Legal

Privacy policy

What we collect, why, and what you can do about it. We aim for the minimum necessary to run the product.

Last updated: April 22, 2026

This is a plain-English summary of how Pingoru handles your data. It's not legalese — we tried to keep it short and honest. If something's unclear, contact us and we'll clarify.

Who we are

Pingoru is operated by a small independent team based in Canada. "Pingoru", "we", and "us" in this document refer to that team. Reach us at [email protected] for anything privacy-related.

What we collect

When you sign up

  • Email address — how we identify you and send alerts.
  • Password — stored as a PBKDF2-SHA256 hash, never in plain text.
  • Account metadata — when you signed up, when you last signed in, plan tier.

When you use the product

  • Monitors you create — which providers you chose, which components, your notification preferences.
  • Notification channels — webhook URLs you add (Discord, Slack, etc.).
  • Team members (Premium plan) — email addresses of anyone you invite.

Automatic / technical

  • Session cookies — a single cs_session cookie to keep you signed in. Expires after 30 days of inactivity.
  • Server logs — request paths, timestamps, status codes. Rotated after 7 days. We do not log request or response bodies.
  • Usage counters — number of notifications sent this month (to enforce plan limits).

We do not run marketing trackers, advertising pixels, or session-replay tools. There is no Google Analytics, no Segment, no Mixpanel, no Hotjar. If JavaScript is disabled, most of the public pages still work.

What we don't collect

  • We don't collect IP addresses beyond what's necessary to serve the request (Cloudflare's edge sees them; we don't store them).
  • We don't collect location, device fingerprints, or browser telemetry.
  • We don't read any data from the vendors we monitor — we only fetch their public status pages.

Why we collect it

  • To run the product: you can't have a monitor without the config that defines it; we can't sign you in without a password; we can't email you without your email address.
  • To enforce plan limits: notification counters, monitor counts.
  • To help when you email support: we look up your account to diagnose issues you report.

We don't use your data to train machine-learning models, to sell to third parties, or to build advertising profiles. We're not in that business.

Who we share it with (subprocessors)

We use a few third-party services to operate Pingoru. The list:

  • Brevo (Sendinblue) — transactional email. Receives your email address and the content of alert messages. Brevo's privacy policy.
  • Cloudflare — DNS and CDN for pingoru.io. Sees the IP addresses and request paths of visitors. Cloudflare's privacy policy.
  • Stripe (on Premium signup) — payment processing. Receives your billing details; we never see card numbers ourselves. Stripe's privacy policy.

That's the complete list. We don't share your data with anyone else unless legally required.

Where we store it

Your account data lives in a SQLite database hosted on our servers. We currently operate from Canada; if you're in the EU or UK, your data transits to and is processed in North America. By creating an account you consent to this transfer.

How long we keep it

  • Account data: as long as your account exists. You can delete your account at any time (email us).
  • Incident history: 1 year after the incident resolves, then purged.
  • Scheduler telemetry: 7 days.
  • Backups: full DB snapshots retained for 30 days.

Your rights

Under GDPR (EU/UK) and similar laws elsewhere, you have the right to:

  • Access — ask us what we hold about you.
  • Correct — change your email or other profile data (Settings → Account, or email us).
  • Delete — we'll wipe your account within 72 hours of request.
  • Export — ask for your monitors + notification history in JSON.
  • Object / restrict — turn off notifications or pause monitors without deleting the account.

All of these start with an email to [email protected] from the address on the account. We don't require a formal request form.

Cookies

We use a single functional cookie (cs_session) to keep you signed in. It's HTTP-only, Secure, SameSite=Lax. No analytics cookies, no tracking cookies, no advertising cookies.

Children

Pingoru is not intended for people under 16. If you believe a child has given us their data, email us and we'll delete it.

Changes to this policy

If we make material changes we'll email all active users before they take effect. Minor clarifications get published with an updated "last updated" date above.

Contact

Privacy questions: [email protected]. We aim to respond within one business day.