Privacy Policy
Last updated: 2026
1. Who we are
We operate Pinglyra and are the data controller for the personal data described in this policy. You can reach us at [email protected].
2. Data we collect
- Account data: your name, email and a hashed password (or a linked Google/Microsoft identity).
- Organization data: organization name, branding, team members, roles and billing identifiers.
- Monitoring targets: the websites, domains and endpoints you configure for monitoring.
- Check & scan results: uptime, SSL, DNS, email-security and header results, including data from the free website scan.
- Reports & status pages: generated reports and the content shown on your status pages.
- Alerts & notifications: alert-channel configuration and a log of notifications sent.
- Operational data: audit logs, IP addresses (for security and rate-limiting) and authentication events.
3. How we use it
To provide monitoring, send alerts and reports, render status pages, enforce plan limits, secure the Service, prevent abuse, and process payments. We do not sell your personal data.
4. Legal bases
Where the GDPR applies, we process data to perform our contract with you (providing the Service), to pursue legitimate interests (security, abuse prevention, service improvement), to comply with legal obligations, and, where required, with your consent (e.g. optional analytics).
5. Service providers & subprocessors
- Payments: handled by Stripe. We store billing identifiers only — never full card details.
- Email delivery: when email is configured, a third-party SMTP/email provider processes outbound alert, report and account emails.
- Analytics: not enabled. If we enable analytics in future, we will use a privacy-conscious provider and update this policy.
6. Data retention
Check results and notification logs are retained for a configurable period and then automatically pruned. You can delete monitors, reports and your account at any time; deletion removes the associated data on a rolling basis.
7. Your rights
Depending on your jurisdiction, you may have the right to access, correct, export, restrict or delete your personal data, and to object to certain processing. To exercise these rights, contact [email protected]. You may also have the right to lodge a complaint with your local data-protection authority.
8. Security
Passwords are hashed with Argon2id. Access is tenant-isolated and role-based, with mandatory multi-factor authentication where configured. Monitoring is passive and read-only, and outbound checks are protected against probing of private networks. Secrets are stored in environment/secret configuration, never in source control.
9. Security contact
To report a security concern or vulnerability, email [email protected]. See our security page for details.
10. Contact
Privacy questions: [email protected].