Nova Uptime
Sus datos, sus derechos

Política de Privacidad

Nos tomamos su privacidad muy en serio. Esta política explica cómo Nova Uptime recopila, utiliza y protege su información.

Última actualización: February 21, 2026 at 6:00 PM GST

Nova Uptime («nosotros», «nuestro» o «nos»), un producto de Antifragile Technologies L.L.C-FZ, se compromete a proteger su privacidad. Esta Política de Privacidad explica cómo recopilamos, utilizamos, almacenamos y salvaguardamos su información cuando utiliza nuestro servicio de monitorización de uptime de sitios web y de salud del email en novauptime.com, go.novauptime.com y admin.novauptime.com (conjuntamente, el «Servicio»).

Al utilizar el Servicio, usted consiente las prácticas descritas en esta política. Si no está de acuerdo con esta política, le rogamos que no utilice el Servicio.

Section 1

Information We Collect

We collect and process the following categories of information:

1.1 Account Information

  • Email address (used as your unique identifier and for notifications).
  • Password (stored as a one-way bcrypt hash — we never store plaintext passwords).
  • Account role (user, admin, or superadmin) and registration date.

1.2 Domain & Monitoring Data

  • URLs you add for monitoring, including custom display names and check configuration (interval, timeout, check method).
  • HTTP response codes, response times, and connection status for each health check.
  • SSL certificate details: validity status, issuer, expiry date, and days remaining.
  • Domain registration expiry information obtained via RDAP and WHOIS protocol lookups.
  • Email health data: DNS record checks (MX, SPF, DKIM, DMARC), blacklist scan results, deliverability scores, and grades for domains where you enable email health monitoring.
  • Website favicons fetched via Google's Favicon Service or directly from your domain.
  • Screenshots captured automatically when a health check fails (stored for 30 days).
  • Incident records: downtime start/end times, duration, and recovery status.
  • Embeddable widget configuration: enabled/disabled status, selected components, and embed token per domain.
  • Widget access logs: origin domains from which embedded widgets are loaded, for domain verification purposes.

1.3 URL & Content Monitoring Data

  • URLs you add for content monitoring, including custom display names and check configuration (interval, screenshot frequency).
  • Content hash data (SHA-256 hashes of page text content) used to detect changes between checks.
  • Content change records: previous and current content hashes, line-level diff summaries showing added and removed content, and timestamps.
  • Periodic screenshots captured from monitored URLs at your configured interval.
  • URL monitoring state: active, changed, error, or unknown status for each monitored URL.

1.4 Notification Preferences & Multi-Channel Data

  • Email notification preferences (status changes, SSL alerts, domain expiry warnings, email health alerts).
  • CC email addresses you provide for team notifications.
  • SSL and domain expiry warning thresholds you configure.
  • Email health monitoring preferences: enabled/disabled status and check frequency per domain.
  • Per-domain notification channel preferences: which channels (WhatsApp, webhooks) are enabled for each monitored domain.
  • Per-domain WhatsApp account assignments: which connected WhatsApp accounts receive alerts for each domain.
  • Outgoing webhook configurations: endpoint URLs, event subscriptions, and delivery logs per domain.

1.5 Technical Data

  • IP address and user agent string from HTTP requests (for rate limiting and security).
  • Authentication tokens (JWTs stored in your browser's localStorage).
  • Basic usage metrics to understand feature adoption and improve the Service.

1.6 Public Tool & Contact Data

  • Email addresses submitted through the public Email Health Checker tool (if you opt in to receive results).
  • Cold Email Campaign Simulator: email lists and domains submitted for deliverability analysis, email address for results delivery, sending domain information. All submitted data is stored permanently for service improvement and analytics.
  • Contact form submissions: name, email, subject, and message content.
  • Feedback submissions: email (optional), message, and page context.

1.7 Anonymous Trial Data

  • IP address and user agent string when you start an anonymous trial session (for rate limiting and session security).
  • Domain URLs you add for monitoring during the trial (up to 5 domains).
  • Monitoring check results collected during the trial period (up to 40 minutes).
  • Trial session metadata: session ID, creation time, status, and expiry time.
  • User agent is used to prevent unauthorized session sharing — only the original browser that created the trial can access the dashboard.

Retention: Unclaimed trial data is automatically deleted after the trial session expires (40 minutes). If you claim the trial by creating an account, your monitoring domains are transferred to your account and retained per standard account data retention.

1.8 User Profile Data

  • Name and phone number (optional, provided by you).
  • Business name and address (optional, for invoicing purposes).
  • Tax identification number and type (optional, e.g., VAT/TRN for invoicing).
  • Profile data may be automatically populated from Stripe billing details when you make a purchase (only fills empty fields).

1.9 Email Change Verification

  • When you change your email address, we use a dual-OTP verification process: a code is sent to your current email first, then to your new email.
  • OTP codes for email changes expire after 15 minutes and are single-use.
  • A confirmation notification is sent to your old email address after a successful change.
  • Your new email replaces the old one across all services — previous email is not retained.

