Heartbeat

Introduction

This Privacy Policy describes how Heartbeat ("we", "us", or "our") collects, uses, and protects your personal information when you use our monitoring service at heartbeat.pm. We are committed to protecting your privacy and being transparent about our data practices.

We do not sell your personal information to third parties.

Information We Collect

1. Account Information

When you create an account, we collect:

Email address (required) - Used for authentication, notifications, and account communications
Name (optional) - Used to personalize your experience
Password - Stored securely using industry-standard encryption (bcrypt)
OAuth data - If you sign up with Google OAuth, we receive your email, name, profile picture URL, and OAuth provider identifiers

2. Monitoring Data

To provide our core service, we collect and store:

URLs and endpoints you want to monitor
Check results including HTTP response codes, response times, and availability status
Heartbeat data including ping timestamps and status
Alert configurations and notification preferences
Status page configurations if you create one

3. Integration Data

If you connect third-party services for notifications, we store:

Telegram - Username and chat ID for sending alerts
Slack - Webhook URLs and channel names for notifications
Microsoft Teams - Webhook URLs for notifications

Note: These integration credentials are used solely to send you monitoring alerts. We do not access your conversations or other data from these services.

4. Usage and Analytics Data

We automatically collect certain information about how you use our service:

Authentication data - IP addresses, sign-in timestamps, and session information
Analytics - We use Google Tag Manager and Google Analytics 4 to understand how users interact with our service
Marketing attribution - Landing page URL, UTM parameters, and referrer information for users who haven't signed in yet
Feature usage - Click tracking on interactive elements to improve user experience

5. Payment Information

Payment processing is handled by Stripe, a PCI-compliant payment processor. We do not store your credit card details on our servers. We only store:

Subscription status and plan type
Billing period information for usage tracking
Stripe customer ID for managing your subscription

6. Cookies and Similar Technologies

We use cookies for:

Authentication - Keeping you logged in securely
Session management - Maintaining your preferences during your visit
Analytics - Understanding how users interact with our service (via Google Analytics)

All session cookies are configured with secure, httponly, and same-site attributes for enhanced security.

How We Use Your Information

We use your personal information to:

Provide our service - Monitor your specified URLs and endpoints, detect downtime, and send you alerts
Account management - Authenticate you, manage your subscription, and communicate important account updates
Send notifications - Alert you when monitoring checks fail or incidents occur via your chosen notification channels
Process payments - Handle subscription billing through Stripe
Improve our service - Analyze usage patterns to enhance features and user experience
Customer support - Respond to your questions and resolve technical issues
Compliance - Meet legal obligations and enforce our Terms of Service

Data Sharing and Disclosure

We do not sell your personal information.

We share your information only in these limited circumstances:

Service Providers

We share data with trusted third-party service providers who help us operate our service:

Stripe - Payment processing (they have their own privacy policy)
Google - Analytics and OAuth authentication
Hosting providers - Server infrastructure to run our service

These providers are contractually obligated to protect your data and use it only for providing services to us.

Legal Requirements

We may disclose your information if required by law or to:

Comply with legal processes (subpoenas, court orders)
Protect our rights, property, or safety
Prevent fraud or security issues
Cooperate with law enforcement

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

Data Security

We take security seriously and implement industry-standard measures to protect your data:

Encryption - All data is transmitted over HTTPS with SSL/TLS encryption
Password security - Passwords are hashed using bcrypt, never stored in plain text
Access controls - Strict internal access controls limit who can access your data
Secure cookies - Session cookies use secure, httponly, and same-site flags
Regular monitoring - We monitor for security threats and vulnerabilities

However, no online service is 100% secure. While we implement strong security measures, we cannot guarantee absolute security.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you services.

Account data - Retained until you delete your account
Monitoring history - Check events and results are retained to provide historical uptime data
Billing records - Retained as required by tax and accounting regulations
Marketing attribution - Stored for 30 days in cache, then permanently in database for analytics

When you delete your account, we will delete or anonymize your personal information unless we are legally required to retain it.

Your Rights and Choices

Access and Control

You have the right to:

Access - View your personal information through your account settings
Update - Edit your account information at any time
Delete - Request deletion of your account and associated data
Export - Request a copy of your data in a portable format
Opt-out - Disable weekly reports and notification preferences

GDPR Rights (EU Users)

If you are in the European Union, you have additional rights under GDPR:

Right to rectification - Correct inaccurate personal data
Right to erasure - Request deletion of your data ("right to be forgotten")
Right to restriction - Limit how we process your data
Right to data portability - Receive your data in a structured format
Right to object - Object to processing based on legitimate interests
Right to withdraw consent - Withdraw consent for data processing at any time

CCPA Rights (California Users)

If you are a California resident, you have rights under CCPA:

Right to know - Request disclosure of data collected about you
Right to delete - Request deletion of your personal information
Right to opt-out - We don't sell personal information, so no opt-out is necessary
Non-discrimination - We won't discriminate against you for exercising your rights

To exercise any of these rights, please contact us at [email protected]

International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those of your country.

When we transfer data internationally, we ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

Children's Privacy

Our service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of any material changes by:

Posting the updated policy on this page
Updating the "Last Updated" date at the top
Sending you an email notification for significant changes

Your continued use of our service after changes become effective constitutes acceptance of the updated policy.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: [email protected]
Support: Contact form

Your Consent

By using our service, you consent to the collection and use of your information as described in this Privacy Policy. If you do not agree with this policy, please do not use our service.