Privacy Policy

Last updated: July 2026

Monitorion ("we," "us," or "our") operates the monitorion.com website and the app.monitorion.com platform (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

Account Information. When you create an account, we collect your email address, name, and password (hashed, never stored in plaintext). If you sign up via a third-party OAuth provider (Google, GitHub), we receive your name and email from that provider.

Monitor Configuration. We store the URLs, hostnames, IP addresses, and configuration parameters you provide when setting up monitors. This data is necessary to perform the monitoring checks you have requested.

Check Results. We collect and store the results of monitoring checks, including response times, status codes, error messages, SSL certificate details, DNS records, and screenshots. This data is retained according to your subscription tier (7 to 365 days).

Billing Information. Payment processing is handled by Paddle (our payment processor). We do not directly store your credit card numbers or bank account details. Paddle provides us with your name, email, subscription status, and transaction history.

Usage Data. We automatically collect information about how you interact with the Service, including pages visited, features used, browser type, operating system, IP address, and referring URLs.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Execute monitoring checks and deliver alert notifications
  • Process subscriptions, payments, and billing
  • Send transactional emails (account verification, password resets, alert notifications)
  • Provide customer support and respond to inquiries
  • Analyze usage patterns to improve the Service
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not sell your personal data to third parties. We do not use your monitoring data for advertising purposes.

3. Data Storage and Security

Your data is stored in Supabase (PostgreSQL) with Row Level Security (RLS) policies that enforce strict data isolation between accounts. All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.

API keys are hashed with SHA-256 before storage and are never stored in plaintext. Session tokens use HTTP-only cookies with secure and SameSite attributes.

We maintain security measures including rate limiting, input validation, CSRF protection, and Content Security Policy headers. However, no method of transmission over the Internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate the platform:

  • Paddle — payment processing and subscription management. Paddle acts as our Merchant of Record and processes all payments. See Paddle's Privacy Policy.
  • Resend — transactional email delivery for account notifications and alert emails. See Resend's Privacy Policy.
  • Twilio — SMS alert delivery for paid plans. Your phone number is shared with Twilio only when you configure SMS alerts. See Twilio's Privacy Policy.
  • Supabase — database hosting, authentication, and file storage. See Supabase's Privacy Policy.
  • Google Analytics — website analytics (marketing site only). See Google's Privacy Policy.

5. Cookies

We use cookies and similar technologies for the following purposes:

  • Essential cookies — required for authentication, session management, and security. These cannot be disabled.
  • Preference cookies — store your settings such as theme preference (light/dark mode) and sidebar state.
  • Analytics cookies — help us understand how visitors interact with our marketing website (via Google Analytics). These are only used on monitorion.com, not in the application.

You can control cookie settings through your browser. Disabling essential cookies may prevent you from using the Service.

6. Data Retention

Monitoring check data is retained according to your subscription tier:

  • Free plan — 7 days
  • Pro plan — 30 days
  • Business plan — 90 days
  • Agency plan — 365 days

Aggregated hourly and daily summaries may be retained longer for historical reporting purposes. Account data (profile, monitor configurations, alert channel settings) is retained for as long as your account is active. Upon account deletion, all personal data is permanently removed within 30 days.

7. Your Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — request a copy of the personal data we hold about you
  • Right to rectification — request correction of inaccurate or incomplete data
  • Right to erasure— request deletion of your personal data ("right to be forgotten")
  • Right to restriction — request that we limit processing of your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing of your personal data for certain purposes
  • Right to withdraw consent — withdraw consent at any time where processing is based on consent

To exercise any of these rights, contact us at [email protected]. We will respond to your request within 30 days.

8. International Data Transfers

Your data may be processed in countries outside your country of residence. We ensure that appropriate safeguards are in place for international transfers, including Standard Contractual Clauses approved by the European Commission where applicable.

9. Children's Privacy

The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at: