Privacy Policy

Last updated: April 28, 2026

Introduction

Monitoristic is operated by Solvix Studio ("we," "us," or "our"). We provide website and API uptime monitoring services. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our platform and related services. By creating an account or using Monitoristic, you agree to the practices described in this policy.

Information We Collect

We collect only the information necessary to provide and improve our monitoring service. The categories of data we collect are:

Account Information

When you register, we collect your name, email address, and organization name. Your password is cryptographically hashed before storage — we never store or have access to your plaintext password.

Monitor Data

We store the URLs and endpoints you configure for monitoring, along with the results of each uptime check, including HTTP status codes, response times, and error details. This data is essential to delivering the service you signed up for.

Usage Data

We collect aggregated, non-personally-identifiable information about how you interact with the product, such as pages visited and features used. This data helps us understand which parts of the product are most valuable and where we can improve.

Payment Data

All payment processing is handled entirely by Paddle, our merchant of record. We never see, receive, or store your credit card numbers, bank account details, or other payment credentials. Paddle provides us with transaction identifiers and subscription status so we can manage your plan.

How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and operate the uptime monitoring service, including running checks, generating reports, and sending alerts.
  • Send transactional emails such as welcome messages, password reset links, and account notifications.
  • Improve the product based on aggregated usage patterns and anonymized performance metrics.

We do not sell, rent, or trade your personal data to any third party. Period.

Lawful Basis for Processing

We process your personal data under the following lawful bases as defined by the General Data Protection Regulation (GDPR):

  • Contractual necessity (Art. 6(1)(b)): Account data, monitor configuration, and check results are processed to deliver the monitoring service you subscribed to. Transactional emails are sent as part of account management.
  • Legitimate interest (Art. 6(1)(f)): Aggregated usage data is processed to improve the product. This data is non-personally-identifiable and does not override your rights.

Data Storage & Security

Your data is stored on Cloudflare D1, an edge database. Data may be stored and processed in the United States and other countries where Cloudflare operates. For transfers outside the European Economic Area (EEA), Cloudflare relies on Standard Contractual Clauses and the EU-U.S. Data Privacy Framework. Resend (email delivery) and Paddle (payment processing) are also US-based providers and rely on similar safeguards.

We take the security of your data seriously and implement the following measures:

  • Passwords are hashed using PBKDF2 with 100,000 iterations, making brute-force attacks computationally infeasible.
  • All connections to and from Monitoristic are encrypted using HTTPS with modern TLS protocols.
  • We follow industry-standard security practices, including regular dependency audits and the principle of least privilege for internal access.

Data Retention

We retain your data only for as long as it is needed to provide the service or as required by your subscription plan:

  • Check data: Retained based on your subscription plan — Lite: 30 days, Pro: 90 days, Business: 90 days.
  • Daily aggregated statistics: Retained for the lifetime of your account to power historical trend reports and uptime percentage calculations.
  • Account data: Retained for as long as your account remains active.
  • Deleted data: When you request account deletion, all associated personal data and monitoring records are permanently removed from our systems within 30 days.

Third Parties

We work with a small number of carefully selected third-party providers to operate our service. We do not share your data with any parties beyond those listed below:

  • Paddle — Payment processing and merchant of record. Paddle handles all billing, invoicing, tax compliance, and payment collection on our behalf.
  • Cloudflare — Infrastructure and edge computing. Our application and database run on Cloudflare's global network.
  • Resend — Transactional email delivery. Used to send account notifications and password resets.

We do not use any analytics or tracking services. There are no third-party scripts collecting data about your behavior on our platform.

Your Rights

You have full control over your personal data. Depending on your jurisdiction, you may have the right to:

  • Access your personal data directly through your account dashboard.
  • Correct any inaccurate or outdated information we hold about you.
  • Delete your account and all associated data.
  • Restrict processing of your personal data in certain circumstances.
  • Object to processing of your data based on legitimate interest.
  • Lodge a complaint with your local data protection supervisory authority if you believe your rights have been violated.

To exercise any of these rights, you can use the controls available in your account settings or contact us directly at privacy@monitoristic.com.

California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information, including the right to know what data we collect, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell your personal information to third parties. To exercise your rights, contact us at privacy@monitoristic.com.

Children's Privacy

Monitoristic is not directed to individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us and we will promptly delete it.

Cookies

We take a minimal approach to cookies. Monitoristic uses a single session cookie that is strictly necessary for authentication. This cookie identifies your logged-in session and expires automatically after 7 days of inactivity.

We do not use tracking cookies, third-party cookies, or analytics cookies of any kind. There are no cookie banners because there is nothing to consent to beyond what is required for the service to function.

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal and regulatory reasons. If we make material changes, we will notify you via email at the address associated with your account before the changes take effect.

Your continued use of Monitoristic after any changes to this policy constitutes your acceptance of the updated terms.

Contact

If you have any questions about this Privacy Policy or how we handle your data, please reach out to us at privacy@monitoristic.com. We aim to respond to all privacy-related inquiries within 48 hours.