1.10 Connected WhatsApp Accounts

  • Phone numbers associated with WhatsApp accounts you connect to Nova Uptime, stored for delivery and display purposes.
  • Optional labels you assign to each connected account (e.g., "Personal", "Work") for identification purposes.
  • Connection timestamp: when each WhatsApp account was successfully connected.
  • WhatsApp message delivery logs: message content, recipient WhatsApp account, delivery status, and timestamp. These are retained for troubleshooting purposes.
  • We do not store or read your WhatsApp chat history, contacts, or any messages other than the alert notifications we send you.

1.11 Webhook Delivery Data

  • Webhook endpoint URLs you configure for receiving monitoring event notifications.
  • Webhook signing secrets (HMAC-SHA256 keys) generated for payload verification.
  • Event subscriptions: which monitoring event types each webhook endpoint is configured to receive.
  • Delivery logs: HTTP response status codes, delivery timestamps, success/failure status, and truncated response bodies (up to 500 characters) for troubleshooting.
  • Consecutive failure counts used for automatic circuit-breaker disabling of persistently failing webhooks.
Section 2

How We Use Your Information

We use the collected information for the following purposes:

Service Delivery

To provide uptime monitoring, SSL tracking, domain expiry alerts, email health monitoring, URL content change detection, periodic URL screenshots, and failure screenshots for your configured domains and URLs.

Notifications

To send alerts via your configured channels — email, WhatsApp, and webhooks — for status changes, SSL issues, domain expiry warnings, email health degradation/recovery alerts, URL content changes, URL screenshot captures, weekly summary reports, and domain addition/deletion confirmations.

Authentication

To verify your identity via OTP email verification, JWT tokens, and password reset flows.

Service Improvement

To analyze usage patterns, fix bugs, optimize performance, and develop new features.

Security

To detect and prevent abuse, enforce rate limits, and protect the infrastructure.

Communication

To respond to support inquiries, send essential service updates, and deliver targeted administrative communications to specific users when necessary (not unsolicited marketing emails).

Section 3

Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the monitoring service you signed up for (account management, health checks, notifications).
  • Legitimate Interests: Processing for service improvement, security, abuse prevention, and analytics, balanced against your privacy rights.
  • Consent: Where required, such as for optional features or communications beyond essential service updates.
  • Legal Obligation: Processing required to comply with applicable laws and regulations.
Section 4

Data Retention

We retain your data only as long as necessary for the purposes described above:

Data TypeRetention Period
Account dataUntil account deletion
Profile data (name, address, tax ID)Until account deletion
Check history90 days
Failure screenshots30 days
Notification records90 days
Email logs90 days
Embed access logs30 days
Billing & license recordsUntil account deletion
Payment transaction referencesUntil account deletion
Lead data (public tool submissions)Until deletion request
Feedback submissionsUntil resolved or 1 year
Incident recordsUntil account deletion
URL monitoring configurationUntil URL removed or account deletion
URL content change records & diffs90 days
URL screenshots30 days
Connected WhatsApp accounts & labelsUntil disconnected by user or account deletion
WhatsApp message delivery logs90 days
Webhook configurations & secretsUntil removed by user or account deletion
Webhook delivery logs90 days
Anonymous trial sessions40 minutes (auto-deleted if unclaimed)
OTP verification codes15 minutes (auto-expire)

Deleted accounts and their associated data are permanently removed within 30 days of the deletion request.

Section 5

Data Sharing & Third-Party Services

We do not sell, rent, or trade your personal information. We share data with third parties only in the following limited circumstances:

Stripe

Payment processing for paid plans and add-ons. Stripe receives your payment card details, billing address, and email. We do not store card numbers or CVVs. See Section 6 for details.

SendGrid

Email delivery for notifications, OTP codes, password resets, and weekly reports. SendGrid processes your email address and notification content.

WhatsApp (Meta)

WhatsApp message delivery for monitoring alerts. When you connect a WhatsApp account and enable WhatsApp notifications, message content is delivered through WhatsApp's platform. Message content is end-to-end encrypted by WhatsApp. Meta processes message metadata according to WhatsApp's Privacy Policy.

Cloudflare

DNS management and CDN for our domains. Cloudflare may process your IP address and request headers for performance and security.

Google Favicon Service

We use Google's public favicon API to fetch website icons for your monitored domains. Only the domain name is sent to this service.

RDAP/WHOIS Registries

Domain expiry lookups query public internet registry databases. Only the domain name is transmitted.

DNS Infrastructure

Email health checks query public DNS servers to validate MX, SPF, DKIM, and DMARC records. Only the domain name is transmitted. Blacklist checks query public real-time blacklist (RBL) services using your domain's mail server IP addresses.

Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of our users or the public.

Embeddable Widgets

When you enable an embeddable status widget for a domain, limited monitoring data (current status, uptime history, response times, and email health grade) is made available via a public API endpoint. This data is only accessible with a valid embed token and is restricted to requests originating from the verified domain and its subdomains. No personal user data is exposed through embed widgets.

