal Bases

Where required (e.g., GDPR), we rely on contract performance, legitimate interests (service improvement, security, fraud prevention), compliance with legal obligations, and consent for optional programs or marketing.

5. How We Share Information

With subprocessors that host infrastructure, databases, caching layers, email delivery, analytics, payment processing, or customer support—each limited to providing services on our behalf.
With teammates within your organization according to assigned roles/permissions, including support portal and incident visibility.
With third-party integrations you authorize (e.g., Jira sync, Slack/Discord, webhooks), limited to the data required to operate that integration.
During corporate transactions (mergers, acquisitions, financings, or asset transfers) subject to confidentiality obligations.
When required by law or necessary to protect rights, users, safety, or enforce policies.

We do not sell personal information.

6. Data Retention

We retain data for as long as your account is active or as needed to provide the Services. Monitor history, incidents, and tickets follow plan-specific retention rules. Limited logs may be kept after account closure for fraud prevention, audits, or legal compliance.

7. Security

We employ TLS, role-based access, Redis-backed rate limits, layered middleware (auth, plan enforcement, custom-domain checks), and audit logging. No system is perfectly secure—protect API keys, agent tokens, and TOTP secrets on your side.

8. International Data Transfers

Data may be processed in the United States or other countries where we and our subprocessors operate. We use appropriate safeguards, such as Standard Contractual Clauses, when required.

9. Your Choices & Rights

Depending on your location you may request access, correction, export, deletion, or restriction of personal information, and object to certain processing. Workspace admins can self-manage most data via the dashboard or APIs. Contact us at privacy@uptime-platform.example for assistance.

You can adjust alert channels, mailing lists, and agent connections from the dashboard. Opt-out links are included with non-transactional communications where required.

10. Support Portal, Status Pages, and Public Data

Support Portal: Tenants control which tickets, contacts, and attachments are public. Avoid sharing sensitive data in public replies.
Status Pages & Custom Domains: Published incidents, metrics, and RSS/ICS feeds are intentionally public. Review content before publishing.
Server & Docker Agents: Agents stream system metrics and execute the automations you configure. Deploy only to systems you control.

11. Children

The Services are not directed to children under 16, and we do not knowingly collect their personal information. If you believe a child provided data, contact us and we will take appropriate action.

12. Changes to This Policy

We may update this policy to reflect operational, legal, or regulatory changes. Updates will be posted here with a revised “Last updated” date, and material changes may be announced via email or in-app notice.

13. Contact

Reach us at privacy@xuptimemonitor.com

If you have unresolved concerns, you may have the right to contact your local data protection authority.