Privacy Policy

Last updated: January 28, 2026

1. Introduction

ObservaMax ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website monitoring service at observamax.com.

2. Information We Collect

2.1 Account Information

When you create an account through our authentication provider (Clerk), we collect:

  • Email address (required)
  • Name (optional)
  • Profile picture URL (if provided via social login)
  • Account creation and update timestamps

2.2 Monitor Configuration Data

When you create monitors, we store:

  • URLs, hostnames, or IP addresses you choose to monitor
  • Monitor names, labels, and tags
  • Monitor type (HTTP, TCP, DNS, Ping, or Heartbeat)
  • Check interval preferences (30 seconds to 30 minutes)
  • Expected HTTP status codes and timeout settings
  • TCP port numbers and DNS record types
  • SSL certificate monitoring thresholds
  • Keyword/content validation strings
  • Custom HTTP methods, headers, and request bodies
  • Response time degraded thresholds
  • Heartbeat monitoring tokens and expected intervals
  • Change detection settings (content type, CSS selectors, ignore patterns)
  • Screenshot viewport dimensions (if enabled)
  • Alert threshold configurations
  • Maintenance window schedules

2.3 Monitoring Data

Our service automatically collects monitoring data:

  • Uptime check results (status, HTTP response codes, response times in milliseconds, check location)
  • Error messages from failed checks
  • SSL certificate details (issuer, expiry date, days remaining)
  • Content snapshots and hashes for change detection
  • Screenshots of monitored pages (Pro and Agency plans)
  • Visual diff percentages when changes are detected
  • DNS resolution results and TCP connection status
  • Ping round-trip times
  • Heartbeat reception timestamps

2.4 Alert and Notification Data

We store your notification preferences and alert history:

  • Email notification settings and custom email addresses
  • Webhook URLs and secrets (for HMAC-SHA256 signature verification)
  • Slack webhook URLs and channel preferences
  • Discord webhook URLs
  • Telegram bot tokens and chat IDs
  • Phone numbers for SMS and voice call alerts
  • Quiet hours settings and timezone preferences
  • Alert throttling intervals
  • Alert delivery status and timestamps per channel

2.5 Billing Data

Payment processing is handled by Stripe. We store:

  • Stripe customer ID and subscription ID
  • Current subscription plan and status
  • Trial expiration date (for trial users)

We do not store complete credit card numbers. Payment card details are collected and processed directly by Stripe in accordance with PCI-DSS requirements.

2.6 API Access Data

For Pro and Agency plan users who enable API access:

  • API key (stored securely)
  • API key creation timestamp

2.7 Status Page Data

If you create public status pages:

  • Status page configuration and branding settings
  • Associated monitors for display
  • Subscriber email addresses (with verification and unsubscribe tokens)
  • Incident records and update timeline

3. How We Use Your Information

We use the collected information to:

  • Perform uptime monitoring checks on your configured URLs
  • Detect content changes (HTML, text, title, meta tags, visual)
  • Capture screenshots for visual change detection
  • Send alert notifications via email, webhook, Slack, Discord, Telegram, SMS, or voice call when issues are detected
  • Display monitoring history, statistics, and uptime percentages
  • Process subscription payments and manage billing
  • Enforce plan limits (monitor count, check intervals, features)
  • Provide public status pages for your services
  • Manage incidents and notify status page subscribers
  • Respond to support requests
  • Comply with legal obligations

4. Third-Party Service Providers

We share data with the following service providers who help us operate our service:

  • Clerk - Authentication and user identity management
  • Stripe - Payment processing and subscription billing
  • Neon - PostgreSQL database hosting (US-East-1 region)
  • Cloudflare R2 - Screenshot and image storage
  • Resend - Transactional email delivery for alerts
  • Browserless - Headless browser service for screenshot capture
  • Trigger.dev - Background job processing for monitoring tasks
  • Twilio - SMS and voice call delivery for alert notifications
  • Vercel - Application hosting

We do not sell your personal information. Each provider processes data in accordance with their respective privacy policies and our data processing agreements.

5. Data Retention

We retain monitoring data based on your subscription plan:

  • Trial and Starter plans: 7 days
  • Pro plan: 30 days
  • Agency plan: 90 days

This applies to uptime checks, change records, content snapshots, and screenshots. Alert history is retained for a minimum of 30 days for audit purposes, regardless of plan.

An automated cleanup process runs daily at 3:00 AM UTC to remove data exceeding your plan's retention period. Account data is retained as long as your account is active. Upon account deletion, we remove your data within 30 days, except where retention is required by law.

6. Data Security

We implement appropriate security measures including:

  • Encrypted database connections (SSL/TLS)
  • HMAC-SHA256 signature verification for outgoing webhooks
  • Secure API key generation and storage
  • Clerk webhook signature verification (Svix)
  • Stripe webhook signature verification
  • Plan-based access control enforcement
  • Bearer token authentication for API access

7. Your Rights

Depending on your location, you may have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your monitoring data via API (Pro and Agency plans)
  • Object to certain processing activities
  • Withdraw consent where applicable

To exercise these rights, contact us at privacy@observamax.com or manage your account through the dashboard settings.

8. Cookies

We use essential cookies for:

  • Authentication session management (via Clerk)
  • User preferences (theme, language selection)

You can control cookie preferences through your browser settings.

9. International Transfers

Your data is primarily processed in the United States where our infrastructure is located (Neon database in US-East-1 region, Cloudflare R2 storage). We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. Children's Privacy

ObservaMax is a business service not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@observamax.com.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice on our service. Continued use after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@observamax.com

← Back to Home
Privacy Policy - ObservaMax | ObservaMax