Section 6

Payment Processing

When you purchase a paid plan or add-on, your payment is processed securely by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. We do not store, process, or have access to your full credit card number, CVV, or other sensitive payment card data.

What Stripe Receives

Your payment card details, billing address, email, and tax identification number (if provided). Stripe processes the payment on our behalf and provides us with a transaction reference.

What We Store

Transaction amount, currency, payment status, Stripe session and payment intent IDs, receipt URL, billing details you provide (name, address, tax ID) for invoicing purposes, and payment attempt records (including pending, expired, and cancelled checkout sessions) for billing transparency. We never store card numbers or CVVs.

Receipts

Payment receipts are available for download from your billing page. Stripe-hosted receipt links are also provided for each transaction.

Refunds & Disputes

Refund and dispute information is shared between Stripe and our system to update your account status accordingly.

For more information about Stripe's privacy practices, visit stripe.com/privacy.

Section 7

WhatsApp Notification Data

When you connect a WhatsApp account and enable WhatsApp notifications, we deliver monitoring alerts directly to your WhatsApp. This section explains how your data is handled in that context.

What We Access

When you connect your WhatsApp account, we identify your WhatsApp account so that we can send monitoring alerts to you. We do not access your contacts, chat history, media, or any other data from your WhatsApp account.

Message Content

Monitoring alert messages we send to you contain domain names, event types (downtime, recovery, SSL, domain expiry), timestamps, and status information. No sensitive personal data beyond your monitored domain names is included in alert messages.

Data We Store

We store your WhatsApp account identifier, the label you assign, and message delivery logs (delivery status, timestamp) for troubleshooting purposes. Delivery logs are retained for 90 days.

WhatsApp Data Processing

Message delivery is processed through WhatsApp's platform. Message content is end-to-end encrypted by WhatsApp. Meta (WhatsApp) processes message metadata according to their own privacy policies.

Disconnecting

You may disconnect your WhatsApp account at any time from your account settings. Upon disconnection, no further alerts will be sent to that account. Previously stored delivery logs are retained for the standard 90-day period before automatic deletion.

For WhatsApp's privacy practices, visit whatsapp.com/legal/privacy-policy.

Section 8

Cookies & Local Storage

We use minimal browser storage for essential functionality only:

  • localStorage: JWT authentication tokens (token for user portal, admin_token for admin portal). These are strictly necessary for the Service to function and are not tracking cookies.
  • No third-party cookies: We do not use advertising, analytics, or tracking cookies from any third party.
  • No cross-site tracking: We do not track your activity across other websites.
Section 9

Data Security

We implement industry-standard security measures to protect your data:

Encryption in Transit

All connections use HTTPS/TLS encryption via Cloudflare.

Password Hashing

Passwords are hashed using bcrypt with salt rounds — we never store or transmit plaintext passwords.

JWT Authentication

Stateless token-based authentication with configurable expiration.

Rate Limiting

API-level rate limiting to prevent brute force attacks and abuse.

Security Headers

Helmet headers (X-Content-Type-Options, X-Frame-Options, etc.) on all API responses.

Database Isolation

PostgreSQL database is not exposed to the public internet — accessible only within the Docker network.

While we take reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data. You acknowledge that the Service is a monitoring and informational tool. While we strive to provide accurate and timely data, we cannot guarantee the completeness, reliability, or accuracy of monitoring results, email health scores, domain expiry information, or any other data provided through the Service.

Section 10

International Data Transfers

Our servers are located in North America. If you are accessing the Service from the EEA, UK, or other regions with data protection laws, please be aware that your data will be transferred to and processed in jurisdictions that may not provide the same level of data protection as your home country. By using the Service, you consent to such transfers. We ensure appropriate safeguards are in place for any international data transfers.

Section 11

Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access

Request a copy of the personal data we hold about you.

Correction

Request correction of inaccurate or incomplete personal data.

Deletion

Request deletion of your personal data (subject to legal retention requirements).

Data Portability

Request an export of your data in a machine-readable format.

Restriction

Request that we restrict the processing of your personal data in certain circumstances.

Objection

Object to processing based on legitimate interests.

Withdraw Consent

Where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at Contact us. We will respond within 30 days.

Section 12

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request information about the categories and specific pieces of personal data we have collected.
  • Right to Delete: You may request deletion of your personal data, subject to certain exceptions.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • No Sale of Data: We do not sell personal information to third parties, and we have not done so in the preceding 12 months.
Section 13

Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at Contact us and we will promptly delete such information.

Section 14

Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify affected users via email within 72 hours of becoming aware of the breach.
  • Provide details about the nature of the breach, the data affected, and the measures taken to mitigate it.
  • Report the breach to relevant supervisory authorities as required by applicable law.
  • Provide guidance on steps you can take to protect yourself.
Section 15

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify registered users via email for significant changes.
  • Provide a summary of what changed.

Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

Section 16

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: Contact us

Company: Antifragile Technologies

Service: Nova Uptime (novauptime.com)

For EEA residents: if you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.