Privacy Policy

Last updated: May 23, 2026

This Privacy Policy describes how Opsentry ("we", "us") collects, uses, and shares information when you use opsentry.io and the Opsentry service (the "Service").

We try to collect as little as possible to operate the Service. We do not sell your data. We do not run ad tracking. The only third-party analytics we use is Google Analytics, and only on our public marketing homepage (opsentry.io) — not inside the application or on your status page.

1. Information we collect

Account data — name, email, hashed password, organization name and slug.
Service content — services, incidents, maintenance windows, status updates, subscriber lists, and any data you choose to enter.
Usage data — request logs (path, status, IP, user agent) kept for operational purposes.
Cookies — a session cookie after sign-in; a CSRF cookie; and on our marketing homepage only, Google Analytics cookies (see below).
Marketing-site analytics — on opsentry.io we run Google Analytics 4 to understand which pages visitors read before signing up. GA may collect your IP (truncated by Google), device type, referrer, and pages viewed. GA is not loaded inside the application or on tenant status pages. You can opt out with the Google Analytics opt-out browser add-on or by blocking third-party cookies.

2. How we use it

To provide the Service: authenticate you, deliver status pages, send incident notifications.
To send transactional email (account verification, subscription confirmation, team invitations).
To investigate abuse, debug issues, and improve reliability.

We do not use your data to train AI models or sell to third parties.

3. Who we share with

We rely on a small set of subprocessors:

Hosting provider — runs our database, Redis, and message queue.
Email provider — sends transactional email (verification, invitations, incident notifications).
Google Analytics — homepage visitor analytics only; never receives data from inside the application.

We will publish the current vendor list on request. We disclose information when legally required (e.g. subpoena) and will give you notice unless the law forbids it.

4. Retention

Account data: while your account is active, plus up to 30 days after deletion.
Service content: while your organization is active. Deleting a tenant deletes its data within 30 days.
Request logs: typically 30 days.
Audit logs: retained for the lifetime of the tenant for compliance traceability.

5. Your rights

Depending on where you live (GDPR / UK GDPR / CCPA / etc.), you may have the right to access, correct, export, or delete your personal data, and to object to certain processing. Email us using the address below and we will respond within 30 days.

6. Security

We use bcrypt for password hashing, AES-256-GCM for webhook secrets at rest, TLS for data in transit, tenant-scoped access checks, rate limiting on authentication endpoints, and structured audit logging. No system is perfectly secure; we work to limit exposure and to disclose incidents that affect you.

7. International transfers

If your data crosses borders to reach our infrastructure, we rely on the protections our hosting provider has in place (e.g. EU standard contractual clauses) and do not transfer to additional regions without notice.

8. Children

The Service is not directed at children under 16. We do not knowingly collect data from them.

9. Changes

We may update this policy from time to time. Material changes will be announced by email or in-product notice at least 14 days before they take effect.

10. Contact

Privacy questions: privacy@opsentry.io.