PingShift
All policiesHome
Draft — pending legal review. These policies describe how PingShift actually handles your data and are written in good faith, but they are not yet attorney-reviewed and are not legal advice. They will be finalized before general availability.

Privacy Policy

Last updated: 2026-05-31

This policy explains what PingShift collects, why, how long we keep it, and the rights you have over it. We aim to collect the minimum needed to run the service well. It is written to be compatible with the GDPR (EU/UK), CCPA/CPRA (California), PIPEDA (Canada), and LGPD (Brazil).

What we collect

  • Account data: your email, hashed password, plan, and settings (locale, timezone).
  • Monitor configuration: the URLs/hosts you ask us to check and their settings.
  • Check data: results of each check (status, response time, status codes, state-change events).
  • Alert-channel config: stored encrypted (e.g. Telegram chat IDs, webhook secrets). We never display or export these secrets.
  • Status-page subscribers: email addresses people give to subscribe to your status pages (double opt-in).
  • Operational metadata: IP addresses and timestamps for security, rate-limiting, and abuse prevention; an audit log of sensitive actions (logins, plan and channel changes).
  • Payment data: handled by Lemon Squeezy, our Merchant of Record. We receive subscription status, not your card details.

Why we use it

To provide monitoring and alerts, render status pages, bill paid plans, secure the service, prevent abuse, and communicate with you about your account. Our legal bases (GDPR) are performance of contract, our legitimate interest in running a secure service, and consent where required (e.g. status-page subscriptions).

Retention

DataKept for
Raw individual check results7 days (then dropped)
Uptime rollups & state-change eventsLong-term, for history graphs
Account & monitor configurationUntil you delete it
Audit logAnonymized when you delete your account

Sub-processors

We rely on a small set of vendors to operate (hosting, email delivery, payments, error tracking). The current list is on our Subprocessors page, kept up to date.

Your rights

You can access and export all your data, and delete your account and its data, directly from the dashboard — these map to the API endpoints GET /account/export and DELETE /account. Deleting your account permanently erases your monitors, channels, status pages, incidents, and subscribers, and anonymizes audit entries. You also have the right to rectification, restriction, objection, and to lodge a complaint with your data-protection authority.

Sharing

We don't sell your personal data. We share it only with the sub-processors above, as needed to run the service, or where legally required.

International transfers

We serve a global audience and may process data outside your country. Where required, transfers rely on appropriate safeguards such as Standard Contractual Clauses.

Contact

Privacy questions or requests: privacy@pingshift.app.