Privacy Policy

Last updated: 2026-01-15

1. Introduction

ObservaMax ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website monitoring service at observamax.com.

2. Information We Collect

2.1 Account Information

When you create an account through our authentication provider (Clerk), we collect:

  • Email address (required)
  • Name (optional)
  • Profile picture URL (if provided via social login)
  • Account creation and update timestamps

2.2 Monitor Configuration Data

When you create monitors, we store:

  • URLs, hostnames, or IP addresses you choose to monitor
  • Monitor names, labels, and tags
  • Monitor type (HTTP, TCP, DNS, Ping, or Heartbeat)
  • Check interval preferences (30 seconds to 30 minutes)
  • Expected HTTP status codes and timeout settings
  • TCP port numbers and DNS record types
  • SSL certificate monitoring thresholds
  • Keyword/content validation strings
  • Custom HTTP methods, headers, and request bodies
  • Response time degraded thresholds
  • Heartbeat monitoring tokens and expected intervals
  • Change detection settings (content type, CSS selectors, ignore patterns)
  • Screenshot viewport dimensions (if enabled)
  • Alert threshold configurations
  • Maintenance window schedules

2.3 Monitoring Data

Our service automatically collects monitoring data:

  • Uptime check results (status, HTTP response codes, response times in milliseconds, check location)
  • Error messages from failed checks
  • SSL certificate details (issuer, expiry date, days remaining)
  • Content snapshots and hashes for change detection
  • Screenshots of monitored pages (Pro and Agency plans)
  • Visual diff percentages when changes are detected
  • DNS resolution results and TCP connection status
  • Ping round-trip times
  • Heartbeat reception timestamps

2.4 Alert and Notification Data

We store your notification preferences and alert history:

  • Email notification settings and custom email addresses
  • Webhook URLs and secrets (for HMAC-SHA256 signature verification)
  • Slack webhook URLs and channel preferences
  • Discord webhook URLs
  • Telegram bot tokens and chat IDs
  • Phone numbers for SMS and voice call alerts
  • Quiet hours settings and timezone preferences
  • Alert throttling intervals
  • Alert delivery status and timestamps per channel

2.5 Billing Data

Payment processing is handled by Stripe. We store:

  • Stripe customer ID and subscription ID
  • Current subscription plan and status
  • Trial expiration date (for trial users)

We do not store complete credit card numbers. Payment card details are collected and processed directly by Stripe in accordance with PCI-DSS requirements.

2.6 API Access Data

For Pro and Agency plan users who enable API access:

  • API key (stored securely)
  • API key creation timestamp

2.7 Status Page Data

If you create public status pages:

  • Status page configuration and branding settings
  • Associated monitors for display
  • Subscriber email addresses (with verification and unsubscribe tokens)
  • Incident records and update timeline

3. How We Use Your Information

We use the collected information to:

  • Perform uptime monitoring checks on your configured URLs
  • Detect content changes (HTML, text, title, meta tags, visual)
  • Capture screenshots for visual change detection
  • Send alert notifications via email, webhook, Slack, Discord, Telegram, SMS, or voice call when issues are detected
  • Display monitoring history, statistics, and uptime percentages
  • Process subscription payments and manage billing
  • Enforce plan limits (monitor count, check intervals, features)
  • Provide public status pages for your services
  • Manage incidents and notify status page subscribers
  • Respond to support requests
  • Comply with legal obligations

4. Third-Party Service Providers

We share data with the following service providers who help us operate our service:

  • Clerk - Authentication and user identity management
  • Stripe - Payment processing and subscription billing
  • Neon - PostgreSQL database hosting (US-East-1 region)
  • Cloudflare R2 - Screenshot and image storage
  • Resend - Transactional email delivery for alerts
  • Browserless - Headless browser service for screenshot capture
  • Trigger.dev - Background job processing for monitoring tasks
  • Twilio - SMS and voice call delivery for alert notifications
  • Vercel - Application hosting

We do not sell your personal information. Each provider processes data in accordance with their respective privacy policies and our data processing agreements.

5. Data Retention

We retain monitoring data based on your subscription plan:

  • Trial and Starter plans: 7 days
  • Pro plan: 30 days
  • Agency plan: 90 days

This applies to uptime checks, change records, content snapshots, and screenshots. Alert history is retained for a minimum of 30 days for audit purposes, regardless of plan.

An automated cleanup process runs daily at 3:00 AM UTC to remove data exceeding your plan's retention period. Account data is retained as long as your account is active. Upon account deletion, we remove your data within 30 days, except where retention is required by law.

6. Data Security

We implement appropriate security measures including:

  • Encrypted database connections (SSL/TLS)
  • HMAC-SHA256 signature verification for outgoing webhooks
  • Secure API key generation and storage
  • Clerk webhook signature verification (Svix)
  • Stripe webhook signature verification
  • Plan-based access control enforcement
  • Bearer token authentication for API access

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR) and similar data protection laws, you have the following rights:

7.1 Right to Access

You can request a copy of all personal data we hold about you. Contact us at support@observamax.com to make a data access request.

7.2 Right to Rectification

You can correct inaccurate or incomplete personal data through your account settings or by contacting us.

7.3 Right to Erasure (Right to be Forgotten)

You can delete your account and all associated data at any time through the Account Management section in your dashboard settings. This will permanently remove:

  • Your user profile and account information
  • All monitors and their configuration
  • All uptime checks and monitoring history
  • All alerts and notification settings
  • All status pages and subscriber data
  • All incidents and updates
  • All API keys
  • Your organization memberships

This action is irreversible. We will also delete your account from our authentication provider (Clerk).

7.4 Right to Data Portability

You can export all your data in a machine-readable format (JSON) through the Account Management section in your dashboard settings. The export includes:

  • Your profile information
  • Monitor configurations and recent check history
  • Content change records
  • Alert history and settings
  • Status pages and incidents
  • API key metadata (not the keys themselves)
  • Organization memberships

7.5 Right to Object

You can object to processing of your personal data for certain purposes. Contact us at support@observamax.com to exercise this right.

7.6 Right to Withdraw Consent

Where we rely on your consent for processing (such as cookies), you can withdraw that consent at any time. You can manage your cookie preferences through your browser settings. Status page subscribers can unsubscribe at any time using the unsubscribe link in notification emails.

7.7 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

To exercise any of these rights, you can use the self-service options in your dashboard settings or contact us at support@observamax.com. We will respond to your request within 30 days.

8. Cookies and Consent

We use essential cookies for:

  • Authentication session management (via Clerk)
  • User preferences (theme, language selection)

When you first visit our website, you will see a cookie consent banner. Your choice (accept or decline) is stored locally and also recorded in our database for compliance purposes. We track:

  • The type of consent given
  • Whether consent was granted or declined
  • The timestamp of your choice
  • Your IP address and browser information (for audit purposes)

We use Vercel Analytics to understand how our website is used. This service collects anonymized usage data and does not use cookies for tracking. For more details, see our Cookie Policy.

9. International Transfers

Your data is primarily processed in the United States where our infrastructure is located (Neon database in US-East-1 region, Cloudflare R2 storage). We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

ObservaMax is a business service not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at support@observamax.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: support@observamax.com

Back to Home