Legal

Privacy Policy

Last updated: February 22, 2026

This Privacy Policy explains how Pingdot ("we", "us", or "our") collects, uses, and protects information about you when you use our services at pingdot.io.

Information We Collect

Account information: When you register, we collect your email address and password (hashed with bcrypt). We do not store plain-text passwords.

Monitor data: URLs, check intervals, and configurations you create for your monitors.

Usage data: Log data such as IP addresses, browser type, pages visited, and timestamps — used for security and debugging.

Payment data: We use third-party payment processors (BoomFi, LemonSqueezy). We do not store credit card numbers or full payment details on our servers.

How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the pingdot service
  • Send you monitoring alerts and incident notifications
  • Process payments and manage your subscription plan
  • Respond to support requests
  • Detect and prevent fraud or abuse
  • Send transactional emails (no marketing without consent)

Data Sharing

We do not sell your personal data. We share data only with:

  • Service providers that help us operate (Neon PostgreSQL, Upstash Redis, QStash, Resend)
  • Payment processors when you purchase a plan
  • Law enforcement when required by law

Cookies & Tracking

We use minimal cookies for session authentication (NextAuth.js session token). We do not use third-party tracking cookies or advertising pixels.

Our monitoring infrastructure makes HTTP requests to your configured URLs — these appear as regular traffic from our server IPs.

Data Retention

We retain your data for as long as your account is active. Monitor check results are kept for 90 days. Incident history is retained indefinitely until deleted by you.

You can request deletion of your account and all associated data by emailing support@pingdot.io.

Security

We implement security best practices including:

  • Passwords hashed with bcrypt (salt rounds: 12)
  • Webhook payloads signed with HMAC-SHA256
  • Rate limiting on all API and auth endpoints
  • SSRF protection blocking private IP ranges
  • All data transmitted over HTTPS/TLS

Your Rights

Depending on your location, you may have rights to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your account and data
  • Export your data in machine-readable format
  • Object to processing of your data

To exercise these rights, contact support@pingdot.io.

Children's Privacy

Pingdot is not intended for children under 13. We do not knowingly collect personal information from children.

Changes to This Policy

We may update this policy from time to time. We will notify registered users via email for material changes. Continued use of the service constitutes acceptance of the updated policy.

Contact

Questions about this policy? Email us at support@pingdot.io

Privacy PolicyTerms of Service

© 2026 Pingdot. All rights reserved.