Privacy Policy

This Privacy Policy describes how uptime.cx ("we," "us") collects, uses, stores, and protects information when you use our reliability intelligence platform and related services (the "Service"). We are committed to protecting your privacy and handling your data transparently.

2.1 Account Information

When you create an account, we collect your name, email address, and profile information provided through our authentication provider (Clerk). If you sign in with a social provider (e.g., Google), we receive the profile data you authorize.

2.2 AWS Infrastructure Data

When you connect an AWS account, the Service collects read-only configuration data about your AWS resources. This includes resource types, identifiers, ARNs, regions, configurations (e.g., Multi-AZ settings, backup policies, security group rules), and relationships between resources. We do not access the content of your data stores (e.g., S3 object contents, database records, application logs).

2.3 Billing Information

Payment processing is handled by Stripe. We do not store credit card numbers or bank account details. We retain your Stripe customer ID and subscription status for billing purposes.

2.4 Usage and Analytics Data

We collect information about how you interact with the Service, including pages visited, features used, browser type, device information, IP address, and referring URLs. We use cookies and similar technologies (such as analytics scripts and session tracking) to understand usage patterns, improve the Service, and personalize your experience. See Section 7 for more details.

2.5 Communications

When you contact us via email or through the Service, we collect the content of your messages and any information you choose to provide.

• Provide the Service— scan your AWS infrastructure, analyze reliability risks, generate findings and remediation guidance, detect drift, and produce reports.
• AI-assisted analysis— resource configuration summaries (not raw credentials or data contents) may be sent to third-party AI providers (currently Google Gemini) for deeper reliability analysis. See Section 5.
• Billing and account management— process payments, manage subscriptions, and enforce plan limits.
• Service improvement— analyze usage patterns, diagnose issues, and develop new features.
• Communications— send transactional emails (account verification, scan completion, drift alerts) and, with your consent, marketing communications.
• Security and fraud prevention— detect and prevent unauthorized access, abuse, and other security threats.

Your data is stored in the following infrastructure:

• Database— Neon (PostgreSQL) hosted in AWS us-east-1.
• Application— Vercel (web application) and AWS ECS Fargate (scanner workloads), both in the US.
• Secrets— AWS Secrets Manager for encryption keys and service credentials.

AWS external IDs used for IAM role assumption are encrypted at rest using AES-256-GCM. All data in transit is encrypted via TLS. We follow industry-standard security practices as described in our Security page.

We share data with the following categories of third-party processors:

We do not sell your personal data or AWS infrastructure data to any third party.

• Account data— retained for the lifetime of your account plus 30 days after deletion.
• Scan and finding data— retained while your account is active. Deleted within 30 days of account closure.
• Health check data— automatically pruned after 7 days.
• Billing records— retained as required by applicable tax and accounting laws.
• Analytics data— aggregated and anonymized data may be retained indefinitely for statistical purposes.

We use the following types of cookies and similar technologies:

• Essential cookies— required for authentication, session management, and security. Cannot be disabled.
• Analytics cookies— help us understand how visitors use the Service, which pages are most visited, and where users encounter issues. We may use third-party analytics services that collect anonymized usage data.
• Functional cookies— remember your preferences (e.g., selected region filters, panel states).

We may also use web beacons, pixel tags, and similar technologies in emails to measure open rates and engagement. You can manage cookie preferences in your browser settings. Disabling essential cookies may prevent you from using the Service.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict certain processing activities
• Request data portability
• Withdraw consent for optional data processing

To exercise any of these rights, contact us at support@uptimecx.com. We will respond within 30 days.

Your data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the Service. The "Effective date" at the top indicates the date of the latest revision.

For privacy-related questions or requests, contact us at support@uptimecx.com.