← back to home

Privacy Policy

// effective: 2026-05-25

// CheckPulse is operated by an individual sole proprietor. Full entity details and mailing address are available on request — email [email protected].

This Privacy Policy explains what personal data CheckPulse (“CheckPulse,” “we,” or “us”) collects when you use the CheckPulse uptime, DNS, and SSL monitoring service (the “Service”), how we use that data, who we share it with, and the choices you have. By using the Service you agree to the practices described here.

// 1. Data we collect

We collect only what we need to operate the Service:

  • Account data — email address and a bcrypt-hashed password. We never store your password in plaintext.
  • Billing data — handled entirely by Stripe. We store a Stripe customer ID, your current plan, subscription status, and current period end. We do not store card numbers, CVCs, or full billing addresses.
  • Monitor configuration — project names, monitor names, the URLs / hostnames / DNS records you ask us to check, and the configured alert routing rules.
  • Alert channel credentials — webhook URLs, bot tokens, SMTP host / username / password, and channel IDs, stored as you provide them so we can deliver alerts on your behalf. These are sensitive secrets; treat them like passwords.
  • Check results — for each scheduled check, we record the timestamp, region, status (up / down), HTTP status code, response time, certificate details (subject, issuer, days remaining) for SSL monitors, and resolved DNS values for DNS monitors.
  • Email metadata — short-lived verification and password-reset tokens, plus the address we sent each transactional email to (via our email provider's logs).

We do not log IP addresses, user agents, or browsing activity. We do not use analytics or advertising trackers.

// 2. How we use your data

  • Authentication — to sign you in and keep your session alive.
  • Service delivery — running the checks you configure, computing consensus across regions, opening and resolving incidents, and dispatching alerts to your configured channels.
  • Billing — processing payments and enforcing the limits of your current plan.
  • Transactional email — verification, password reset, and (optionally) email alerts you configure.
  • Support — answering your questions and investigating service issues you report.

We do not sell your data, share it with advertisers, or use it to train AI models.

// 3. Sub-processors

We rely on the following third parties to operate the Service:

  • Stripe, Inc. — payments, subscription management, and webhook delivery. See Stripe's privacy policy.
  • Resend — transactional email (verification, password reset). See Resend's privacy policy.
  • DigitalOcean — application hosting and managed PostgreSQL / Redis.

All sub-processors are bound by data processing agreements requiring confidentiality and security commitments at least as protective as ours.

// 4. Retention

  • Account data and monitor configuration — retained for as long as your account is active. Deleted when you delete your account.
  • Check history — automatically pruned on a per-plan schedule: 7 days on Free, 90 days on Starter, 365 days on Pro. Older check records are deleted nightly.
  • Incidents — retained for as long as the parent monitor exists.
  • Verification and password reset tokens — expire automatically (verification: 24 hours; reset: 1 hour) and are invalidated immediately on use.
  • Billing records — retained for as long as required by tax law in the State of Delaware, USA, typically 7 years.

// 5. Your rights

If you are in the EU/UK (GDPR / UK GDPR), in California (CCPA/CPRA), or in any other jurisdiction with comparable privacy law, you have the right to:

  • Access — request a copy of the personal data we hold about you.
  • Correct — update inaccurate data via your Account page or by contacting us.
  • Delete — permanently erase your account and associated data using the Delete account button on the Account page. Cancel any active subscription first.
  • Port — request your data in a machine-readable format.
  • Object / restrict — to certain processing, subject to law.
  • Lodge a complaint — with your local supervisory authority.

To exercise any of these rights other than self-service deletion, email us at [email protected]. We respond within 30 days.

// 6. International transfers

Our service is operated from the State of Delaware, USA. Our regional check workers run in the United States, Europe, and Asia. If you are located outside the State of Delaware, USA, your data may be transferred to and processed in any of these regions. Where required by law, we rely on Standard Contractual Clauses or equivalent safeguards.

// 7. Cookies

We set a small number of strictly-necessary cookies to keep you signed in (a JWT access token, a refresh token, and short-lived flash-message cookies). We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

// 8. Security

Passwords are hashed with bcrypt. Sub-processor traffic is encrypted in transit (HTTPS / TLS). The database is hosted on managed infrastructure with at-rest encryption. We do not claim to be invulnerable; if you discover a security issue please report it to [email protected] rather than disclosing it publicly.

// 9. Children

The Service is not directed at children under 16, and we do not knowingly collect personal data from anyone under 16. If you believe a child has provided us with data, contact [email protected] and we will delete it.

// 10. Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced by email and via a notice on this page at least 14 days before they take effect. The “effective” date at the top of this page reflects the current version.

// 11. Contact

CheckPulse
[email protected]