Privacy Policy

Last updated: December 13, 2025

This Privacy Policy explains how Webalert ("we", "us", or "our") collects, uses, and protects personal data when you use our website uptime monitoring and status page service. It is intended to comply with the EU General Data Protection Regulation (GDPR) and applicable Danish data protection law.

1. Data controller and contact details

For the purposes of GDPR, the data controller for personal data processed in connection with Webalert is:

Service provider / data controller
CS Ventures ApS CVR 46079809 Toftebuen 100 4000 Roskilde Denmark Email: contact@web-alert.io

If you have any questions about this Privacy Policy or our data processing practices, you can contact us using the email address above.

2. Scope and roles (B2B service)

Webalert is primarily intended for business customers (B2B). When you create an account and use Webalert to monitor your own websites or systems:

  • We act as data controller for the personal data we collect about you as a customer and user of the service (e.g. account data, billing data).
  • Your organisation is typically the data controller for any personal data relating to your own end-users that may be processed through your use of the service (e.g. IP addresses in logs), and we act as your data processor in that respect.

If you require a separate data processing agreement (DPA), please contact us using the contact details above.

3. Categories of data we collect

We collect and process the following categories of personal data when you use Webalert:

  • Account data – name, email address, password (hashed), organisation name, and preferences you provide when creating or managing your account.
  • Service usage data – monitor configurations, status page settings, notification rules, incident history, and related logs that are necessary to provide the service.
  • Technical data – IP address, browser type, device information, and basic usage metadata generated by your interaction with the app and our website.
  • Billing data – subscription plans, payment status, and partial payment details processed via our payment provider (Stripe). We do not store full credit card numbers on our own systems.
  • Support data – information you provide when you contact us for support, including email content and attachments.

We do not intentionally collect sensitive personal data (special categories under GDPR) and ask that you do not submit such data via the service.

4. Purposes and legal bases for processing

We process personal data for the following purposes and on the following legal bases:

  • To provide and operate the service
    We process account data, service usage data, and technical data in order to create and maintain your account, monitor your configured websites, send alerts, and provide the functionality of Webalert.
    Legal basis: GDPR Article 6(1)(b) (performance of a contract).
  • To handle billing and payments
    We process billing data and limited payment-related data in cooperation with our payment provider, Stripe, to manage subscriptions, charge applicable fees, and handle refunds where relevant.
    Legal basis: GDPR Article 6(1)(b) (performance of a contract) and 6(1)(c) (compliance with legal obligations, e.g. bookkeeping rules).
  • To provide support and communicate with you
    We process your contact details and support data to respond to inquiries, send important service-related notifications (e.g. incidents, changes to terms, security notices), and manage your account.
    Legal basis: GDPR Article 6(1)(b) and 6(1)(f) (legitimate interest in providing a reliable service and support).
  • To improve and secure the service
    We may use aggregated and anonymised usage data and logs to analyse performance, detect abuse, and improve the stability and security of Webalert.
    Legal basis: GDPR Article 6(1)(f) (legitimate interest in improving and securing our service).
  • Marketing communications (optional)
    If you sign up to receive product updates or marketing emails, we process your email address for this purpose and provide an easy way to unsubscribe at any time.
    Legal basis: GDPR Article 6(1)(a) (consent) and applicable marketing law, including Danish marketing legislation.

5. Data processors and third-party recipients

We use trusted third-party service providers (data processors) to help us deliver Webalert. These providers may process personal data on our behalf and only in accordance with our instructions:

  • Hosting provider – our infrastructure is hosted with Hetzner (EU-based) or similar EU cloud providers, which store application data and backups.
  • Payment processor – Stripe is used to process payments and manage subscriptions. Stripe acts as an independent data controller for some payment data and as our processor for others, under its own terms and data processing agreements.
  • Email delivery and communication tools – to send transactional emails such as alerts, login emails, and important service notices.
  • Other processors – if we add additional tools (e.g. analytics) in the future, we will update this Privacy Policy and our internal records before they are enabled.

We have data processing agreements in place with our processors where required by GDPR, and we require them to implement appropriate technical and organisational measures to protect personal data.

6. International data transfers

As a general rule, we aim to store and process data within the EU/EEA. However, some of our service providers (for example Stripe) may transfer data outside the EU/EEA, including to the United States.

Where this is the case, we ensure that appropriate safeguards are in place for such transfers, including:

  • Use of the EU standard contractual clauses (SCCs) or other valid transfer mechanisms under GDPR.
  • Technical and organisational measures implemented by the relevant service providers.

You can contact us if you would like more information about the specific transfer mechanisms used for your data.

7. Data retention

We keep personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. In practice, this means for example:

  • Account and monitoring data are retained while your account is active and for a reasonable period after closure, in case of reactivation or for backup integrity.
  • Billing and transaction records are retained for the period required under Danish bookkeeping and tax legislation (typically 5 years plus the current financial year).
  • Support communications are retained for as long as necessary to manage your requests and for a limited time afterwards for documentation and training.

We regularly review our retention periods and anonymise or delete personal data when it is no longer needed.

8. Your rights under GDPR

As an individual in the EU/EEA, you have the following rights in relation to your personal data processed by us:

  • Right of access – to obtain confirmation as to whether we process your personal data and to receive a copy.
  • Right to rectification – to have inaccurate or incomplete personal data corrected.
  • Right to erasure – to request deletion of your personal data in certain circumstances ("right to be forgotten").
  • Right to restriction – to request that we restrict processing of your personal data in certain cases.
  • Right to data portability – to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
  • Right to object – to object to processing based on our legitimate interests and to direct marketing.
  • Right to withdraw consent – where processing is based on consent, you may withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

You can exercise many of these rights directly via your account settings. You can also contact us using the details above if you wish to exercise your rights or have questions about them.

You also have the right to lodge a complaint with your local supervisory authority. In Denmark, this is:
Datatilsynet (The Danish Data Protection Agency) – www.datatilsynet.dk.

9. Cookies and similar technologies

Like most websites, Webalert uses cookies and similar technologies (such as local storage) to operate and improve our website and service.

At the time of writing, we mainly use:

  • Strictly necessary cookies and local storage entries – for example to remember that you have dismissed the cookie banner or to keep you logged in to the app. These are required for the website and service to function properly and do not require consent under applicable cookie rules.
  • Functional and security-related technologies – to help protect your account, manage sessions, and provide basic performance and reliability.

If we introduce additional analytics or marketing cookies in the future, we will update this section and present you with an appropriate cookie banner and choices before such cookies are set (except for strictly necessary cookies).

You can control and delete cookies through your browser settings. However, disabling certain cookies may affect the functionality of our website or service.

10. Data security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration. These measures include, among other things:

  • Use of encryption in transit (TLS) and, where appropriate, at rest.
  • Access controls and authentication for administrative access.
  • Regular software updates and security patches.
  • Backups and monitoring of the service to detect and respond to incidents.

No online service can guarantee absolute security, but we work continuously to protect your data and to respond quickly if we identify any issues.

11. Changes to this Privacy Policy

We may update this Privacy Policy from time to time, for example if we introduce new features or if applicable law changes.

When we make material changes, we will notify you via the service or by email where appropriate. The date at the top of this page indicates when this Privacy Policy was last updated.