Overview & Scope
This Privacy Policy describes how Techdera Services Pvt. Ltd. ("StatusOrbit", "we", "us", or "our") collects, uses, stores, and shares personal data when you use our uptime and website monitoring platform, visit our website at statusorbit.com, or interact with any of our services (collectively, the "Service").
This policy applies to all users of the Service, including visitors to our website, registered account holders, Free plan users, paid subscribers, and API consumers. It does not apply to third-party websites or services that may be linked to from our platform.
Who We Are
The data controller responsible for your personal data is:
- Company name: Techdera Services Pvt. Ltd.
- Data Protection Officer: support@statusorbit.com
- Privacy contact: support@statusorbit.com
For EU/EEA residents, StatusOrbit acts as the data controller for personal data processed in connection with your account and use of the Service.
What Data We Collect
We collect the minimum data necessary to provide, improve, and secure the Service. The categories of data we collect are described below.
Account & identity data
- Email address (used for login, alerts, and communications)
- Full name (optional, used for display and team identification)
- Password (stored as a bcrypt hash — we never store plaintext passwords)
- Profile photo (optional, if provided via OAuth)
- Company or organization name (optional)
Monitoring configuration data
- URLs, API endpoints, and domains you add as monitors
- Check intervals, alert thresholds, and notification preferences
- Custom HTTP headers or authentication tokens you supply for authenticated checks
- Keyword strings used for content monitoring
Check results & operational data
- HTTP status codes, response times, and body content (as necessary for keyword checks)
- SSL certificate metadata (issuer, expiry date, subject)
- WHOIS domain registration data (expiry date, registrar)
- Incident timestamps, downtime durations, and recovery events
- Uptime percentage calculations and historical availability logs
Billing & payment data
- Subscription plan and billing cycle information
- Payment method type (card brand and last 4 digits — stored by our payment processor, never by us)
- Billing address and GST/tax identification number (where applicable)
- Invoice and transaction history
Usage & technical data
- IP address and approximate geographic location (country/city level)
- Browser type, operating system, and device identifiers
- Pages visited, features used, and session duration within the dashboard
- API request logs (endpoint, timestamp, response code — retained for 30 days)
- Error logs and crash reports for debugging purposes
How We Use Your Data
We use the data we collect exclusively for the following purposes:
| Purpose | Data used | Legal basis |
|---|---|---|
| Providing the monitoring service | Monitor config, check results, account data | Contract performance |
| Sending outage and recovery alerts | Email, Slack token, webhook URL, check results | Contract performance |
| Billing and subscription management | Billing data, email | Contract performance |
| Account authentication and security | Email, password hash, IP address | Legitimate interest |
| Product improvement and debugging | Usage data, error logs, anonymized telemetry | Legitimate interest |
| Transactional emails (invoices, plan changes) | Email, billing data | Contract performance |
| Product announcements and changelog updates | Legitimate interest / Consent | |
| Legal and compliance obligations | Account data, billing records | Legal obligation |
Legal Basis for Processing (GDPR)
For users in the European Economic Area (EEA) and United Kingdom, we process your personal data under one of the following legal bases as defined by the General Data Protection Regulation (GDPR) and UK GDPR:
- Contractual necessity (Art. 6(1)(b)): Processing required to fulfil our agreement with you — delivering monitoring results, sending alerts, managing your subscription, and providing customer support.
- Legitimate interests (Art. 6(1)(f)): Processing necessary for our legitimate business interests such as fraud prevention, security logging, product improvement, and sending product update communications where we have assessed these interests do not override your rights.
- Legal obligation (Art. 6(1)(c)): Processing required by applicable law, including tax record-keeping, responding to lawful government requests, and complying with data subject rights requests.
- Consent (Art. 6(1)(a)): Where we rely on consent — such as optional marketing communications — you may withdraw consent at any time via your account notification settings or by emailing support@statusorbit.com.
Data Sharing & Disclosure
We do not sell your data. We share data only in the limited circumstances described below, and only with parties who are contractually required to protect it.
Sub-processors & service providers
| Provider | Purpose | Data shared | Location |
|---|---|---|---|
| Razorpay | Payment processing | Billing info, email | India / USA / EU |
| Amazon Web Services | Cloud infrastructure & storage | All service data | India, Singapore |
| SMTP2GO | Transactional email delivery | Email address, alert content | USA |
| Cloudflare | CDN, DDoS protection, DNS | IP address, request metadata | Global |
Legal disclosures
We may disclose personal data if required to do so by law, court order, or government authority, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of StatusOrbit, our users, or the public. We will notify affected users of such requests wherever legally permitted.
Business transfers
In the event of a merger, acquisition, asset sale, or bankruptcy, your personal data may be transferred as part of that transaction. We will notify users via email and in-dashboard notice at least 30 days before any such transfer takes effect, and provide an option to delete your account before the transfer is complete.
