Privacy Policy

Last Updated: January 25, 2026

UptimeAudit ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SLA monitoring and credit recovery platform (the "Service"). Please read this policy carefully.

1. Information We Collect

We collect several types of information to provide and improve our Service:

1.1 Account Information

When you create an account, we collect:

• Name and email address
• Organization/company name
• Job title (optional)
• Password (stored in hashed format)
• Profile preferences and settings

1.2 Billing Information

For subscription and commission payments, we collect:

• Billing address
• Payment method details (processed securely by Stripe; we do not store full card numbers)
• Transaction history and invoices
• Tax identification numbers where required by law

1.3 Vendor Integration Data

To monitor services and file claims on your behalf, we collect:

• Vendor account identifiers (e.g., AWS Account ID, organization names)
• Service tier and subscription level with each vendor
• Billing account numbers necessary for claim submission
• Contact information for vendor support portals

Important: We do NOT access your internal data, resources, or content within these third-party services. We only monitor publicly available status pages and match them against your configured vendor information.

1.4 Usage Data

We automatically collect:

• Pages and features accessed within our platform
• Claims filed and their outcomes
• Dashboard interactions and report downloads
• Timestamps and session duration

1.5 Device and Technical Data

We collect:

• IP address and approximate geolocation
• Browser type and version
• Operating system
• Device identifiers
• Referral URLs

2. How We Use Your Information

We use collected information for the following purposes:

• Service Delivery: Monitor vendor uptime, detect SLA breaches, draft claims, and file them on your behalf.
• Account Management: Create and manage your account, authenticate access, and communicate account-related information.
• Billing: Process subscription payments, calculate and invoice commissions, and maintain financial records.
• Communication: Send claim status updates, service notifications, and respond to support inquiries.
• Analytics: Analyze usage patterns to improve service features, monitoring accuracy, and user experience.
• Security: Detect and prevent fraud, abuse, and security incidents.
• Legal Compliance: Comply with applicable laws, regulations, and legal processes.

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data under the following legal bases:

• Contract Performance: Processing necessary to fulfill our service agreement with you (monitoring, claim filing, billing).
• Legitimate Interests: Analytics, service improvement, and fraud prevention, balanced against your privacy rights.
• Legal Obligation: Compliance with tax, accounting, and regulatory requirements.
• Consent: Where required, such as for marketing communications (you may withdraw consent at any time).

4. Data Sharing and Disclosure

We do not sell your personal data. We share information only as follows:

4.1 Vendors (for Claim Filing)

When we file SLA claims on your behalf, we share necessary information with the relevant vendor, including:

• Your account identifier with that vendor
• Outage timestamps and duration
• Evidence of service disruption
• Your authorization for us to act as your agent

4.2 Service Providers

We use trusted third-party services to operate our platform:

• Stripe: Payment processing and subscription management
• Supabase: Database hosting and authentication
• Vercel: Website hosting and edge network
• Cloudflare: CDN, DDoS protection, DNS services, monitoring workers, and Workers AI for drafting claim language
• Resend: Transactional email delivery (digests, claim notifications)

These providers are contractually obligated to protect your data and use it only for specified purposes.

AI-assisted claim drafting: When you regenerate a claim, the incident metadata (vendor, region, timestamps, your account identifier, and approximate monthly spend on the affected service) is sent to Cloudflare Workers AI to produce the email body. Cloudflare's Workers AI terms state that prompts and outputs are not used to train models. We do not send your authentication credentials, full billing history, or content from inside vendor accounts. You can disable AI drafting by leaving the Workers AI configuration unset; the platform will fall back to deterministic templates.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, court order, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change.

5. Data Retention

We retain your data for as long as necessary to provide the Service and fulfill the purposes described in this policy:

• Account Data: Retained while your account is active and for 2 years after account closure for legal and audit purposes.
• Billing Records: Retained for 7 years to comply with tax and accounting regulations.
• Claim History: Retained for 5 years for audit trail and dispute resolution.
• Usage Logs: Retained for 12 months, then anonymized or deleted.
• Marketing Data: Deleted upon request or after 2 years of inactivity.

You may request earlier deletion of your data subject to our legal obligations.

6. Security Measures

We implement robust security measures to protect your data:

• Encryption: All data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: Role-based access with multi-factor authentication for internal systems.
• Monitoring: Continuous security monitoring and intrusion detection.
• Vendor Security: Our infrastructure providers maintain SOC 2 Type II and ISO 27001 certifications.
• Incident Response: Documented procedures for security incident detection, containment, and notification.

While we strive to protect your data, no method of transmission over the Internet is 100% secure. Please protect your account credentials and notify us immediately of any suspected unauthorized access.

7. Your Rights (GDPR - EEA/UK Residents)

If you are located in the European Economic Area or United Kingdom, you have the following rights:

• Right of Access: Request a copy of the personal data we hold about you.
• Right to Rectification: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
• Right to Restrict Processing: Request that we limit how we use your data in certain circumstances.
• Right to Data Portability: Receive your data in a structured, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing.
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent.
• Right to Lodge a Complaint: File a complaint with your local data protection authority.

To exercise these rights, contact us at privacy@uptimeaudit.io. We will respond within 30 days.

8. Your Rights (CCPA - California Residents)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with the following rights:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, purposes, and third parties with whom we share it.
• Right to Delete: Request deletion of personal information we have collected, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell personal information, so this right does not apply. However, you may opt out of sharing for targeted advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To submit a request, email privacy@uptimeaudit.io or call our privacy line. We may verify your identity before processing requests.

California Shine the Light: California residents may request information about disclosure of personal information to third parties for direct marketing purposes. We do not share personal information for such purposes.

9. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

9.1 Essential Cookies

Required for the Service to function, including authentication, session management, and security. These cannot be disabled.

9.2 Analytics Cookies

Help us understand how users interact with our Service. We use privacy-focused analytics that do not track individuals across sites.

9.3 Preference Cookies

Remember your settings and preferences for a better experience.

Managing Cookies: You can control cookies through your browser settings. Note that disabling essential cookies may impair Service functionality. We honor Do Not Track (DNT) signals where technically feasible.

10. International Data Transfers

UptimeAudit is based in the United States. If you access our Service from outside the US, your information may be transferred to and processed in the United States or other countries where our service providers operate.

For transfers from the EEA/UK, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Data Processing Agreements with our service providers
• Adequacy decisions where applicable

You may request a copy of the safeguards we use by contacting privacy@uptimeaudit.io.

11. Children's Privacy

Our Service is not directed to children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@uptimeaudit.io, and we will delete such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. If we make material changes, we will notify you by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to active account holders
• Displaying a prominent notice in our dashboard

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. We encourage you to review this page periodically.

13. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Privacy Inquiries: privacy@uptimeaudit.io
• Data Protection Officer: dpo@uptimeaudit.io
• General Support: support@uptimeaudit.io
• Mailing Address: UptimeAudit, Inc., 251 Little Falls Drive, Wilmington, DE 19808, USA

For EEA/UK residents, you may also contact your local data protection authority if you have unresolved concerns about our handling of your data.

By using UptimeAudit, you acknowledge that you have read and understood this Privacy Policy. For our terms governing the use of the Service, please see our Terms of Service.