SiteFluxSiteFlux← Back to Home
Legal

Privacy Policy

SiteFlux – Advanced Monitoring & Branded Status Pages

Last updated: February 2025

1. Data Controller

Idra Informatica
Via la Marca 1, 56040, Crespina Lorenzana (PI), Italy
VAT Number: IT02547810503
Email: [email protected] | [email protected]

Idra Informatica acts as Data Controller pursuant to Regulation (EU) 2016/679 (GDPR) and applicable international data protection laws.

For any inquiry regarding the processing of personal data, please contact us at the email address above.

2. Types of Data Collected

2.1 Data provided directly by the user

  • Identification data: first name, last name, company name
  • Contact data: email address, phone number (if provided for SMS/call alerts)
  • Access credentials: email address and password (stored as bcrypt hash)
  • Billing data: company name, address, VAT/tax number (processed via Stripe)
  • Monitoring configurations: monitored URLs, SSH/SFTP credentials (encrypted at rest), keywords, alert settings

2.2 Data collected automatically

  • Service usage data: access logs, IP address, browser, operating system, pages visited
  • Technical monitoring data: response times, HTTP status codes, SSL check results, SEO metrics, performance scores
  • Technical and session cookies (see Cookie section)
  • Billing and transaction data (provided by Stripe in partially masked form)

2.3 Data related to monitored websites

Technical data collected during monitoring activity (response time, availability, HTTP response content, SSL certificate status, etc.) is functional service data and does not constitute personal data unless monitored URLs contain references to identifiable natural persons.

3. Purposes and Legal Basis for Processing

3.1 Performance of a contract (Art. 6(1)(b) GDPR)

  • Providing the SiteFlux service (monitoring, alerts, status pages)
  • Managing user accounts and authentication
  • Sending alert notifications via email, Telegram, SMS, and webhooks
  • Processing payments via Stripe
  • Providing the 7-day free trial period

3.2 Legitimate interests of the Controller (Art. 6(1)(f) GDPR)

  • Preventing abuse, fraud, and unauthorized access
  • Improving and optimizing the service
  • Anonymous aggregate analysis of platform usage
  • Infrastructure security

3.3 Legal obligation (Art. 6(1)(c) GDPR)

  • Retention of billing data for tax and accounting obligations
  • Responding to requests from competent authorities

3.4 Consent (Art. 6(1)(a) GDPR)

  • Sending commercial communications and newsletters (optional, revocable at any time)
  • Use of non-essential cookies (where applicable)

4. Processing Methods and Security

Personal data is processed using electronic means in compliance with appropriate technical and organizational security measures, including:

  • Encryption of SSH/SFTP credentials and passwords (bcrypt hashing)
  • HTTPS/TLS encryption in transit
  • Access to data restricted to authorized personnel only
  • HMAC signature verification for webhooks
  • Downtime confirmation required from at least 2 separate locations before triggering alerts
  • Regular data backups

Data is not subject to automated decision-making processes with significant legal effects.

5. Data Retention

  • Account data: for the duration of the contract and up to 30 days after account deletion, unless longer retention is required by law
  • Monitoring logs and metrics: 90 days (Starter plan), 12 months (Business plan), 24 months (Enterprise plan)
  • Incident history: 12 months (Starter), 24 months (Business), unlimited (Enterprise)
  • Billing and invoice data: 10 years pursuant to Italian tax law obligations
  • Access and security logs: 12 months
  • Marketing communications data: until consent is withdrawn

6. Data Sharing and International Transfers

Data may be shared with the following categories of recipients:

  • Stripe, Inc. (payment processing and billing) – SCCs: stripe.com/privacy
  • Twilio, Inc. (SMS delivery and voice calls) – SCCs: twilio.com/legal/privacy
  • SMTP provider (sending alert and notification emails)
  • Cloud hosting and infrastructure providers (servers, databases)
  • Telegram (sending notifications via Bot API) – only technical data strictly necessary for delivery

Some providers may be located outside the European Economic Area (EEA). In such cases, the transfer is carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission or other appropriate safeguards pursuant to the GDPR.

Personal data is never sold or transferred to third parties for marketing purposes.

7. Rights of the Data Subject

Under Articles 15–22 of the GDPR, users have the right to:

  • Access: obtain confirmation of processing and a copy of their data (Art. 15)
  • Rectification: correct inaccurate or incomplete data (Art. 16)
  • Erasure ("right to be forgotten"): request deletion of data (Art. 17)
  • Restriction of processing (Art. 18)
  • Data portability in a structured, machine-readable format (Art. 20)
  • Objection to processing based on legitimate interest (Art. 21)
  • Withdrawal of consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal

To exercise these rights, please send a request to: [email protected] | [email protected]

Idra Informatica will respond within 30 days of receiving the request. If the response is unsatisfactory, users have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali, www.garanteprivacy.it) or with the supervisory authority of their country of residence.

For users located in the United States (California), additional rights apply under the California Consumer Privacy Act (CCPA). Please contact us at the address above to exercise your CCPA rights.

8. Cookies and Tracking Technologies

SiteFlux uses only strictly necessary technical and session cookies required for the service to function (authentication, CSRF security, session preferences). No profiling or third-party tracking cookies are used without explicit consent.

Public status pages (/status/[slug]) may be embedded via widget on third-party sites. In such cases, visitors of the status pages are only subject to SiteFlux's technical cookies and are not profiled.

9. Data of Public Status Page Visitors

Public status pages are accessible without registration. Data collected from visitors of such pages is limited to standard technical logs (IP, browser, timestamp) retained for 30 days for security purposes. The customer who creates the status page is responsible for adequately informing their end users if the status page collects any additional data.

10. Minors

SiteFlux is a service intended exclusively for adults or legal entities. Idra Informatica does not knowingly collect data from individuals under 16 years of age. If such data is identified, it will be immediately deleted.

11. Changes to This Privacy Policy

Idra Informatica reserves the right to update this Privacy Policy. Substantial changes will be communicated via email to registered users at least 15 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the changes.

12. Contact

Idra Informatica
Via la Marca 1, 56040, Crespina Lorenzana (PI), Italy
VAT: IT02547810503
Email: [email protected] | [email protected]