Privacy Policy

Last updated: May 7, 2026

Introduction

Monitoristic is operated by Solvix Studio ("we," "us," or "our"). We provide website and API uptime monitoring services. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform and related services.

By creating an account or using Monitoristic, you acknowledge that you have read and understood this Privacy Policy and agree to our data processing practices.

Information We Collect

We collect only the information necessary to provide and improve our monitoring service. The categories of data we collect are:

Account Information

When you register, we collect your name, email address, and organization name. Your password is cryptographically hashed before storage — we never store or have access to your plaintext password.

Monitor Data

We store the URLs and endpoints you configure for monitoring, along with the results of each uptime check, including HTTP status codes, response times, and error details. This data is essential to delivering the service you signed up for.

Usage Data

We collect aggregated, non-personally-identifiable information about how you interact with the product, such as pages visited and features used. This data helps us understand which parts of the product are most valuable and where we can improve.

Payment Data

All payment processing is handled by Paddle.com, which acts as our Merchant of Record. We never see, receive, or store your credit card numbers, bank account details, or other payment credentials. Paddle shares subscription and purchase-related data with us, including your subscription status, purchase history, and transaction identifiers, so we can manage your plan and entitlements.

For detailed information about how Paddle processes your payment data, please see Payment Processing with Paddle below.

How We Use Your Information

We use the information we collect for the following purposes:

  • Service Delivery: Provide and operate the uptime monitoring service, including running checks, generating reports, and sending alerts.
  • Account Management: Send transactional emails such as welcome messages, password reset links, and account notifications.
  • Product Improvement: Improve the product based on aggregated usage patterns and anonymized performance metrics.
  • Security: Detect, prevent, and address technical issues, fraud, and security threats.

We do not sell, rent, or trade your personal data to any third party. Period.

Paddle.com acts as our Merchant of Record and payment processor. When you make a purchase, you enter into a direct commercial relationship with Paddle.

Data Shared with Paddle

We share the following data with Paddle to process payments:

  • Name and email address
  • Billing and transaction information
  • Purchase history and subscription details
  • Account identifier

Purpose and Legal Basis

This data is processed by Paddle for:

  • Payment processing and transaction management — Contractual necessity (GDPR Art. 6(1)(b))
  • Tax calculation, collection, and remittance — Legal obligation
  • Fraud detection and prevention — Legitimate interest (GDPR Art. 6(1)(f))
  • Customer service related to payment inquiries — Contractual necessity

Data Controller Relationship

  • For payment-related data: Paddle acts as an independent data controller. Your relationship with Paddle is governed by Paddle's Privacy Policy and Buyer Terms.
  • For your account and monitoring data: Solvix Studio is the data controller. We are responsible for processing this data in accordance with this Privacy Policy.
  • Shared data: Where both parties process the same data for the delivery of the service (such as your email address, which we use for service communications and Paddle uses for billing), each party acts as an independent data controller for its own processing purposes. Data sharing between us and Paddle is governed by a controller-to-controller Data Sharing Addendum in accordance with applicable data protection law.

International Data Transfers

Paddle's data processing operations are primarily located in the United Kingdom and the United States. Data transfers to Paddle rely on:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • The UK Extension to the EU-US Data Privacy Framework

Paddle's Privacy Policy

For detailed information about how Paddle processes your personal data, please review Paddle's Privacy Policy.

Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by the General Data Protection Regulation (GDPR):

  • Contractual necessity (Art. 6(1)(b)): Account data, monitor configuration, and check results are processed to deliver the monitoring service you subscribed to. Transactional emails are sent as part of account management.
  • Legitimate interest (Art. 6(1)(f)): Aggregated usage data is processed to improve the product. This data is non-personally-identifiable and does not override your rights.
  • Legal obligation: We may process data to comply with legal obligations, such as tax recordkeeping requirements.

Data Storage & Security

Data Storage Location

Your data is stored on Cloudflare's cloud infrastructure. Data may be stored and processed in the United States and other countries where Cloudflare operates.

For transfers outside the European Economic Area (EEA), Cloudflare relies on:

  • Standard Contractual Clauses (SCCs)
  • The EU-U.S. Data Privacy Framework

Resend (email delivery) and Paddle (payment processing) are also US-based and rely on similar safeguards.

Security Measures

We take the security of your data seriously and implement the following measures:

  • Password Security: Passwords are protected using industry-standard cryptographic hashing, making brute-force attacks computationally infeasible.
  • Encryption: All connections to and from Monitoristic are encrypted using HTTPS with modern TLS protocols.
  • Industry Practices: We follow industry-standard security practices, including regular dependency audits and the principle of least privilege for internal access.
  • Access Control: Access to your data is limited to personnel who need it to provide the service or address support issues.

Data Retention

Active Accounts

We retain your data only for as long as it is needed to provide the service or as required by your subscription plan:

  • Check data: Retained based on your subscription plan — Lite: 30 days, Pro: 90 days, Business: 90 days.
  • Daily aggregated statistics: Retained for the lifetime of your account to power historical trend reports and uptime percentage calculations.
  • Account data: Retained for as long as your account remains active.

Account Deletion and Termination

When you cancel your subscription or request account deletion:

  1. Retention Period: Following cancellation, your data may be retained for a limited period to account for potential refund processing and payment disputes.
  2. Permanent Deletion: To request permanent deletion of all personal data and monitoring records, contact us at [email protected]. We will complete deletion within 30 days of your request.

