1. Who we are
Pinginn is an uptime and incident monitoring service operated by Icecorp Technologies Ltd, a company registered in New Zealand.
2. Information we collect
We aim to collect the minimum data required to provide reliable monitoring.
2.1 Account and contact information
- Email address (for login, account communication, and waitlist/beta access)
- Password (stored as a secure one-way hash; we never store plain-text passwords)
- Plan and subscription details (Free, Pro, Monitor Pack, Team Pack)
2.2 Billing information
Payments are processed by Stripe or other third-party processors.
- We do not store full credit card numbers.
- We may receive limited billing details from Stripe (e.g. last 4 digits, card brand, expiry, billing country, subscription status) for invoicing and support.
2.3 Monitor configuration data
To provide monitoring, we store configuration data you supply, such as:
- Monitored URLs and endpoint details
- HTTP method (HEAD/GET/POST)
- Request headers and JSON request body you configure
- Expected keyword(s) for keyword checks
- Interval, timeout, retry settings
- Alert configuration (e.g. Slack webhook URL, your SMTP host/settings)
- Status page configuration (e.g. which monitors are public, slug, branding options)
2.4 Monitoring and incident data (check data)
For each check and incident, we store basic technical results only, for example:
- High-level error messages or failure reasons (e.g. timeouts, DNS errors, connection errors)
- Uptime and downtime percentages and aggregates
- Incident metadata (start time, end time, duration, failure count)
We do not store HTTP response bodies as part of our persistent logs or database.
For keyword monitoring, we inspect the response body in memory to check for the keyword, then discard it.
2.5 Email alert data
You configure your own SMTP server for email alerts.
- Alerts are sent through your own SMTP provider, not a shared marketing list.
- We do not retain the content of alert emails as a separate data store (e.g. we do not build an email marketing database from alert content).
- We may log limited metadata (e.g. that an alert was triggered, to which monitor/user/team) for reliability and debugging.
2.6 Usage, log, and technical data
When you use the Service, we may automatically collect:
- IP address and approximate location (based on IP)
- Device identifiers and operating system
- Referring URLs and pages viewed
- Access times, request logs, and error logs
- API usage (endpoints called, rate limiting events)
This data is used for security, abuse detection, performance tuning, and product analytics.
2.7 Waitlist and beta data
If you join our waitlist or private beta, we store:
- Beta status and notes related to your access (e.g. approved/not approved)
You can request removal from the waitlist or beta at any time.
3. How we use information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Perform uptime checks and generate incidents, alerts, and reports
- Authenticate you and manage sessions
- Process payments and manage subscriptions (via Stripe or similar providers)
- Send you service-related communications (e.g. security, billing, feature updates)
- Respond to support requests and feedback
- Monitor and improve performance, reliability, and user experience
- Enforce our Terms of Service, prevent abuse, and protect our rights and users
- Comply with legal obligations
We do not sell your personal data.
4. Legal bases (for users in the EU/UK)
Where applicable (e.g. under GDPR/UK GDPR), our legal bases for processing include:
- Contract: To provide the Service you sign up for
- Legitimate interests: To secure, maintain, and improve the Service; prevent abuse; understand usage
- Consent: For certain optional communications or where required by law
- Legal obligation: To comply with applicable laws and regulations
5. How we share information
We share data only when necessary to provide the Service or when required by law.
5.1 Service providers and subprocessors
We may share data with trusted third parties who help us run Pinginn, such as:
- Hosting and infrastructure: Fly.io (application hosting), Neon (PostgreSQL database), storage and backup providers
- Payments: Stripe (payment processing and subscription management)
- Email delivery and communications: Your chosen SMTP provider, and any email or support tools we use
- Analytics, logging, and monitoring tools: Error tracking, logging, and usage analytics providers (if used)
These providers process data on our behalf and are bound by contractual confidentiality and data protection obligations.
5.2 Legal and safety
We may disclose information if we reasonably believe it is necessary to:
- Comply with a law, regulation, legal process, or governmental request
- Enforce our Terms of Service
- Detect, prevent, or address fraud, security, or technical issues
- Protect the rights, property, or safety of Pinginn, our users, or the public
5.3 Business transfers
If we are involved in a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any material change to this Privacy Policy or ownership that affects your data.
We do not sell your personal information to third parties.
6. International data transfers
We are based in New Zealand and use infrastructure that may be located in multiple regions (e.g. Fly.io regions, Neon data centers, Stripe’s infrastructure).
By using the Service, you understand that your data may be processed in countries that may have different data protection laws than your country. Where required, we take reasonable steps to ensure appropriate safeguards are in place.
7. Data retention
We keep data only for as long as needed for the purposes described in this Policy or as required by law.
- Monitoring and incident data:
- Free plan: typically retained for around 30 days
- Pro plan: typically retained for around 90 days
- Account and billing data:
- Retained while your account is active and for a reasonable period after closure for billing, support, and legal obligations.
- Retained until you are approved, decline access, or request removal.
- Retention varies depending on the log type and operational needs.
You can request deletion of your account data; some information may be retained where we are legally required to do so or where it is infeasible to remove from backups.
8. Security
We use reasonable technical and organizational measures to protect your data, including:
- Secure password hashing (e.g. bcrypt)
- Encrypted sessions stored server-side
- HTTPS/TLS for data in transit
- Access controls and least-privilege principles
- Regular updates to dependencies and infrastructure
- Rate limiting and other abuse-prevention mechanisms
However, no system is completely secure, and we cannot guarantee absolute security.
9. Your rights
Depending on your location, you may have rights to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request deletion of your data (subject to legal obligations)
- Object to or restrict certain processing
- Request a copy of your data in a portable format
- Withdraw consent where processing is based on consent
To exercise these rights, contact us at support@pinginn.com. We may need to verify your identity before responding.
10. Children
The Service is intended for use by adults and businesses. We do not knowingly collect personal data from children under the age at which they can legally enter into a binding contract in their jurisdiction (typically 16 or 18). If you believe a child has provided us with personal data, please contact us and we will take appropriate steps to remove it.
11. Changes to this Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a prominent notice in the Service. Your continued use of the Service after changes become effective means you accept the updated Policy.
12. Contact us
If you have questions about this Privacy Policy or how we handle data, please contact us.
