Privacy Policy

Last Updated: 2026-02-02

This Privacy Policy describes how devdata AB ("we", "our", or "us") collects, uses, and protects your personal information when you use our hosted Uptime-Kuma service (the "Service").

1. Information We Collect

We collect the following personal information to provide and improve our Service:

• Account Information: First name, last name, and email address
• Authentication Data: Information from social authentication providers (if you choose to sign in using social connections)
• Service Usage Data: Information about how you use our Service, including instance configurations and usage patterns
• Payment Information: Payment processing is handled by Stripe. We do not store credit card information directly. Please refer to Stripe's Privacy Policy for details on how they handle payment data.

2. How We Use Your Information

We use your personal information solely for the following purposes:

• To provide, maintain, and improve our Service
• To process payments and manage subscriptions
• To communicate with you about your account, service updates, and support requests
• To ensure the security and integrity of our Service
• To comply with legal obligations

We do not sell your data. We are not in the business of selling your personal information or tracking your presence for advertising purposes. Any data we collect is used exclusively to fulfill our service obligations and deliver the best possible experience.

3. Data Storage and Security

Your data is stored on infrastructure provided by various cloud providers. All customer instances are logically separated to ensure data isolation and security. We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction.

4. Third-Party Services

We use the following third-party services that may process your personal information:

• Stripe: Payment processing services. See Stripe's Privacy Policy
• Hetzner: Hosting services. See Hetzner's Privacy Policy
• Cloudflare: DNS and network services. See Cloudflare's Privacy Policy
• SendGrid/Twilio: Email and SMS delivery services. See SendGrid's Privacy Policy and Twilio's Privacy Policy

5. Data Processing Agreement

In providing our Service, we act as both a data controller (for account information, payment data, and service usage data) and a data processor (for data stored within your Uptime-Kuma instances). We process data within your Uptime-Kuma instances only for the purpose of performing automated backups and restores, and for troubleshooting purposes when necessary to maintain service availability. In accordance with GDPR Article 28, when we act as a processor:

• We process personal data only on your documented instructions
• We ensure that persons authorized to process personal data are bound by confidentiality obligations
• We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk
• We assist you in responding to data subject requests
• We assist you in ensuring compliance with GDPR obligations regarding security, breach notification, and data protection impact assessments
• We delete or return all personal data upon termination of the service, unless retention is required by law
• We make available to you all information necessary to demonstrate compliance with GDPR Article 28

This Privacy Policy serves as our Data Processing Agreement (DPA) for the purposes of GDPR compliance. By using our Service, you acknowledge and agree to these data processing terms.

6. Data Access and Control

Our system is automated, and only service accounts interact directly with customer instances. For advanced troubleshooting or disaster recovery, we may escalate permissions to backend engineers. Such escalated access is limited to:

• System configuration and infrastructure data necessary for troubleshooting
• Instance metadata and operational logs
• Data required for disaster recovery operations

Escalated access is only granted when necessary for resolving critical issues, ensuring service availability, or performing disaster recovery. All such access is logged and audited to ensure compliance with data protection regulations, including GDPR. No support-related functions have access to instance databases. Personal data within customer instances is accessed only to the extent necessary for the specific troubleshooting or recovery purpose, and all access is documented and subject to audit.

7. Data Retention

We retain your personal information for as long as necessary to provide our Service and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

8. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

9. Data Protection Officer

If you have questions or concerns about how we process your personal data, or if you wish to exercise your data protection rights, please contact us using the information provided in the Contact Us section below. If we have designated a Data Protection Officer (DPO), their contact information will be provided here.

10. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Bananahost
Email: support@uptime-kuma.com