To request account deletion, please contact us at [email protected].

Third Parties

We work with a small number of carefully selected third-party providers to operate our service. We do not share your data with any parties beyond those listed below:

Paddle — Payment Processing and Merchant of Record

  • Role: Handles all billing, invoicing, tax compliance, and payment collection on our behalf.
  • Data Shared: Name, email, billing information, purchase history, subscription details.
  • Privacy Policy: paddle.com/legal/privacy

Cloudflare — Infrastructure and Edge Computing

  • Role: Our application and database run on Cloudflare's global network.
  • Data Shared: Application data and monitoring data stored on Cloudflare's infrastructure.
  • Privacy Policy: cloudflare.com/privacypolicy

Resend — Transactional Email Delivery

  • Role: Used to send account notifications, password resets, and alert communications.
  • Data Shared: Email address and notification content.
  • Privacy Policy: resend.com/privacy

Umami Cloud — Website Analytics

  • Role: Privacy-respecting website analytics on our marketing site (monitoristic.com).
  • Data Shared: Page visits and anonymized usage patterns.
  • Key Features: Umami does not use cookies, does not collect personally identifiable information, does not store IP addresses, and does not track users across sites. All data is aggregated and anonymous.
  • Privacy Policy: umami.is/privacy

We do not sell, rent, or trade your personal data to any third party. We do not use advertising trackers, retargeting pixels, or third-party tracking cookies.

Emergency Access and Support

In rare circumstances, we may need to access your account or monitoring data without your prior consent:

  • Technical Support: If you request support, we may access your account data to diagnose and resolve issues, with your permission.
  • Service Issues: If your monitoring configuration appears to be causing problems for our systems or other customers, we may temporarily modify your settings to protect service stability. We will notify you afterward.
  • Security Emergencies: If we detect a security threat or compromise, we may access your account to investigate and contain the threat. We will notify you promptly after the emergency is resolved.
  • Legal Requirements: If required by law, court order, or government request, we may disclose your account information as permitted by law. We will notify you unless prohibited by law.

We will only access your data when necessary and will limit access to the minimum scope required to address the situation.

Your Rights

You have full control over your personal data. Depending on your jurisdiction, you may have the right to:

  • Access your personal data directly through your account dashboard.
  • Correct any inaccurate or outdated information we hold about you.
  • Delete your account and all associated data by contacting us (subject to our data retention schedule).
  • Restrict processing of your personal data in certain circumstances.
  • Object to processing of your data based on legitimate interest.
  • Data portability — request a copy of your personal data in a commonly used format by contacting us at [email protected].
  • Withdraw consent where we rely on consent as a legal basis for processing.
  • Lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.
  • Opt out of any sale or sharing of your personal information for advertising purposes — though we do not sell or share your data with third parties for such purposes.

Exercising Your Rights

To exercise any of these rights, you can:

  • Use the controls available in your account settings
  • Contact us directly at [email protected]

We will respond to all privacy-related inquiries within 48 hours (excluding complex requests that may require additional time).

Data Processing Addendum (DPA)

For business customers subject to GDPR or other data protection laws that require a written data processing agreement, this Privacy Policy constitutes our Data Processing Addendum (DPA) and sets forth the terms under which we process personal data on your behalf.

If your organization requires a standalone DPA with additional provisions (such as EU Standard Contractual Clauses for international data transfers, or specific security and audit requirements), please contact us at [email protected].

Children's Privacy

Monitoristic is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

We take a minimal approach to cookies.

Session Cookie

Monitoristic uses a single session cookie that is strictly necessary for authentication. This cookie:

  • Identifies your logged-in session
  • Expires automatically after 7 days
  • Is essential for the service to function

No Tracking Cookies

We do not use:

  • Tracking cookies
  • Third-party cookies
  • Advertising cookies
  • Retargeting pixels

Website Analytics

On our marketing site (monitoristic.com), we use Umami Cloud for anonymous, aggregated website analytics.

  • Umami is a privacy-respecting analytics tool
  • Does not use cookies
  • Does not collect personally identifiable information
  • Does not store IP addresses
  • Does not track users across websites

We display an informational transparency notice on our website to let visitors know about our cookie and analytics practices. Because we do not use consent-requiring cookies or trackers, no opt-in or opt-out action is needed.

Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected users without undue delay, providing clear information about the breach and its impact
  • Notify relevant supervisory authorities within 72 hours of becoming aware of the breach, as required by GDPR and similar laws
  • Comply with all applicable state data breach notification laws in the United States, which generally require notification within 30-45 days depending on the state
  • Take immediate steps to contain and remediate any security incidents

We maintain incident response procedures and will document all breaches in accordance with GDPR Article 33(5).

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and regulatory reasons.

  • Notification: If we make material changes, we will notify you via email at the address associated with your account at least 30 days before the changes take effect.
  • Summary of Changes: Material changes will be clearly communicated with a summary of what has changed.
  • Acceptance: Your continued use of Monitoristic after any changes to this policy constitutes your acceptance of the updated terms.
  • Explicit Consent: Where required by applicable data protection laws, we will seek your explicit consent before material changes take effect.

Contact

If you have any questions about this Privacy Policy or how we handle your data, please reach out to us:

  • Email: [email protected]
  • Response Time: We aim to respond to all privacy-related inquiries within 48 hours.

This Privacy Policy was last updated on May 7, 2026. Monitoristic is operated by Solvix Studio.