Privacy Policy

Effective Date: February 24, 2026

Last Updated: February 24, 2026

1. Introduction

Pingroot LLC ("we", "us", or "our") operates Pingroot (the "Service"), an API monitoring platform. This Privacy Policy explains how we handle data under US laws and the GDPR for our international users.

2. Information We Collect

2.1 Personal Data (Authentication)

We collect limited personal information to provide and secure your account:

  • Email Address: Required for account identification and notifications.
  • Profile Information: When using Google or GitHub OAuth, we retrieve your Name and Avatar URL to personalize your dashboard.
  • Credentials: For email/password signups, passwords are encrypted and hashed.

2.2 Service & Monitoring Data

To perform the monitoring service, we store:

  • Endpoint URLs: The APIs you wish to monitor.
  • Custom Headers: Including API keys or tokens required for your checks.
  • Monitoring Logs: Timestamps, HTTP status codes, and latency (response times).

2.3 Analytics

We use Umami for website analytics. This is a privacy-focused tool that collects anonymous data only. No personal data or IP addresses are tracked or stored via our analytics.

3. Google API Disclosure (OAuth)

Pingroot's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • We only access your email, name, and profile picture.
  • We do not sell your Google user data to third parties.
  • We do not use your Google user data for advertising or profiling.

4. Data Security & Encryption

Security is at the core of Pingroot.

  • Encryption at Rest: All data stored in our Neon (PostgreSQL) database is encrypted at rest using AES-256 by default.
  • Customer-Managed Keys (CMK): Users on the Team Plan can choose to manage their own encryption keys via AWS KMS.
  • Encryption in Transit: All data is transmitted via secure HTTPS/TLS connections.
  • API Key Protection: Sensitive headers and tokens used for monitoring are encrypted before being stored.

5. Infrastructure & Sub-processors

We rely on high-quality partners to provide our service:

  • Cloud Infrastructure: Vercel (Hosting & Compute) on EU Region.
  • Database & Storage: Neon (PostgreSQL Database).
  • Edge Computing: Cloudflare (Monitoring Network).
  • Communication: Resend (Email Delivery).
  • Payments: Stripe (Payment Processing).
  • Security (Optional): AWS KMS (For CMK users).

6. Data Residency & International Transfers

  • Account Data: Your primary account data and database are hosted in Europe.
  • Monitoring Location: While your data is stored in Europe, monitoring checks may be executed from various global locations via Cloudflare's global network to provide accurate multi-region latency reporting.

7. Cookies & Storage

  • Cookies: We use essential cookies for session management (via Better Auth).
  • LocalStorage: We do not currently use LocalStorage for persisting user preferences.

8. Your Rights (GDPR & CCPA)

You have the right to access, rectify, or delete your personal data.

  • Data Portability: You can request an export of your monitoring data.
  • Deletion: You can delete your account at any time, which will remove all personal data and monitoring configurations from our active databases within 30 days.

9. Contact Us

For any privacy-related questions or to exercise your data rights, please reach out to us:

Pingroot LLC

Address: PO Box Sheridan, WY 82801

Email: legal@pingroot.dev