Privacy Policy | Upwarden

1. Controller

The data controller for Upwarden is Felix Wortmann. You can reach us at:

Name: Felix Wortmann
Address: c/o MDC#fwmn, Welserstraße 3, 87463 Dietmannsried, Germany
Email: [email protected]
Support: [email protected]

2. Data We Collect

We collect the following personal data:

Account data: email address, name, organisation name
Monitor configuration: URLs, endpoints, check intervals you configure
Monitoring results: response times, status codes, availability data for monitored services
Payment data: billing address, payment method reference (processed by Polar.sh)

3. Legal Basis for Processing

We process your data on the following legal grounds:

Contract (Art. 6(1)(b) GDPR): To provide the Upwarden service you signed up for
Legitimate Interest (Art. 6(1)(f) GDPR): To prevent abuse, ensure security, and improve our service
Consent (Art. 6(1)(a) GDPR): For optional features like status page subscriptions

4. How We Use Your Data

Your data is used to:

Run monitors and collect availability data
Display status pages
Send incident notifications
Manage your account and billing
Provide customer support

5. Sub-processors

We share your data with the following third-party service providers. All have data processing agreements in place:

Provider	Purpose	Location	Privacy/DPA
Cloudflare	DDoS protection, CDN, DNS	EU/US (EU DPA)	GDPR Hub
Hetzner	Hosting, database, object storage	Germany	DPA
Resend	Transactional email delivery	US (EU DPA, SCCs)	DPA
Polar.sh	Subscription billing	Norway (EEA)	DPA

For transfers outside the EEA, we rely on Standard Contractual Clauses (SCCs) and EU-approved data processing agreements.

6. Data Retention

Data Type	Retention Period
Account data	Until account deletion + 30 days
Monitor results	365 days
Audit logs	90 days
Billing records	7 years (legal requirement)

When you delete your account, all personal data is permanently removed within 30 days, except where retention is required by law.

7. Your Rights

Under GDPR, you have the right to:

Access: Request a copy of your personal data
Rectification: Correct inaccurate data
Erasure: Request deletion of your data
Portability: Receive your data in a machine-readable format
Restrict processing: Limit how we use your data
Object: Object to processing based on legitimate interest
Withdraw consent: Withdraw consent at any time for consent-based processing

To exercise these rights, contact us at [email protected]. We respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority in your jurisdiction or in Germany (Bayerisches Landesamt für Datenschutzaufsicht).

8. Data Processing Agreement

Business customers requiring a signed Data Processing Agreement (DPA) can request one at [email protected]. Our standard DPA is available at /dpa.

9. Analytics

We use PostHog EU Cloud for product and website analytics. PostHog is configured without analytics cookies and is used to understand signup and checkout funnel performance.

Does not use cookies
Does not track across websites
Stores project analytics data in the EU
Records UTM parameters when present for conversion analysis

Because analytics cookies are not used, no analytics cookie consent banner is required under GDPR.

10. Cookies

We use a single essential session cookie for authentication. No tracking or analytics cookies are used. See our Cookie Policy for details.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption at rest and in transit, access controls, and regular security updates.

12. Changes to This Policy

We may update this policy occasionally. Significant changes will be communicated via email. Continued use of Upwarden after changes constitutes acceptance.

13. Contact

For privacy questions or to exercise your rights, contact us at [email protected].