🦅 The short version: We collect only what's necessary to provide the monitoring service.
We never sell your data. You can delete your account and all data at any time.
We use a small number of trusted third-party services to run the platform.
01Who We Are
Pinghawk is an API uptime monitoring service operated by a solo developer.
This Privacy Policy explains how we collect, use, and protect your personal
information when you use Pinghawk at
pinghawk.io and
app.pinghawk.io.
For privacy-related questions, contact us at:
hello@pinghawk.io
02Data We Collect
We collect the minimum data needed to provide the monitoring service:
Account data
- Email address — used for authentication and alert notifications
- Full name — optional, used for display purposes only
- Account creation timestamp
- Subscription plan (free, indie, or pro)
Monitor configuration data
- URLs you configure for monitoring
- Monitor settings (check interval, expected status code, method)
- Alert channel configuration (Slack webhook URLs, custom webhook URLs, email addresses)
- Cron monitor names and check-in tokens
Monitoring result data
- HTTP check results (status, response time, status code, region)
- Incident records (when monitors go down and recover)
- Hawk Mode snapshots (DNS timings, TLS timings, response body at failure)
- SSL certificate expiry data for your monitored endpoints
- Alert delivery logs (which alerts were sent, to which channel, at what time)
Technical data
- IP address — captured in audit logs for security and abuse investigation
- Browser and device information via standard HTTP headers
Audit log data
For security, abuse prevention, and legal compliance, we maintain a permanent audit log of significant account actions. This includes:
- Account actions — monitor created/deleted, alert channels configured, account deleted
- URLs you configure for monitoring
- Alert destinations — email addresses, Slack/Discord webhook URLs, custom webhook URLs (signing secrets are never logged)
- IP address and timestamp of each action
Audit logs are retained permanently and are not deleted when you delete your account. This is standard practice for all production SaaS platforms and is necessary for security investigation and legal compliance.
What we do NOT collect
- Payment information (handled entirely by Stripe when billing is enabled)
- Passwords (handled by Supabase Auth — we never see your password)
- Tracking cookies or advertising data
- Data from URLs you monitor beyond what is visible in a standard HTTP response
03How We Use Your Data
Email address
Auth, alert emails, account notices
Contract performance
Monitor URLs
Making HTTP checks on your behalf
Contract performance
Check results
Uptime history, incident detection, dashboard
Contract performance
Hawk snapshots
Debug context for failures
Contract performance
IP address
Rate limiting, abuse prevention, audit logging
Legitimate interest
Audit logs
Security investigation, abuse prevention, legal compliance
Legitimate interest
We do not use your data for advertising, profiling, or any purpose
beyond operating the Pinghawk service.
04Third-Party Services
Pinghawk uses a small number of trusted third-party services to operate.
Each receives only the minimum data necessary:
Supabase
Database + authentication
All account and monitoring data
Resend
Transactional email (alerts)
Your email address + alert content
Render
Backend server hosting
Application logs (no personal data)
Netlify
Landing page hosting + waitlist forms
Email (waitlist signups only)
Stripe
Payment processing (at launch)
Email + payment info (when billing enabled)
Each of these services has their own privacy policy. We encourage you to
review them if you have concerns about how they handle data.
05Data Retention
We retain your data as follows:
- Check history — displayed according to your plan's history window (7 days free / 30 days Indie / 90 days Pro). We are implementing automatic deletion of data beyond the Pro plan window.
- Incident records and Hawk snapshots — retained while your account is active.
- Alert logs — retained while your account is active.
- Account and monitor configuration — retained until you delete your account.
- Deleted account data — permanently and irreversibly deleted immediately upon account deletion.
- Audit logs — retained permanently for security and legal compliance, even after account deletion. Audit logs contain action metadata (what was done, when, from which IP) but never contain passwords, secrets, or signing keys.
06Your Rights
Under GDPR (if you are in the EU/EEA) and similar privacy laws, you have the following rights:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — correct inaccurate personal data.
- Right to erasure — delete your account and all associated data at any time from the Account settings page in your dashboard. This is immediate and permanent. Note: audit logs of your account actions are retained for security and legal compliance as described in Section 05.
- Right to data portability — request your data in a machine-readable format.
- Right to object — object to processing of your personal data in certain circumstances.
- Right to withdraw consent — where processing is based on consent, you may withdraw it at any time.
To exercise any of these rights, email us at
hello@pinghawk.io.
We will respond within 30 days.
The easiest way to delete all your data is directly from the
Account page in your dashboard — no email required.
07Cookies & Tracking
Pinghawk does not use cookies for tracking or advertising.
Authentication sessions are stored in your browser's
localStorage by Supabase Auth — this is
local to your device and is cleared when you sign out or
delete your account.
The landing page at pinghawk.io does not use any tracking or
analytics cookies. We do not know who visits our landing page
beyond what Netlify's server logs capture (IP address, page requested).
08Security
We take reasonable measures to protect your data:
- All data is encrypted in transit using HTTPS/TLS.
- Database access is protected by Row Level Security — users can only access their own data.
- Authentication is handled by Supabase Auth — we never store or see passwords.
- API keys and credentials are never stored in version control.
- Webhook secrets are masked in the dashboard UI.
If you discover a security vulnerability, please report it responsibly to
hello@pinghawk.io.
09Children's Privacy
Pinghawk is not directed at children under 16 years of age.
We do not knowingly collect personal data from children.
If you believe a child has provided us with personal data,
please contact us at hello@pinghawk.io.
10Changes to This Policy
We may update this Privacy Policy from time to time. For material changes,
we will notify you by email at least 30 days before the
changes take effect. The date at the top of this page reflects the
most recent update.
11Contact & Data Requests
For any privacy-related questions, data access requests, or concerns:
Pinghawk · pinghawk.io ·
Built by a solo developer.