Privacy policy

Effective: May 1, 2026

This is a plain-English summary of how Pingoru handles your data. We've tried to keep it short, structured, and accurate. If anything's unclear, contact us and we'll clarify.

Who we are
What we collect
Why we collect it
Subprocessors
Where data is stored
How long we keep it
Your rights
Cookies
Children
Changes to this policy
Contact

1. Who we are

Pingoru is operated by a small independent team based in Canada. "Pingoru", "we", and "us" in this document refer to that team. For privacy questions, write to [email protected].

2. What we collect

Account data

Email address — how we identify you and send alerts.
Password — stored as a salted, one-way cryptographic hash. We never see or store the plain text.
Account metadata — when you signed up, when you last signed in, your plan tier, your timezone preference.

Product usage

Monitors you create — which providers and components you've subscribed to, and your notification preferences.
Notification channels — email recipients you add and any webhook URLs (Slack, Discord, generic) you configure.
Team members (paid plans) — email addresses of anyone you invite.
Usage counters — number of notifications sent in the current billing month, used to enforce plan limits.

Technical / automatic

Session cookie — a single first-party session cookie keeps you signed in. HTTP-only, Secure, SameSite=Lax. Expires after 30 days of inactivity.
Server logs — request paths, timestamps, response status codes. Rotated after 7 days. We do not log request or response bodies.
Analytics — we use Umami, a privacy-respecting analytics tool, self-hosted within our own environment. It records page views, navigation events, and approximate location derived from IP. Data is retained for 30 days.

We do not use Google Analytics, advertising pixels, or cross-site trackers. We do not sell, rent, or share your data for marketing purposes.

3. Why we collect it

To run the product. You can't have a monitor without the config that defines it. We can't sign you in without a password, or alert you without your email address.
To enforce plan limits. Notification counters and monitor counts are how we keep the free tier free.
To support you. When you email us about a problem, we look up your account to diagnose it.
To improve the product. Aggregated analytics tell us which features are used and where flows break down.
To process payments (paid plans only). Stripe handles the card data; we receive only the billing metadata we need to issue receipts.

We do not use your data to train machine-learning models, build advertising profiles, or share with third parties for their own purposes.

4. Subprocessors

We use a small number of third-party services to operate Pingoru. This is the complete list:

Service	Purpose	Region	Data shared
Amazon Web Services	Application hosting and transactional email	ca-central-1 (Canada)	All account, monitor, and notification data; email recipient addresses and message bodies
Cloudflare	DNS, CDN, and edge proxy for pingoru.io	Global edge	Visitor IP addresses and request paths (in transit)
Stripe	Payment processing for paid plans	United States	Billing details. We never see card numbers ourselves

We do not share your data with anyone outside this list unless legally required.

5. Where data is stored

All Pingoru production data — account records, monitor configuration, notification history, and analytics — is hosted in Canada, in the ca-central-1 region (Montreal). Transactional email is sent from the same region.

If you're located in the EU, UK, or elsewhere outside Canada, your data transits to and is processed in Canada. By creating an account you consent to this transfer. Canada is recognised by the European Commission as providing an adequate level of data protection (Adequacy Decision 2002/2/EC).

6. How long we keep it

Data	Retention
Account profile	Until you delete the account
Monitors and notification configuration	Until you delete them, or your account
Notification delivery logs	90 days, then purged
Incident history (public providers)	1 year after the incident resolves
Server logs	7 days
Analytics (Umami)	30 days
Database backups	30 days

Account deletions are processed within 72 hours of request and propagate to backups within 30 days as old snapshots roll off.

7. Your rights

Depending on where you live, you may have rights under the GDPR (EU/UK), PIPEDA (Canada), CCPA (California), or similar laws. Pingoru honours these rights for every user, regardless of location:

Access — ask what we hold about you and receive a copy.
Correct — change your email or other profile fields in Settings → Account, or email us.
Delete — we'll wipe your account within 72 hours of request.
Export — request your monitors and notification history as JSON.
Object or restrict — pause notifications or monitors without deleting the account.
Withdraw consent — for any processing that relies on consent (e.g. marketing, which we don't currently do).

All requests start with an email to [email protected] from the address on the account. We don't require a formal request form.

EU/UK users have the right to lodge a complaint with their supervisory authority. Canadian users may contact the Office of the Privacy Commissioner of Canada.

8. Cookies

We use a single first-party session cookie that keeps you signed in. It is HTTP-only, Secure, and SameSite=Lax, and expires 30 days after last use.

We do not use advertising cookies, cross-site tracking cookies, or third-party cookies of any kind.

9. Children

Pingoru is not intended for people under 16. If you believe a child has given us their data, email us and we'll delete it.

10. Changes to this policy

If we make material changes to how we handle your data, we'll email all active account holders at least 14 days before the changes take effect. Minor clarifications and editorial fixes are published with an updated Effective date above.

11. Contact

Privacy questions, data requests, or anything in between: [email protected]. We aim to respond within 48 hours (business days only).

Contents