Legal
Privacy Policy
Last updated: 11 June 2026
1. Introduction
247Monitor ("we", "us") operates the website monitoring service available at 247monitor.net and app.247monitor.net (the "Service"). We are based in the United Kingdom and act as the data controller for the personal data described in this policy. This policy explains what we collect, why, who we share it with, and the rights you have. Questions go to [email protected].
2. Information we collect
Account data
Name, email address and a salted hash of your password (we never store the password itself). If you enable two-factor authentication we store the encrypted TOTP secret and hashed backup codes.
Billing data
Payments are processed by Stripe. Your card details go directly to Stripe and never touch our servers; we store only your Stripe customer reference, plan, and invoice/subscription status.
Monitoring configuration and results
The monitors you create (URLs, hosts, check settings, any credentials you ask us to use — stored encrypted with AES-256), the results of those checks (response times, status codes, error messages, screenshots and traces for browser checks), and incident history.
Status-page subscriber data
If you publish a status page, your subscribers' email addresses or phone numbers are collected so we can deliver the updates you publish. For this data you are the controller and we act as your processor — we use it only to deliver your status updates and never for our own purposes.
Usage data
Server logs (IP address, user agent, request paths) kept for security and debugging, and — only with your consent — analytics events via the cookies described in our Cookie Policy.
3. How we use your information
- To run the Service: executing checks, raising alerts, serving dashboards and status pages.
- To send transactional email/SMS: verification links, alert notifications, status updates, billing receipts.
- To bill you, via Stripe.
- To secure the Service: abuse prevention, rate limiting, audit logging.
- To improve the product, using aggregated, consent-based analytics.
4. Legal bases (UK GDPR)
- Contract — operating the Service you signed up for, including alerts and billing.
- Legitimate interests — service security, fraud prevention, product improvement.
- Consent — analytics cookies and any marketing communication; withdrawable at any time.
- Legal obligation — tax and accounting records.
5. Who we share data with
We never sell personal data. We share it only with the subprocessors needed to run the Service:
| Provider | Purpose | Location |
|---|---|---|
| Stripe | Payment processing | EU/US (SCCs) |
| Twilio SendGrid | Transactional email | EU/US (SCCs) |
| Twilio | SMS delivery | EU/US (SCCs) |
| OVHcloud | Core hosting | United Kingdom |
| Microsoft Azure | Artifact storage; US & Singapore monitoring probes | UK, US, Singapore |
| Cloudflare | DNS and web security | Global edge |
| Google Analytics | Web analytics (consent only) | EU/US |
| Ahrefs | Web analytics (consent only) | EU/SG |
Your monitoring checks execute from probe locations in London, North Virginia and Singapore; check traffic to your endpoints therefore transits those regions by design.
6. Storage, security and international transfers
Primary data is stored in the United Kingdom. Sensitive monitor credentials are encrypted at rest (AES-256-GCM); transport is TLS. Where subprocessors operate outside the UK we rely on adequacy decisions or Standard Contractual Clauses.
7. Data retention
- Account data: for the life of your account.
- Check results: per your plan's retention window (30 days to 3 years, unlimited on Enterprise).
- After account closure: data is retained for 30 days so you can export it, then deleted.
- Billing records: as required by UK tax law (typically 6 years).
8. Your rights
Under UK GDPR you can request access, correction, deletion, restriction, portability, and object to processing based on legitimate interests. Use the in-app data export for a copy of your account data, or email [email protected] for anything else. You can also complain to the UK Information Commissioner's Office (ico.org.uk).
9. Cookies
Essential cookies keep you signed in; analytics cookies run only with your consent. Details and controls are in the Cookie Policy.
10. Children
The Service is not directed at children under 16 and we do not knowingly collect their data.
11. Changes
We will post any changes here and update the date above; material changes will be announced by email or in-app notice.
12. Contact
[email protected] · 247Monitor, United Kingdom