Legal

Privacy policy.

What we collect, why we collect it, and the controls you have. We keep this short on purpose — monitoring your uptime should not mean surrendering your privacy.

Last updated · April 2026

0. This website

upfour.io sets no cookies and loads nothing from third parties. No analytics scripts, no tracking pixels, no external fonts. Our web server (hosted by Hetzner in Germany) keeps standard access logs — IP address, time, requested page — for security and capacity purposes, deleted on rotation. That is the complete list, which is why there is no cookie banner.

1. Information we collect

We collect information you provide directly (email, name, password) and data generated through your use of the Service (monitor configurations, check results, incident history).

2. How we use your information

We use your information to operate and improve the Service, send notifications about your monitors, and communicate important updates about your account.

3. Data storage and security

Your data is stored on secured servers. We use encryption in transit and at rest, and implement access controls to protect your information. Sensitive credentials (e.g., HTTP auth passwords) are stored in encrypted form.

4. Data retention

Check result data follows a tiered retention policy: hot storage (48 hours), warm storage (30 days), and cold archival. You can export your data at any time via the Reporting section.

5. Third-party services & subprocessors

We use the following subprocessors to operate the Service. Where a provider processes data outside the EU/EEA, transfers are safeguarded by EU Standard Contractual Clauses and, where applicable, the EU–US Data Privacy Framework.

  • Hetzner Online GmbH (Germany) — hosting and infrastructure. EU.
  • Amazon Web Services EMEA SARL — transactional email delivery (SES, region eu-central-1). AWS Inc. (US) acts as sub-subprocessor; SCC/DPF apply.
  • Resend, Inc. (US) — fallback transactional email delivery. SCC/DPF apply.
  • Stripe Payments Europe, Ltd. (Ireland) — payment processing and invoicing. Stripe Inc. (US) acts as sub-subprocessor; SCC/DPF apply.
  • Functional Software, Inc. (Sentry) (US) — error monitoring; technical error data only. SCC/DPF apply.
  • Cloudflare, Inc. (R2) (US, EU jurisdiction storage) — long-term archive of check results. SCC/DPF apply.

Notification integrations you configure yourself (Slack, PagerDuty, Telegram, etc.) receive alert data under their own privacy policies. For business customers we offer a data processing agreement (DPA) covering the above.

6. Your rights

You can access, update, or delete your personal data through the Settings page. You can delete your entire account and all associated data at any time. Under the GDPR you also have the rights to access, rectification, erasure, restriction, portability and objection, and the right to lodge a complaint with a supervisory authority.

7. Cookies

The application uses essential authentication state only (JWT tokens stored in localStorage). We do not use tracking or advertising cookies — in the app or on this site.

8. Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification.

9. Controller & contact

Controller within the meaning of Art. 4(7) GDPR:
wissmann media, Inh. Dennis Wissmann, Vennstr. 86, 40627 Düsseldorf, Germany (see imprint).

If you have questions about this privacy policy or want to exercise your rights, contact us at info@wissmann-media.de.

© 2026 wissmann media · Read the terms of service →