Privacy Policy
Last updated: March 2026
PingRCA ("we," "us," or "our") operates the PingRCA uptime monitoring platform. This Privacy Policy explains what data we collect, how we use it, and your rights regarding your personal information. We are committed to protecting your privacy and complying with applicable data protection laws, including the General Data Protection Regulation (GDPR).
1. Data We Collect
We collect only the data necessary to provide the monitoring service:
Account Information
- Email address— used for authentication, alerts, and account communications.
- Password hash— your password is hashed with bcrypt before storage. We never store plaintext passwords.
- API key— generated for programmatic access to your account.
Monitoring Data
- Monitor URLs— the website addresses you configure for monitoring.
- Check results— HTTP status codes, response times, headers, and availability status for each check.
- Incident data— details of detected outages, including diagnostic probe results.
- AI analysis— root-cause analysis generated by our AI engine for each incident.
Billing Data
Payment information is collected and processed by Stripe. We do not store credit card numbers or full payment details on our servers. We receive only a reference to your Stripe customer record and subscription status.
2. How We Use Your Data
- Provide the monitoring service: We use your monitor URLs and check results to detect outages and generate AI root-cause analysis.
- Send alerts: We use your email address and configured alert channels to notify you of incidents and recoveries.
- Improve AI analysis: We use aggregated, anonymized incident data to improve the accuracy of our AI diagnostic engine. Your specific URLs and account details are never shared.
- Account management: We use your email for authentication, password resets, email verification, and important service communications.
- Billing: We share necessary data with Stripe to process payments for paid plans.
3. Third-Party Services
We use the following third-party services to operate PingRCA:
| Provider | Purpose | Data Shared |
|---|---|---|
| Stripe | Payment processing | Email, subscription details |
| Resend | Transactional email delivery | Email address, alert content |
| AI Provider | AI root-cause analysis | Diagnostic probe data (no personal information) |
| Fly.io | Backend hosting | Application data (encrypted in transit) |
| Vercel | Frontend hosting | Static assets, no personal data |
We do not sell, rent, or trade your personal data to any third party.
4. Data Retention
- Check data (individual uptime check results) is retained for 30 days.
- Incident data (outage records and AI analysis) is retained for 90 days.
- Account data (email, credentials, monitor configurations) is retained until you delete your account.
When you delete your account, all associated data is permanently removed from our systems within 30 days.
5. Your Rights
Under the GDPR and other applicable data protection laws, you have the following rights:
- Access: You can request a copy of all personal data we hold about you.
- Rectification: You can update your account information at any time through the settings page.
- Erasure: You can delete your account at any time, which permanently removes all your data.
- Data export: You can request an export of your monitoring data in a machine-readable format.
- Portability: You can request your data in a structured, commonly used format to transfer to another service.
- Objection: You can object to the processing of your data for specific purposes.
To exercise any of these rights, contact us at privacy@pingrca.com. We will respond to your request within 30 days.
6. Security
We take reasonable measures to protect your data:
- Encryption in transit: All data is transmitted over HTTPS/TLS.
- Password hashing: Passwords are hashed using bcrypt before storage.
- API key authentication: Programmatic access is secured via unique API keys that can be rotated at any time.
- Access controls: Your monitoring data is isolated to your account and not accessible to other users.
7. Cookies and Local Storage
PingRCA does not use cookies. We use browser localStorage solely to store authentication tokens for your session. No tracking cookies, analytics cookies, or third-party cookies are used.
8. Children's Privacy
PingRCA is not designed for or directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal data, please contact us at privacy@pingrca.com and we will promptly delete it.
9. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will notify you via the email address associated with your account. The "Last updated" date at the top of this page indicates when the policy was last revised.
10. Contact
If you have any questions about this Privacy Policy or how we handle your data, please contact us at privacy@pingrca.com.