Privacy Policy — PingBlitz

Contents

1. Who We Are
2. What Data We Collect
3. How We Use Your Data
4. Legal Basis for Processing
5. Data Storage & Security
6. Third-Party Sub-Processors
7. Data Retention
8. Your Rights
9. Cookies
10. Children's Privacy
11. Changes to This Policy
12. Contact & DPA Requests

Plain English summary: We collect only what we need to run the service. We store it securely in the EU. We don't sell it. You can ask us to delete it at any time.

Section 01

Who We Are

PingBlitz ("we", "us", "our") is a website uptime monitoring service operated as a UK business. Our website is pingblitz.com.

For the purposes of the UK GDPR and EU GDPR, PingBlitz is the Data Controller for personal data collected through our service.

Contact: hello@pingblitz.com

Section 02

What Data We Collect

We collect the following categories of personal data:

Account information — your name and email address when you register
URLs you monitor — the website addresses you add to your account
Alert contact details — email address and phone number for alert notifications
Check results — uptime data, response times, SSL and domain expiry data for your monitored URLs
Billing information — handled entirely by Paddle; we do not store card details
Usage data — how you interact with our dashboard (page views, feature usage)
Technical data — IP address, browser type, device type when you access our service

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, health data, or biometric data.

Section 03

How We Use Your Data

We use your data for the following purposes:

Providing the monitoring service — checking your URLs and recording results
Sending alert notifications when your monitored services change status
Sending weekly health reports (you can opt out at any time)
Processing your subscription payments via Paddle
Sending transactional emails via Amazon SES (login links, receipts, alerts)
Improving the service — understanding how customers use PingBlitz
Complying with legal obligations

We do not use your data for advertising, profiling, or any purpose not listed above.

Section 04

Legal Basis for Processing

Under UK/EU GDPR, we process your data on the following legal bases:

Contract performance — processing necessary to deliver the monitoring service you subscribed to
Legitimate interests — service improvement, security, fraud prevention
Legal obligation — retaining billing records as required by law
Consent — marketing communications (where applicable; you can withdraw at any time)

Section 05

Data Storage & Security

All PingBlitz data is stored on Cloudflare's infrastructure in the EU (Ireland region). Cloudflare holds ISO 27001 certification and SOC 2 Type II compliance.

We implement the following security measures:

All data encrypted in transit via TLS 1.3
Database encryption at rest
No passwords stored — authentication via magic links only (Clerk)
API keys and secrets stored as encrypted environment variables
Access to production systems restricted to authorised personnel only

In the event of a data breach that affects your personal data, we will notify you within 72 hours as required by GDPR.

Section 06

Third-Party Sub-Processors

We use the following sub-processors to deliver our service. Each has been assessed for GDPR compliance:

Sub-processor	Purpose	Location	Privacy Policy
Cloudflare	Infrastructure, database, edge computing	EU (Ireland)	cloudflare.com/privacy
Clerk	User authentication & identity	US (SCCs applied)	clerk.com/privacy
Paddle	Payment processing & billing	UK/EU	paddle.com/privacy
Amazon SES	Transactional email delivery	EU (Ireland)	aws.amazon.com/privacy
Twilio	SMS alert delivery	US (SCCs applied)	twilio.com/privacy

SCCs = Standard Contractual Clauses, the legal mechanism for transferring data outside the EU/UK lawfully.

We do not share your personal data with any other third parties except as required by law.

Section 07

Data Retention

We retain your data for the following periods:

Account data — retained while your account is active, deleted 30 days after account closure
Monitoring check results — retained for 12 months, then automatically deleted
Incident history — retained for 24 months for compliance and audit purposes
Billing records — retained for 7 years as required by UK tax law
Alert logs — retained for 90 days

You can request deletion of your personal data at any time. We will action deletion requests within 30 days, except where retention is required by law.

Section 08

Your Rights

Under UK and EU GDPR, you have the following rights regarding your personal data:

✓ Right of Access

Request a copy of all personal data we hold about you

✓ Right to Rectification

Ask us to correct inaccurate or incomplete data

✓ Right to Erasure

Request deletion of your personal data ("right to be forgotten")

✓ Right to Portability

Receive your data in a machine-readable format

✓ Right to Object

Object to processing based on legitimate interests

✓ Right to Restrict

Request we limit how we use your data

To exercise any of these rights, contact us at hello@pingblitz.com. We will respond within 30 days. There is no charge for reasonable requests.

If you are unhappy with how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

Section 09

PingBlitz uses minimal cookies necessary for the service to function:

Session cookies — to keep you logged in during your browser session (set by Clerk)
Preference cookies — to remember your dashboard settings

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not use Google Analytics.

You can control cookies through your browser settings. Disabling session cookies will prevent you from staying logged in.

Section 10

Children's Privacy

PingBlitz is not directed at children under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at hello@pingblitz.com.

Section 11

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email at least 14 days before they take effect. The most current version will always be available at pingblitz.com/privacy.

Your continued use of PingBlitz after changes take effect constitutes acceptance of the updated policy.

Section 12

Contact & DPA Requests

For any privacy-related questions, data subject access requests, or Data Processing Agreement (DPA) requests:

Email: hello@pingblitz.com
Subject line: "Privacy Request" or "DPA Request"
We will respond within 30 days

For enterprise customers requiring a signed DPA for compliance purposes (ISO 27001, SOC 2, etc.), please email us with your requirements and we will provide one within 5 business days.