Data Retention
We retain your data only for as long as is necessary to fulfil the purpose for which it was collected, comply with legal obligations, or resolve disputes.
| Data type | Retention period | Basis |
|---|---|---|
| Account & identity data | Until account deletion + 30 days | Contract performance |
| Monitor check results (Free) | 24 hours rolling window | Plan terms |
| Monitor check results (Premium) | 15 days rolling window | Plan terms |
| Monitor check results (Gold) | 90 days rolling window | Plan terms |
| Billing & invoice records | 7 years from transaction date | Legal obligation (GST/tax) |
| API access logs | 30 days | Security & debugging |
| Email communication logs | 2 years | Legitimate interest |
| Deleted account data | Purged within 30 days of deletion | Data minimisation |
Cookies & Tracking
StatusOrbit uses a minimal set of cookies strictly necessary to operate the platform. We do not use advertising cookies, retargeting pixels, or behavioural tracking technology.
| Cookie name | Purpose | Duration | Type |
|---|---|---|---|
| so_session | Maintains your authenticated login session | 30 days (or session) | Strictly necessary |
| so_csrf | CSRF protection token for form submissions | Session | Strictly necessary |
| so_prefs | Stores UI preferences (theme, timezone, table density) | 1 year | Functional |
| cf_clearance | Cloudflare bot challenge result | 30 minutes | Strictly necessary |
We do not use Google Analytics, Meta Pixel, or any third-party analytics that track you across websites. Our internal product analytics are event-based, anonymized, and processed entirely within our own infrastructure.
You may disable cookies in your browser settings; however, disabling
the so_session cookie will prevent you from logging
into the dashboard.
Data Security
We implement industry-standard technical and organisational measures to protect your data against unauthorised access, accidental loss, destruction, or disclosure.
Technical controls in place:
-
All data in transit is encrypted using
TLS 1.2+; all data at rest is encrypted usingAES-256 -
Passwords are hashed with
bcryptand never stored in plaintext - Authentication tokens in monitor config are stored encrypted and never logged
- Database access is restricted to application-layer connections within a private VPC; no direct public access
- Regular automated backups with encrypted snapshots retained for 14 days
- Vulnerability scanning, dependency audits, and penetration testing conducted quarterly
- Access to production systems is limited to essential personnel and requires MFA
Your Rights
Depending on your location, you have the following rights regarding your personal data. To exercise any of these rights, email support@statusorbit.com with the subject line matching the right you wish to exercise. We will respond within 30 days.
| Right | What it means | Available to |
|---|---|---|
| Right of access | Obtain a copy of all personal data we hold about you | All users |
| Right to rectification | Correct inaccurate or incomplete personal data | All users |
| Right to erasure | Request deletion of your personal data ("right to be forgotten") | All users |
| Right to restriction | Pause processing of your data while a dispute is resolved | EEA / UK users |
| Right to portability | Receive your data in a machine-readable format (JSON/CSV) | EEA / UK users |
| Right to object | Object to processing based on legitimate interests | EEA / UK users |
| Right to withdraw consent | Withdraw consent for consent-based processing at any time | All users |
| Right to lodge a complaint | File a complaint with your national supervisory authority | EEA / UK / India users |
You may also exercise many of these rights directly from your account settings, including updating personal details, downloading your data, and deleting your account.
Children's Privacy
The StatusOrbit Service is not directed at, and is not intended for use by, children under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that we have collected personal data from a child under 18 without verified parental consent, we will take steps to delete that information as quickly as possible.
If you believe that a child under 18 has provided us with personal data, please contact us at support@statusorbit.com and we will act promptly.
International Data Transfers
StatusOrbit is incorporated in India. Your data is primarily stored on servers located in India (Mumbai region, AWS) and Singapore (AWS, for redundancy). If you access the Service from outside India, your data will be transferred to and processed in India.
For users in the EEA or UK, transfers of personal data to countries without an adequacy decision (including India) are protected by Standard Contractual Clauses (SCCs) as adopted by the European Commission and the UK ICO respectively. Copies of applicable SCCs are available on request.
DPDP Act 2023 (India)
StatusOrbit complies with India's Digital Personal Data Protection Act 2023 (DPDP Act). As a data fiduciary, we fulfil the following obligations under this legislation:
- We collect personal data only for lawful purposes and only with your consent or for legitimate use under Section 4 of the DPDP Act
- We designate a Data Protection Officer reachable at support@statusorbit.com
- We implement reasonable security safeguards to protect personal data as required under Section 8
- We report personal data breaches to the Data Protection Board of India and to affected individuals within 72 hours of discovery
- We respect your right to correct inaccurate data, to erasure, and to grievance redressal as established under Chapter III
- We do not process the personal data of children (persons under 18) without verifiable parental consent
Grievances under the DPDP Act may be raised at support@statusorbit.com. We will acknowledge all grievances within 48 hours and resolve them within 30 days.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or the features of our Service. When we make changes, we will:
- Update the "Last updated" date at the top of this page
- Increment the version number and record the change in our policy changelog
- For material changes — such as new categories of data collection or new third-party sharing — send an email notification to all registered users at least 30 days before the change takes effect
- Where required by law, obtain your renewed consent before processing personal data in new ways
Continued use of the Service after the effective date of a revised policy constitutes your acceptance of the revised terms, except where applicable law requires affirmative consent.
Contact & DPO
For any privacy-related question, data subject rights request, or concern about how we handle your personal data, please contact us through the appropriate channel below. We respond to all privacy requests within 5 business days.
- General privacy inquiries: support@statusorbit.com
- Data Protection Officer: support@statusorbit.com
- GDPR / EEA rights requests: support@statusorbit.com
- DPDP Act grievances: support@statusorbit.com
- Security vulnerabilities: support@statusorbit.com
- Postal address: Techdera Services Pvt. Ltd., 4th Floor, Prestige Tech Park, Outer Ring Road, Bengaluru 560103, Karnataka, India