Skip to main content

Privacy Policy

Effective Date: March 12, 2026 · Version: v1.0

Introduction

This Privacy Policy explains what information PingBase collects, how we use it, and your choices. PingBase provides uptime monitoring software to organizations. This policy applies to visitors to our website and customers using the Service.

1. Information We Collect

Account Information

  • Name
  • Email address
  • Organization name

Monitoring Data

URLs you configure for monitoring, check results (response time, status codes, TLS certificate details), incident records, and status page configuration.

Usage and Security Logs

Login timestamps, IP addresses, browser/device information, and audit logs needed to operate and protect the Service.

Billing Information

Payment processing will be handled by Stripe. We will not store full credit card numbers.

2. How We Use Information

We use information to:

  • Provide and maintain the monitoring Service
  • Send incident notifications and status updates to subscribers
  • Secure the Service and prevent abuse
  • Manage billing and subscriptions
  • Communicate account updates
  • Improve product reliability and usability

We may generate aggregated, anonymized statistics to understand product performance.

3. What We Do Not Do

  • We do not sell customer data.
  • We do not use Customer Data for advertising.
  • We do not use tracking cookies or third-party analytics on the monitoring dashboard.

4. Subprocessors

We use trusted third-party providers ("subprocessors") to operate the Service. Each subprocessor is bound by data protection obligations consistent with this policy.

Cloudflare

Hosting (Pages + Workers), CDN, DDoS protection, DNS, and Turnstile CAPTCHA. Operates globally.

Neon

PostgreSQL database hosting. Data is stored in the United States, encrypted at rest with point-in-time recovery.

Brevo

Transactional email delivery (incident notifications, subscriber alerts).

Google & GitHub

OAuth authentication providers. Only email and profile name are accessed.

We will provide at least 30 days' notice before adding new subprocessors that process personal data. Notice will be given via update to this policy or direct communication to account holders.

5. Data Retention

We retain Customer Data for the duration of the subscription.

Check results and monitoring data are retained for the lifetime of your account.

Audit logs are retained for 7 years for compliance purposes.

After account deletion, data is permanently removed, subject to backup retention periods and legal requirements.

6. Security

We implement reasonable administrative and technical safeguards appropriate to a multi-tenant SaaS platform, including:

  • PBKDF2-SHA-256 password hashing (100,000 iterations)
  • TOTP multi-factor authentication
  • TLS 1.3 encryption in transit
  • At-rest encryption (Neon database)
  • Rate limiting on all authentication and API endpoints
  • Content Security Policy and security headers
  • Immutable audit logging

No system can guarantee absolute security. Security is a shared responsibility between PingBase and customer organizations.

7. Your Choices

Organization administrators may:

  • Update account and profile information
  • Manage team members and roles
  • Delete their account and all associated data via Settings
  • Contact us regarding data export requests

8. Cookies

Essential Cookies

A single session cookie for authentication. HTTP-only, secure, SameSite=lax. Required for the Service to function.

We do not use tracking cookies, analytics cookies, or advertising cookies on the monitoring dashboard.

9. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, we process personal data on the following legal bases under Article 6:

Contract Performance (Art. 6(1)(b))

Processing necessary to provide the Service under our agreement with your organization — including account management and support.

Legitimate Interests (Art. 6(1)(f))

Processing necessary for our legitimate business interests, such as improving the Service, ensuring security, and preventing fraud.

Legal Obligation (Art. 6(1)(c))

Processing required to comply with applicable law, such as financial record-keeping obligations.

10. Your Rights Under GDPR

If you are located in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar data protection laws, you have the following rights:

  • Right of Access (Art. 15): Request a copy of the personal data we hold about you.
  • Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
  • Right to Erasure (Art. 17): Request deletion of your personal data. You can delete your account directly from Settings.
  • Right to Restriction (Art. 18): Request that we limit how we use your data in certain circumstances.
  • Right to Data Portability (Art. 20): Receive your personal data in a structured, machine-readable format.
  • Right to Object (Art. 21): Object to processing based on legitimate interests.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

If you are not satisfied with our response, you have the right to lodge a complaint with your local supervisory authority.

11. Your Rights Under CCPA (California Residents)

If you are a California resident, the CCPA and CPRA provide you with specific rights:

Right to Know and Access

You may request that we disclose the categories and specific pieces of personal information we have collected, the sources, the purposes, and any third parties with whom we share it.

Right to Delete

You may delete your account directly from your Settings page, or contact us at [email protected].

Do Not Sell or Share

PingBase does not sell, rent, or share your personal information with third parties for marketing purposes.

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA/CPRA rights.

12. International Data Transfers

PingBase is based in the United States and our infrastructure (Neon, Cloudflare) stores and processes data in the US and globally.

Where required, we rely on Standard Contractual Clauses (SCCs) as the lawful mechanism for transferring personal data outside the EEA or UK.

Customers who require a Data Processing Addendum (DPA) incorporating SCCs may request one by contacting [email protected].

13. Data Breach Notification

In the event of a personal data breach that is likely to result in risk to individuals, we will:

  • Notify affected customers without undue delay and, where feasible, within 72 hours (per GDPR Art. 33/34).
  • Provide information about the nature of the breach, the data affected, likely consequences, and measures taken.
  • Document all breaches internally regardless of whether notification is required.

14. Data Protection Contact

PingBase is a small US-based company. We do not currently meet the thresholds requiring formal appointment of a Data Protection Officer (DPO) under GDPR Art. 37.

For all data protection inquiries, contact [email protected].

15. Children's Privacy

The Service is a business-to-business platform and is not directed at children. We do not knowingly collect personal data from individuals under the age of 16.

If you believe we have inadvertently collected data from a minor, please contact us at [email protected] and we will delete it promptly.

16. Changes

We may update this Privacy Policy from time to time.

Continued use of the Service after changes constitutes acceptance.

17. Contact

Privacy questions:

[email protected]

PingBase · Pennsylvania, USA