Audit your domain

Privacy Policy

Last updated: January 2025

This Privacy Policy describes how PCN Labs OÜ, operating as Httpeace ("we", "our", or "us"), collects, uses, and protects your information when you use our domain monitoring platform and related services (collectively, the "Service").

1. Information We Collect

1.1 Account and Profile Information

When you create an account, we collect:

  • Email address: Used for authentication, account recovery, and service communications
  • Name: Optional display name for your profile
  • Profile picture: If provided through OAuth authentication (Google)
  • Authentication data: OAuth tokens and magic link verification tokens

1.2 Workspace and Organization Data

When you create or join a workspace:

  • Workspace name and details: Organization name, website URL
  • Team member information: Email addresses and roles of invited team members
  • Billing email: For subscription and payment-related communications
  • Membership data: Your role, join date, and status within each workspace

1.3 Domain Monitoring Data

When you add domains to monitor:

  • Domain names: The domains you add for monitoring
  • Verification records: DNS TXT records used to prove domain ownership
  • Domain check results: SSL certificate details, DNS records, email configuration, security headers, blacklist status, and other technical information gathered from public sources
  • Report history: Historical data about domain checks and their results
  • Alert configurations: Your preferences for when and how to be notified about domain issues

1.4 Billing and Payment Information

When you subscribe to a paid plan:

  • Payment information: Processed and stored by Stripe (our payment processor); we do not store complete credit card numbers
  • Billing history: Subscription plan, billing cycle, payment dates, and transaction records
  • Tax information: If required for compliance purposes

1.5 Usage and Analytics Data

We automatically collect:

  • Device information: Browser type, version, operating system, device identifiers
  • Log data: IP addresses, access times, pages visited, actions performed
  • Analytics data: Feature usage, session duration, click patterns (collected via PostHog)
  • Error reports: Exception logs and performance data to improve service reliability

1.6 Communication Data

  • Support requests: Messages sent through our support forms
  • Email interactions: Communications with our team
  • Feedback: Survey responses and feature requests

1.7 Integration Data

When you connect third-party integrations:

  • Slack workspace data: Workspace ID, channel information for alert delivery
  • Webhook URLs: Endpoints for custom alert integrations
  • API keys: For programmatic access to your Httpeace data

2. How We Use Your Information

We use the collected information for the following purposes:

2.1 Service Provision

  • Authenticate users and manage accounts
  • Create and manage workspaces and team memberships
  • Monitor domains and run security checks
  • Generate reports and deliver alerts
  • Process payments and manage subscriptions
  • Provide customer support

2.2 Service Improvement

  • Analyze usage patterns to improve features and user experience
  • Debug errors and optimize performance
  • Develop new features and functionality
  • Conduct research and analytics

2.3 Communication

  • Send transactional emails (account verification, password resets, alerts)
  • Deliver service updates and important notices
  • Send marketing communications (you may opt out at any time)
  • Respond to support requests and inquiries

2.4 Legal and Security

  • Comply with legal obligations and respond to legal requests
  • Enforce our Terms of Service
  • Prevent fraud, abuse, and security incidents
  • Protect the rights, property, and safety of our users and the public

3. Information Sharing and Disclosure

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

3.1 Service Providers

We work with trusted third-party service providers:

  • Stripe: Payment processing and subscription management
  • Resend: Transactional email delivery
  • PostHog: Product analytics and error tracking
  • Vercel: Application hosting and infrastructure
  • Database hosting: Secure data storage

These providers are contractually obligated to protect your data and use it only for the purposes we specify.

3.2 Workspace Team Members

Within your workspace, certain information is shared with team members:

  • Workspace details and settings
  • Domain monitoring data and reports
  • Alert history
  • Team member list and roles

You control who has access to your workspace by managing team invitations and memberships.

3.3 Legal Requirements

We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

  • Comply with legal obligations, court orders, or governmental requests
  • Enforce our Terms of Service or other agreements
  • Protect against fraud, security threats, or illegal activity
  • Protect the rights, property, or safety of Httpeace, our users, or the public

3.4 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

4. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy:

  • Account data: Retained while your account is active and for 90 days after deletion
  • Domain monitoring data: Retained for the duration of your subscription and for 90 days after workspace deletion
  • Billing records: Retained for 7 years to comply with tax and accounting regulations
  • Analytics data: Aggregated and anonymized data may be retained indefinitely
  • Logs: Retained for up to 90 days for security and debugging purposes

You may request deletion of your data at any time by deleting your account through the Service or contacting us.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Regular security assessments and updates
  • Access controls and authentication requirements
  • Secure data storage with reputable providers
  • Employee training on data protection

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security, but we continuously work to protect your information.

6. Your Rights and Choices

6.1 Access and Correction

You can access and update most of your information through your account settings and workspace dashboard.

6.2 Data Portability

You can export your domain monitoring data, reports, and workspace information through the Service or by contacting us.

6.3 Deletion

You can delete your account and associated data at any time through your profile settings. Note that:

  • Deletion is permanent and cannot be undone
  • Some data may be retained in backups for up to 90 days
  • We may retain certain information as required by law

6.4 Marketing Opt-Out

You can opt out of marketing emails by:

  • Clicking the "unsubscribe" link in any marketing email
  • Updating your email preferences in account settings
  • Contacting us at legal@httpeace.com

You cannot opt out of transactional emails necessary for the Service (e.g., alerts, billing notices, security notifications).

6.5 GDPR Rights (European Users)

If you are in the European Economic Area, you have additional rights under GDPR:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data ("right to be forgotten")
  • Right to restriction: Request limited processing of your data
  • Right to data portability: Receive your data in a structured, machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time where processing is based on consent
  • Right to lodge a complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at legal@httpeace.com.

6.6 California Privacy Rights (CCPA)

If you are a California resident, you have rights under the California Consumer Privacy Act:

  • Right to know: Request disclosure of personal information collected, used, and shared
  • Right to delete: Request deletion of your personal information
  • Right to opt out: Opt out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination: Not be discriminated against for exercising your privacy rights

To exercise these rights, contact us at legal@httpeace.com.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • Maintain your session and keep you logged in
  • Remember your preferences and settings
  • Analyze usage patterns and improve the Service
  • Track errors and performance issues

You can control cookies through your browser settings. However, disabling cookies may limit your ability to use certain features of the Service.

Types of cookies we use:

  • Essential cookies: Necessary for authentication and core functionality
  • Analytics cookies: Help us understand how the Service is used (PostHog)
  • Preference cookies: Remember your settings and preferences

8. Third-Party Links and Services

The Service may contain links to third-party websites or integrations with third-party services (e.g., Slack). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

9. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child under 16, we will take steps to delete that information promptly.

10. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence, including Estonia and the United States. These countries may have data protection laws different from your jurisdiction.

For European users, we ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions
  • Other lawful transfer mechanisms

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Updating the "Last updated" date at the top of this page
  • Sending an email notification to your registered email address
  • Displaying a prominent notice on the Service

Your continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

PCN Labs OÜ Tornimäe tn 5 Tallinn, Estonia 10145 Email: legal@httpeace.com

For GDPR-related inquiries, please use the subject line: "GDPR Request - [Your Request Type]"

We will respond to your request within 30 days.