Privacy-First by Design

We care deeply about your privacy and have built our platform from the ground up with privacy-first principles.

Designed around GDPR, CCPA, and PECR privacy principles.

This page is a human-readable summary of how we handle privacy. For the full legal version, see our Privacy Policy.

Our Privacy Commitments

  • Zero third-party tracking - No Google Analytics, Facebook pixels, or other trackers
  • Minimal cookies - Only essential cookies, primarily a single authentication cookie
  • IP address protection - IP addresses hashed with SHA256, not stored in plain text in our application database
  • Automated data deletion - Your data is automatically purged 60-90 days after account closure
  • No data selling - We never sell or share your data with advertisers
  • Location: Operated from Serbia πŸ‡·πŸ‡Έ; main server located in Germany (EU πŸ‡ͺπŸ‡Ί), data stored in the EEA

Table of Contents

IP Address Protection

How we protect your IP address

We avoid storing raw IP addresses in our application database and logs.

IP addresses are hashed using SHA256 (a one-way cryptographic hash function) before being stored. This means:

  • Protected: We do not store the raw IP address in our application database or logs, and we treat hashed IP values as sensitive data
  • Secure: Even if our database were compromised, your actual IP address would be significantly harder to recover
  • Privacy-first: Hashed IPs are used only for security purposes like detecting unauthorized access and abuse prevention
Technical Implementation

When you access our service:

  1. Your IP address is received by our server
  2. Hashed using SHA256 algorithm before storage
  3. Only the hash (e.g., a3c5f...) is stored in our database
  4. Raw IP addresses are not stored in our application database or logs
Why we hash IPs: To detect suspicious login patterns and protect your account from unauthorized access, while respecting your privacy.

Automated GDPR-Compliant Data Deletion

Your data doesn't linger forever

When you close your account, we don't just mark it as "deleted" and forget about it. We have automated systems that ensure your data is completely purged:

60-Day User Data Purge

All your account data (status pages, monitors, incidents, settings) is automatically and permanently deleted 60 days after account closure.

90-Day Audit Log Cleanup

Security audit logs containing hashed IP addresses are automatically deleted 90 days after account closure.

What gets deleted?
  • Status pages and all related data
  • Monitors and monitoring history
  • Incidents and maintenance events
  • Custom domain configurations
  • Notification settings
  • All hashed IP logs from security monitoring
  • Session data and authentication tokens
  • Your user account record
What we retain?

Only billing transaction records (transaction IDs, amounts, dates) as required by tax and accounting laws. These contain no personal tracking data.

Automated & Audited: Our deletion process runs automatically every day and logs deletions for auditing.

Cookies

Only essential cookies

The main cookie we set is the authentication cookie named user_app_session. It is:

  • Set after you log in
  • Cleared when you log out
  • Used solely for keeping you logged in
  • Not used for tracking or analytics
Important:
  • No additional marketing or tracking cookies are set by our website
  • Plausible Analytics does not set any cookies
  • Status page viewers are not tracked with marketing or analytics cookies
Third-party cookies (opt-in only):
  • Sapat.chat cookies - Only essential cookies for live chat functionality (if you opt in to using live chat support)

Zero Tracking

We don't track you across the web

We avoid cross-site tracking and identification technologies.

No Google Analytics

No Facebook Pixel

No Ad Networks

Privacy-friendly fonts

We host fonts on our own servers - no connection to Google Fonts or other third-party font services.

Cross-site tracking

We avoid technologies that follow you across different sites and do not build cross-site profiles based on your browsing.

Cohort-based tracking

We disable cohort-based tracking features such as Google FLoC via the Permissions-Policy header.

Privacy-Friendly Analytics

Plausible Analytics - GDPR, CCPA & PECR Compliant

We use Plausible Analytics - a lightweight, open-source, privacy-first alternative to Google Analytics.

Why Plausible?
  • Cookie-free (no consent banner needed)
  • GDPR, CCPA, PECR compliant
  • Made and hosted in the EU πŸ‡ͺπŸ‡Ί
  • Open source and transparent
  • Lightweight (<1KB script)
What it tracks:
  • Page views (no personal data)
  • Referrer sources
  • Device type (browser, OS)
  • Geographic location (country only)
Public Analytics Dashboard

We believe in transparency. View our public analytics at:

View Public Stats

Data Minimization

We only collect what we absolutely need

Following GDPR's principle of data minimization, we collect the bare minimum:

What we collect:
  • Email address - For account access and essential communications
  • Name - Can be your real name, alias, nickname, or anything you prefer
  • Status page content - The data you choose to publish (incidents, maintenance, etc.)
What we DON'T collect:
  • Home address
  • Phone number
  • Age, gender, race, religion
  • Biometric data
  • Social media profiles
  • Browsing history
  • Device fingerprints
We will never: Sell your data, share it with advertisers, or use your name/company in marketing without permission.

Data Portability (GDPR Right)

Download all your data anytime

Exercise your GDPR right to data portability. You can download a complete copy of all your data at any time from your account settings.

Your export includes:
  • All status pages and their configurations
  • All monitors and monitoring history
  • Incidents and incident updates
  • Maintenance events and schedules
  • Notification settings
  • Custom domain configurations

Data is exported as a ZIP archive containing structured JSON/JSONL files that you can import into other systems.

Payment Security

We never see your payment details

Your credit card information never touches our servers.

All payments are handled by our payment processor, DodoPayments, which acts as the Merchant of Record. Your card data:

  • Goes directly to the payment processor
  • Is encrypted in transit using TLS
  • Never passes through our infrastructure
  • Is never stored on our servers

We only store: Transaction ID, timestamp, and amount (for billing records and tax compliance).

Encryption & Security

Strong encryption for your data

We use TLS for data in transit and strong encryption (such as AES-256) for data at rest, similar to what banks and major cloud providers use.

In Transit

All data transmitted to/from our servers is encrypted using TLS (Transport Layer Security).

At Rest

Data stored in our database is encrypted at rest using industry-standard AES-256 encryption.

Password Security

Your password is hashed using bcrypt (a one-way encryption algorithm). We cannot recover your password - if you forget it, you'll need to reset it.

Access Controls

Access to your data is restricted to authorized personnel only and logged for security auditing.

Additional Details

No Advertising

We don't use advertising or ad-revenue services. Any links to partner services are simple hyperlinks with no tracking.

Social Media

Social media sharing buttons on our blog are hard-coded links - no 3rd-party scripts or tracking pixels.

Live Chat

We use Sapat.chat for live chat support - a privacy-first, GDPR-compliant chat service that only uses essential cookies for functionality. Live chat is opt-in only and not enabled by default. Learn more in Sapat.chat's Privacy Policy.

Data Location

We operate from Serbia πŸ‡·πŸ‡Έ. Our main server is located in Germany πŸ‡©πŸ‡ͺ (European Union). All customer data is stored and processed within the European Economic Area (EEA) on EU-owned infrastructure.

Questions or data requests

If you have questions about privacy or want to exercise your data rights (such as access or deletion), contact us at hey@statuspage.me.

Who operates StatusPage.me

StatusPage.me is operated by Nikola StojkoviΔ‡ PR Borča, a small team based in Serbia, with servers hosted in the EU (Germany).

Legal documents

For complete details about data processing, your rights, and legal information, please read our full Privacy Policy. For details on how the service is used, please refer to our Terms of Service.

Questions about our privacy practices?

We're happy to answer any questions you have about how we protect your data.

Contact Us
Back to top