Privacy Policy

SiteOpsy ("we", "us", "our") operates the website siteopsy.io and the SiteOpsy application at app.siteopsy.io (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: When you register, we collect your name, email address, and password (stored securely hashed).
• Profile Information: Timezone preference and display name.
• Organization Information: Organization name, slug, billing email, and optional logo URL.
• Payment Information: Payment processing is handled by Paddle (our payment processor). We do not store your credit card details. We receive your Paddle customer ID and subscription status.
• Monitor Configuration: URLs, API endpoints, headers, and request bodies you configure for monitoring. Note that we recommend not including sensitive credentials in monitored endpoints.
• Alert Channel Configuration: Email addresses, Slack webhook URLs, and custom webhook URLs you configure for notifications.

1.2 Information Collected Automatically

• Usage Data: We collect information about how you interact with the Service, including pages visited, features used, and actions taken.
• Monitoring Data: HTTP response codes, response times, and availability data for your monitored endpoints.
• Log Data: Server logs including IP addresses, browser type, referring pages, and timestamps.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Monitor your websites and APIs and send you alerts
• Process transactions and manage your subscription
• Send you technical notices, updates, and support messages
• Respond to your comments, questions, and customer service requests
• Detect, prevent, and address technical issues and security threats
• Generate aggregated, anonymized analytics to improve the Service

3. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share information in the following situations:

• Service Providers: We share data with third-party providers that help us operate the Service, including Supabase (database and authentication), Paddle (payments), and email delivery services.
• Team Members: If you are part of an organization, other members of that organization may see your name, email, and role within the organization.
• Legal Requirements: We may disclose information if required to do so by law or in response to valid legal requests.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred.

4. Data Retention

We retain your account information for as long as your account is active. Monitoring data (check results and incidents) is retained according to your plan:

• Free plan: 7 days
• Starter plan: 30 days
• Pro plan: 90 days
• Business plan: 1 year

After the retention period, monitoring data is automatically deleted. When you delete your account, we remove your personal data within 30 days, except where retention is required by law.

5. Data Security

We implement industry-standard security measures to protect your data, including:

• Encryption in transit (TLS/SSL) for all connections
• Encryption at rest for stored data
• Row-level security policies in our database
• Secure password hashing
• HMAC-SHA256 signature verification for webhooks
• Regular security reviews and updates

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data.
• Portability: Request a portable copy of your data.
• Objection: Object to processing of your personal data.
• Restriction: Request restriction of processing your personal data.

To exercise any of these rights, please contact us at security@siteopsy.io.

7. International Data Transfers

Your information may be transferred to — and maintained on — servers located outside of your country of residence. By using the Service, you consent to the transfer of your information to countries that may have different data protection rules.

8. Children's Privacy

The Service is not intended for use by anyone under the age of 16. We do not knowingly collect personal information from children under 16. If we learn we have collected information from a child under 16, we will delete it promptly.

9. Third-Party Services

Our Service integrates with the following third-party services:

• Supabase: Authentication and database hosting. Supabase Privacy Policy
• Paddle: Payment processing. Paddle Privacy Policy

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

• Email: security@siteopsy.io
• General inquiries: hello@siteopsy.io