Privacy Policy

Last updated: February 2026

What We Collect

When you create an account and use PoppaPing, we collect:

  • Account info: Your email address and name (provided at registration)
  • Phone numbers: If you opt in to SMS alerts, the phone number(s) you provide for receiving notifications
  • Monitored URLs: The URLs you add for uptime monitoring
  • Check results: HTTP status codes, response times, and error messages from monitoring checks
  • IP addresses: Your IP address when you access the application
  • Payment info: Bitcoin transaction identifiers (we never see or store private keys). If you pay by credit card, payment is processed by Stripe — we do not store your card number.

How We Store Data

All data is stored in PostgreSQL databases on private infrastructure managed by us. We do not use third-party cloud databases. Data is encrypted in transit via HTTPS.

Third-Party Services

We use a limited number of third-party services:

  • Stripe: Credit card payment processing. Stripe handles card data securely — we never store your full card number. See Stripe's privacy policy.
  • BTCPay Server: Self-hosted Bitcoin payment processing. BTCPay Server is open source and runs on our infrastructure — your payment data never passes through a third-party payment processor.
  • Resend: Email API for sending alert emails and account notifications. Resend processes your email address to deliver messages.
  • Twilio: SMS alert delivery. If you opt in to SMS notifications, your phone number is transmitted to Twilio to deliver alert messages. Twilio processes your phone number solely to send messages on our behalf. See Twilio's privacy policy.
  • Google Ads: We use Google Ads conversion tracking to measure the effectiveness of our advertising. This sets cookies to attribute sign-ups to ad clicks. No monitoring data is shared with Google.

Cookies

PoppaPing uses a single HTTPOnly session cookie containing a JWT token for authentication. We do not use analytics cookies or third-party tracking for behavioral profiling. We use Google Ads conversion tracking to measure ad effectiveness, which may set a cookie when you arrive from a Google ad.

Data Retention

  • Check data: Retained for 90 days, then automatically purged
  • Incident records: Retained for 90 days after resolution
  • Phone numbers: Retained while the SMS alert channel is active. Deleted immediately when you remove the SMS channel or delete your account.
  • Account data: Retained while your account is active. Deleted within 30 days of account deletion request.
  • Invoice records: Retained for accounting purposes as required by law

Your Rights

You can request export or deletion of your data at any time by contacting us. We will respond within 30 days.

Contact

For privacy questions or data requests, email [email protected].