Legal

Privacy policy

Plain-English. We don't hide things in legalese.

Last updated May 7, 2026 · Effective May 7, 2026

1. Who we are

anyping ("anyping", "we", "us", "our") is an uptime monitoring service. This policy explains what data we collect about you, why, how we handle it, and what rights you have over it. It applies to anyping.com, the application at app.anyping.com, our public status pages at status.anyping.com, and any related services.

Questions: privacy@anyping.com.

2. What we collect

Account data

When you create an account, we collect your name, email address, a password (stored as a salted bcrypt hash — never in plain text), and your billing details (handled by our payment processor; see §5). If you sign up via SSO (Google, Microsoft), we receive your name and email from that provider, plus a unique account identifier.

Usage data

When you use the service, we record what monitors you create, the URLs and hosts you ask us to watch, the response data we collect on your behalf (status codes, response times, certificate metadata, etc.), incident notes you post, and team member changes. This is operational data — we need it to deliver the product to you.

Technical telemetry

From this marketing website, we record pages visited, referring URLs, browser and OS family, and approximate region (country-level, derived from IP address — we don't store your raw IP for marketing analytics). From the application, we record requests for security and debugging purposes (timestamps, endpoints, response codes). We may use first-party analytics or privacy-respecting third-party analytics or error-monitoring tools to understand how the product is used in aggregate. We do not load advertising pixels, retargeting tags, social-network beacons, or any cross-site tracking technology — that's a deliberate, durable commitment.

Communications

If you contact us via the contact form or email, we keep that correspondence for as long as necessary to respond and for our records. If you sign up for our waitlist, we keep your email address for the purpose of notifying you about the launch and nothing else.

3. What we do with it

We process your data to:

  • Operate the service: run your monitors, send you alerts, generate your status pages, charge you for your subscription.
  • Maintain security: detect abuse, prevent fraud, debug failures, comply with legal obligations.
  • Improve the product: understand which features get used (in aggregate, never per-user).
  • Communicate with you about your account, billing, support requests, and major service changes.

We do not sell your data. We do not share your data with third parties for marketing purposes. We do not use your monitor data to train machine-learning models.

4. Lawful basis (GDPR/UK)

Where the GDPR or UK GDPR applies, we rely on:

  • Contract — to provide the service you've signed up for.
  • Legitimate interests — for security, fraud prevention, and aggregate product improvement.
  • Legal obligation — for tax records, court orders, etc.
  • Consent — for waitlist communications and any optional analytics where applicable.

5. Subprocessors

We share specific data with these third parties to deliver the service:

  • Stripe — payment processing. Receives your name, email, and billing details. Stripe is PCI-DSS Level 1 certified; we never store your full card number.
  • Postmark — transactional email delivery (receipts, alerts, password resets). Receives your email address and the message contents.
  • Twilio — SMS and voice-call alerts (Pro and Business plans only, when configured). Receives your phone number and the alert content.
  • Cloudflare — DNS, DDoS protection, and edge caching for our marketing website. Receives request metadata.
  • Linode (Akamai) — primary application hosting (US-East, EU-West regions). Receives all application data; encrypted in transit and at rest.

We have data-processing agreements with each subprocessor. If we add or change a subprocessor that processes personal data, we'll update this list and notify account holders by email.

6. International data transfers

anyping is operated from the United States. If you are in the European Economic Area or United Kingdom, your data is transferred to and processed in the US under the EU-US Data Privacy Framework and Standard Contractual Clauses with our subprocessors.

7. How long we keep it

  • Account data: while your account is active. After cancellation, we retain billing records for 7 years (US tax requirement) and delete operational data within 30 days.
  • Monitor history: the retention window of your plan (Starter 90 days; Pro 1 year; Business 2 years), then automatically deleted.
  • Marketing-site telemetry: 90 days, then aggregated and the originals deleted.
  • Support correspondence: 3 years from last interaction.
  • Waitlist emails: deleted within 30 days of launch (you'll be notified before deletion).

8. Your rights

Subject to your local laws, you have the right to:

  • Access a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your data ("right to be forgotten").
  • Restrict processing in certain circumstances.
  • Receive your data in a portable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time where we rely on it.

To exercise any of these, email privacy@anyping.com. We respond within 30 days.

If you're in the EU/UK and you believe we've handled your data improperly, you can complain to your national data-protection authority. For California residents: see §11.

9. Security

We follow industry-standard security practices:

  • TLS 1.2+ for all data in transit; AES-256 at rest.
  • Passwords stored as salted bcrypt hashes; never logged or transmitted in plain text.
  • Production access restricted to a small group, gated by SSO and hardware MFA.
  • Regular vulnerability scanning and quarterly penetration tests.
  • Audit logging for all administrative actions.

If you discover a security vulnerability, please email security@anyping.com. We acknowledge within 24 hours.

10. Cookies

We use cookies in four categories: strictly necessary, functional, analytics & performance, and — never — advertising or cross-site tracking. The marketing site uses session cookies for forms and may use functional and analytics cookies to remember preferences and understand aggregate usage. The application uses authentication and CSRF cookies that are required to operate, plus functional cookies for UI preferences. See the full cookie policy for details.

11. California (CCPA/CPRA)

If you're a California resident, you have specific rights under the California Consumer Privacy Act and California Privacy Rights Act:

  • Right to know what personal information we've collected and how it's used.
  • Right to delete personal information.
  • Right to correct inaccurate personal information.
  • Right to opt out of the sale or sharing of personal information — we don't sell or share for cross-context behavioral advertising, so this is automatic.
  • Right to non-discrimination for exercising these rights.

To exercise: email privacy@anyping.com.

12. Children

anyping is not intended for and not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, contact us and we'll delete the account.

13. Changes to this policy

If we make material changes, we'll email all account holders at least 30 days before the changes take effect. Non-material changes (typo fixes, structural reorganization) may be made without notice. The "Last updated" date at the top reflects the most recent change.

14. Contact

Privacy questions, complaints, or rights requests: privacy@anyping.com.

Security disclosures: security@anyping.com.

General contact: hello@anyping.com or via our contact form.