ismysiteup

Privacy Policy

Last updated: February 20, 2026

1. Introduction

ismysiteup ("we", "our", "the Service") respects your privacy. This policy explains what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Account Information

  • Email address — used for authentication and account recovery
  • Password — stored as a bcrypt hash (we never store plaintext passwords)

Monitor Data

  • URLs you add for monitoring
  • Monitor names and configuration (check interval, expected status, timeout)
  • Check results: status (up/down), response time, error messages
  • Server information: IP address, country, and city of monitored URLs
  • SSL certificate details: expiry date and issuer
  • Incident history: downtime start/end times and error details

Notification Credentials

  • Email — recipient addresses for alert delivery
  • Custom SMTP — server host, port, username, and password
  • Telegram — bot token and chat ID
  • WhatsApp — phone number and CallMeBot API key

All sensitive credentials (SMTP passwords, Telegram bot tokens, WhatsApp API keys) are encrypted at rest using AES-256-GCM encryption. They are only decrypted at the moment of sending a notification.

Billing Information

Payments are processed by Stripe. We do not store your credit card number, expiry date, or CVC. We only store your Stripe customer ID, subscription ID, plan type, and subscription status. For Stripe's privacy practices, see stripe.com/privacy.

3. How We Use Your Data

  • Monitoring — We make HTTP requests to your URLs to check availability
  • Notifications — We use your notification credentials to send alerts
  • Account management — We use your email for login and service communications
  • Billing — We process payments through Stripe for paid plans

We do not sell, share, or provide your data to third parties for marketing purposes.

4. Data Storage and Security

  • Data is stored in a PostgreSQL database
  • Sensitive credentials are encrypted with AES-256-GCM
  • Passwords are hashed with bcrypt (12 salt rounds)
  • HTTPS is enforced with HSTS headers
  • Security headers protect against XSS, clickjacking, and content sniffing
  • SSRF protection prevents monitoring of private/internal network addresses

5. Data Retention

  • Error logs — automatically deleted after 30 days
  • Response time data — last 50 data points kept per monitor
  • Incidents — retained for the lifetime of the monitor
  • Account data — soft-deleted when you delete your account; permanently removed after 30 days

6. Third-Party Services

The Service integrates with the following third-party services:

  • Stripe — payment processing. Privacy Policy
  • Telegram Bot API — notification delivery (only if you enable Telegram alerts). Privacy Policy
  • CallMeBot — WhatsApp notification delivery (only if you enable WhatsApp alerts). Privacy Policy

7. Cookies

We use only essential cookies required for authentication (session cookies). We do not use analytics cookies, tracking pixels, or any third-party advertising cookies.

8. Your Rights

You have the right to:

  • Access your data — view all your monitors, settings, and incidents from the dashboard
  • Export your data — use the JSON export feature to download your monitors
  • Correct your data — edit your monitors and notification settings at any time
  • Delete your data — delete individual monitors or your entire account from Settings

If you are located in the EU/EEA, you may also have rights under the GDPR including the right to data portability, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

9. Children

The Service is not intended for users under 16 years of age. We do not knowingly collect data from children.

10. Changes to This Policy

We may update this policy from time to time. We will notify registered users of material changes via email. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related questions or requests, contact us at contact@ismysiteup.net.