Privacy Policy

Last updated: 20 April 2026

This Privacy Policy explains what data the hosted Pingback service at usepingback.com collects, why we collect it, and what we do with it. It applies only to the hosted Service. If you self-host Pingback from github.com/RaghuvirDav/pingback, we never see your data — your deployment is yours alone.

1. Who we are

Pingback is operated by the Pingback team based in India. For privacy questions, write to hello@usepingback.com.

2. What we collect

Account information

• Email address. Used for sign-in, alerts, billing receipts, and account notices.
• API key (hashed). Stored as a one-way hash for authentication. We cannot recover the plaintext.
• Plan and account state. Free vs. Pro, signup date, last login, basic flags needed to operate the Service.

Monitor and check data

• Monitor configuration. The URL you ask us to check, the interval, and any alert routing settings you configure.
• Check results. HTTP status code, response time, and the timestamp for each check we run on your behalf. Retention follows your plan (7 days on Free, 90 days on Pro).
• SSL metadata for monitors that opt into certificate checks (issuer, expiry).

Billing data

• If you subscribe to Pro, our payment processors (Stripe and Paddle) collect the payment details directly. We never see or store your card number.
• We retain billing metadata returned by the processor — customer ID, subscription status, invoice IDs, and the amount billed — to operate subscriptions and meet tax/accounting obligations.

Operational logs

• Request logs. Method, path, status code, request ID, IP address, and user agent. Used for debugging, abuse prevention, and audit. Retained for up to 30 days.
• Audit log. Authentication events and administrative actions on your account. Retained for the life of the account, then deleted on account closure.
• Error reports may be sent to Sentry for diagnostics. We scrub credentials and try to avoid sending personal data, but stack traces can incidentally include request paths or identifiers.

3. Why we collect it

• To run the checks you ask us to run and deliver the alerts you ask us to deliver.
• To bill, refund, and account for paid plans (and meet related tax obligations).
• To keep the Service secure: rate limiting, abuse detection, audit trails, incident response.
• To improve the product. We look at aggregate usage trends, not individual behaviour.

4. How we share data

We do not sell your data. We share it only with the service providers we need to operate the Service:

• Amazon Web Services (EC2 in ap-south-1) — hosts the application and database.
• Amazon Simple Email Service (SES) — sends account and alert emails.
• Stripe and Paddle — process payments. Paddle acts as the merchant of record for transactions it handles and may collect tax data required by your jurisdiction.
• Sentry — receives error reports for diagnostics.
• UptimeRobot and CloudWatch — monitor the health of Pingback itself.

We may also disclose data when required by law, to enforce our Terms, or to protect the rights, property, or safety of Pingback, our users, or others.

5. Where data is stored

Application data is stored on infrastructure in AWS Asia Pacific (Mumbai). Backups may be replicated to other AWS regions for durability. Payment processors and email providers may process data in the United States, the EU, or other regions in line with their published policies.

6. How long we keep data

• Account profile: for the life of the account, then deleted within 30 days of closure.
• Check results: 7 days (Free) or 90 days (Pro) on a rolling window.
• Request logs: up to 30 days.
• Billing records: retained as required by tax law (typically 7 years).

7. Your rights

You can:

• Access and export your monitors and check data from the dashboard.
• Update your email address from settings.
• Delete your account, which deletes monitors, check results, and audit log entries within 30 days. Billing records are retained for tax compliance only.
• Email hello@usepingback.com for any access, correction, or erasure request that the dashboard does not cover.

Depending on where you live, you may also have rights under the GDPR, the UK GDPR, the CCPA, the DPDP Act 2023 (India), or other privacy laws. We will honour valid requests under those laws within the timeframes they require.

8. Cookies and tracking

We use a single first-party session cookie to keep you signed in. We do not run third-party analytics, advertising trackers, or fingerprinting on the Service. The marketing site does not load Google Analytics, Facebook Pixel, or similar tools.

9. Children

Pingback is not designed for children under 16. We do not knowingly collect personal data from children. If you believe we have, contact us and we will delete it.

10. Security

We encrypt data in transit (TLS) and encrypt sensitive fields at rest. API keys are stored as one-way hashes. We log administrative actions, restrict production access, and apply security updates promptly. No system is perfectly secure — if you believe you have found a vulnerability, please email hello@usepingback.com.

11. Changes to this policy

We may update this Privacy Policy as the Service evolves. Material changes will be announced by email or in-product before they take effect.

12. Contact

Email hello@usepingback.com for any privacy question.