Privacy Policy

This Privacy Policy describes how StatusPageBuddy ("we," "us," or "our") collects, uses, stores, and protects your personal information when you use our website at statuspagebuddy.com and related services (collectively, the "Service").

StatusPageBuddy is a web-based service that allows users to create and manage public status pages for their applications and services. By using our Service, you agree to the collection and use of information as described in this policy.

If you have questions or concerns, contact us at statuspagebuddy@haorix.com.

1. Information We Collect

Information you provide

• Account information:email address and password (stored as a cryptographic hash — we never store your password in plain text).
• Profile information: display name or avatar, if you choose to provide one.
• Status page data: the status pages you create, including page names, component names, incident titles, incident updates, and any other content you publish through the Service.
• Support correspondence: any messages or feedback you send us.

Information collected automatically

• Log and usage data: IP address, browser type, operating system, referring URL, pages visited, and timestamps.
• Device data: device type, screen resolution, and language preferences.
• Analytics data: aggregated and anonymized usage metrics collected via Vercel Analytics (see Section 4).

Information from third-party sign-in

If you sign in using Google OAuth, we receive your email address and basic profile information (name and profile picture) from Google. We do not receive or store your Google password.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Create and manage your account and authenticate your identity.
• Display your public status pages to your end users.
• Send transactional emails (e.g., password resets, account notifications).
• Respond to support requests and communicate with you.
• Monitor and improve the performance, security, and reliability of the Service.
• Detect and prevent fraud, abuse, or security incidents.
• Comply with legal obligations.

We do not sell your personal information to third parties. We do not use your data for advertising purposes.

3. Data Storage and Security

Your data is stored on infrastructure provided by Supabase (which runs on Amazon Web Services). Our primary database and authentication servers are located in the United States. The application is hosted on Vercel, which uses a global edge network.

We implement appropriate technical and organisational measures to protect your personal information, including encryption in transit (TLS/HTTPS) and encryption at rest for database storage. Passwords are stored using industry-standard cryptographic hashing and are never stored in plain text.

However, no method of electronic transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

4. Third-Party Services

We use the following third-party services to operate the Service. Each provider has its own privacy policy governing its use of your data:

• Supabase — authentication, database, and storage. Privacy Policy
• Vercel — application hosting and deployment. Privacy Policy
• Vercel Analytics— privacy-friendly, anonymous web analytics (no cookies, no personal data collected). Privacy Policy
• Google OAuth — optional third-party sign-in. Privacy Policy
• Stripe— payment processing (if applicable). We do not store your credit card details; they are handled entirely by Stripe. Privacy Policy
• Resend— transactional email delivery (account verification, activation reminders, and similar service emails). Privacy Policy
• Beehiiv— newsletter list management and delivery for the optional StatusPageBuddy email newsletter. Beehiiv handles subscription, double opt-in, and unsubscribe on our behalf. Privacy Policy

We may also use AI service providers (such as Anthropic or OpenAI) to power optional AI-assisted features. When you use these features, relevant input data is sent to the AI provider for processing. You can opt out of AI features in your account settings.

5. Cookies and Tracking Technologies

We use the following types of cookies:

• Essential cookies: required for authentication and session management. These cannot be disabled without breaking core functionality.
• Preference cookies: remember your settings and preferences (e.g., theme, language).

We do not use advertising or third-party tracking cookies. Vercel Analytics is cookie-free and does not track individual users.

Most browsers allow you to manage cookie preferences. Disabling essential cookies may prevent you from using the Service.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

• Access: request a copy of the personal data we hold about you.
• Correction: request that we correct inaccurate or incomplete data.
• Deletion: request that we delete your personal data and account.
• Export: request a machine-readable copy of your data (data portability).
• Restriction: request that we limit how we process your data.
• Objection: object to processing of your data in certain circumstances.
• Withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at statuspagebuddy@haorix.com. We will respond within 30 days (or sooner if required by applicable law).

You can also delete your account and associated data directly from your account settings page.

7. International Data Transfers

Our servers are located in the United States. If you are accessing the Service from outside the US (including from the European Economic Area, the United Kingdom, or Australia), your information will be transferred to and processed in the US.

For transfers from the EEA/UK, we rely on Standard Contractual Clauses approved by the European Commission, as well as any applicable adequacy decisions, to ensure your data receives an equivalent level of protection.

8. Information for EU and UK Users (GDPR)

If you are located in the European Economic Area (EEA) or the United Kingdom, the General Data Protection Regulation (GDPR) applies to our processing of your personal data. Our legal bases for processing include:

• Contract performance: processing necessary to provide the Service you signed up for.
• Legitimate interests: improving our Service, preventing fraud, and ensuring security.
• Consent: where you have given explicit consent (e.g., optional AI features).
• Legal obligation: where we are required to process data by law.

You have the right to lodge a complaint with your local data protection authority if you believe we are processing your data unlawfully. For EEA users, you can find your authority at edpb.europa.eu. UK users can contact the Information Commissioner's Office (ICO).

9. Information for Australian Users

We collect and process your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

You have the right to:

• Request access to the personal information we hold about you.
• Request correction of inaccurate personal information.
• Complain about a breach of the APPs to the Office of the Australian Information Commissioner (OAIC).

If you do not provide certain personal information (such as your email address), we may not be able to provide the Service to you.

10. Children's Privacy

The Service is not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at statuspagebuddy@haorix.com and we will promptly delete such information.

11. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymise your personal data within 30 days, except where we are required to retain it for legal, accounting, or regulatory purposes.

Aggregated, anonymised data that cannot identify you may be retained indefinitely for analytics and service improvement.

12. Do Not Track

Some browsers offer a "Do Not Track" (DNT) setting. There is currently no industry standard for how services should respond to DNT signals. As we do not use third-party advertising trackers, this setting has minimal impact on your experience with our Service.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email or through the Service.

We encourage you to review this policy periodically. Your continued use of the Service after changes are posted constitutes acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: statuspagebuddy@haorix.com
• Location: Australia