Privacy Policy
Last updated: March 31, 2026
1. Data Controller
PingGuard ("we", "us", or "our") is the data controller for personal data processed through the PingGuard uptime monitoring platform. For privacy inquiries, contact us at privacy@pingguard.com.
2. Data We Collect
Account data:
- Email address (required for account creation)
- Name (optional, from your authentication provider)
- Avatar URL (from your authentication provider)
Monitor data:
- URLs you configure for monitoring
- Custom HTTP headers you provide (for authenticated endpoints)
- Expected status codes and keyword checks
Check results:
- HTTP status codes returned by your endpoints
- Response times (in milliseconds)
- Up/down status determinations
- Error messages (e.g., timeout, DNS failure, TLS error)
- Timestamps and probe region identifiers
Billing data:
- Stripe customer ID and subscription status (payment details are handled entirely by Stripe and never touch our servers)
3. Data We Do NOT Collect
We explicitly do not collect or store:
- HTTP response bodies from your monitored endpoints
- Credentials, passwords, or authentication tokens from monitored sites
- Personal data of visitors to your monitored sites
- Tracking cookies or analytics data (we use only essential session cookies)
4. How We Use Your Data
We process your data for the following purposes:
- Service delivery: Executing uptime checks, evaluating alert conditions, rendering status pages
- Account management: Authentication, billing, plan enforcement
- Notifications: Sending alert emails, Slack messages, and webhook calls you configure
- Service improvement: Aggregate, anonymized usage statistics (never individual monitoring data)
Legal basis (GDPR): We process your data based on contractual necessity (providing the Service you signed up for) and legitimate interest (service improvement with anonymized data).
5. Data Processing Locations
Your data is processed in the following locations:
| Service | Provider | Location |
|---|---|---|
| Application hosting | Vercel | United States (edge-global) |
| Database | Supabase (AWS) | United States |
| Probe (US East) | DigitalOcean | New York, US (nyc1) |
| Probe (EU West) | DigitalOcean | Amsterdam, EU (ams3) |
| Probe (Asia Pacific) | DigitalOcean | Singapore (sgp1) |
The EU probe (ams3) makes HTTP requests from EU soil. URLs you configure for monitoring may be considered personal data under GDPR and are processed in the EU as part of this check execution.
6. Third-Party Data Processors
We use the following third-party services to provide PingGuard. Each operates under its own privacy policy:
- Clerk (authentication) — Privacy Policy
- Stripe (billing and payments) — Privacy Policy
- Resend (transactional email) — Privacy Policy
- Supabase (PostgreSQL database hosting) — Privacy Policy
- Vercel (application hosting) — Privacy Policy
- DigitalOcean (probe infrastructure) — Privacy Policy
7. Data Retention
Raw check data is retained based on your plan tier:
| Data Type | Free | Pro | Business |
|---|---|---|---|
| Raw checks | 7 days | 30 days | 90 days |
| 5-minute aggregates | 30 days | 90 days | 1 year |
| Daily aggregates | Indefinite | Indefinite | Indefinite |
Account data (email, name) is retained for as long as your account is active. Upon account deletion, all data is permanently removed within 30 days.
8. Cookies
PingGuard uses only essential cookies required for authentication (provided by Clerk). We do not use any tracking, analytics, or advertising cookies. No cookie consent banner is needed because we do not use non-essential cookies.
9. Your Rights
Under GDPR and similar data protection regulations, you have the right to:
- Access: Request a copy of the personal data we hold about you
- Rectification: Correct inaccurate personal data
- Erasure: Delete your account and all associated data (available in Settings)
- Data portability: Request an export of your data in a machine-readable format
- Restriction: Request restriction of processing in certain circumstances
- Objection: Object to processing based on legitimate interest
To exercise any of these rights, contact us at privacy@pingguard.com. We will respond within 30 days.
10. Account Deletion
You can delete your account at any time from the Settings page in your dashboard. Deletion is immediate and irreversible:
- All monitors, checks, and historical data are permanently deleted
- All status pages and incidents are removed
- Your Stripe subscription is cancelled
- Your authentication account is revoked
Cascade deletion ensures no orphaned data remains in our systems.
11. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encrypted connections (TLS) for all data in transit
- Database encryption at rest (provided by Supabase/AWS)
- Authentication via Clerk with support for OAuth and magic links
- Role-based access control for team features
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a revised "Last updated" date. Continued use of the Service after changes constitutes acceptance.
13. Contact
For privacy-related questions or to exercise your data rights, contact us at privacy@pingguard.com.