Privacy Policy

What personal data Sitepulse collects, why we use it, who we share it with, how long we keep it, and the choices and rights available to you.

The short version

We collect the information needed to run Sitepulse, monitor the sites you add, support your team, and keep the service secure. We don't sell personal data, build advertising profiles, or track you across the web, and the analytics we use is privacy-friendly and cookieless.

  • No sale of personal data
  • No advertising profiles
  • Documented service providers
  • Access and deletion rights

Last updated: 25 June 2026

Who we are

Sitepulse is operated by SpacemanCodes LTD, a company registered in England and Wales under company number 12193639.

SpacemanCodes LTD is the controller of personal data used to operate accounts, billing, support, the public website, and the security of Sitepulse. When a customer uses Sitepulse to process personal data contained in monitored sites, notes, check results, or integrations, the customer is normally the controller and Sitepulse acts as its processor. Our Data Processing Agreement covers that processing.

Questions and rights requests can be sent to privacy@sitepulse.dev.

The data we collect

Information you give us

  • Account and profile data: name, email address, password hash, avatar, authentication settings, passkeys, and two-factor authentication details.
  • Team data: team name, membership, roles, invitations, monitoring settings, and notification preferences.
  • Site data: site names and URLs, notes, monitoring configuration, saved screenshots, and other content you choose to add.
  • Integration data: notification destinations, OAuth identifiers, encrypted webhook URLs, and the events you ask us to send.
  • Billing data: billing contact details, Stripe customer identifiers, subscription status, invoices, and limited payment-method metadata such as brand and last four digits. Sitepulse does not store full card numbers.
  • Communications: your name, email, topic, message, feedback, and any diagnostic information you include when contacting us.

Information generated when you use Sitepulse

  • Monitoring results: response codes and times, uptime events, certificate details, DNS records, crawled links, performance results, screenshots, errors, and detected issues.
  • Technical and security data: IP address, browser and device information, session identifiers, API activity, request timestamps, application logs, and security events.
  • Preference data: colour theme, sidebar state, dismissed prompts, and last-used sign-in provider. Our cookie policy lists the browser storage we use.
  • Website analytics: aggregate, cookieless usage data about our public website, such as page views, referring site, approximate location by country, browser, and device type, collected through our privacy-friendly analytics provider. It is not linked to your account and does not identify you.
  • Bot protection in the app: when you submit certain forms in the signed-in app, Cloudflare Turnstile processes minimal technical signals, such as IP address, browser information, and TLS fingerprint, to help distinguish human visitors from automated abuse. Cloudflare's Turnstile Privacy Addendum describes this processing in more detail.

Information from other sources

  • Google or GitHub provides basic identity data when you choose social sign-in.
  • Stripe provides subscription, invoice, payment status, and limited payment-method information.
  • A team owner may provide your email address to invite you to a Sitepulse team.
  • Monitoring checks collect publicly available information from the sites, DNS records, and certificates you ask us to inspect.

Sitepulse is not designed for special category data, criminal offence data, medical records, government identifiers, or payment card details. Please do not intentionally place that information in site notes, URLs, webhooks, or support messages.

How and why we use it

UK data protection law requires a lawful basis for each use of personal data. The bases we rely on are set out below. More than one may apply where the purposes are genuinely different.

PurposeData usedLawful basis
Create accounts, authenticate users, manage teams, and provide monitoring, issues, alerts, API access, and integrationsAccount, team, site, monitoring, integration, preference, and technical dataPerformance of our contract with you
Manage subscriptions, payments, invoices, refunds, and accountingAccount, team, billing, transaction, and subscription dataPerformance of our contract; legal obligations for tax and accounting
Respond to questions, provide support, investigate bugs, and act on feedbackAccount, communications, site, monitoring, and diagnostic dataPerformance of our contract; our legitimate interest in supporting and improving the service
Protect accounts, prevent abuse, troubleshoot failures, maintain availability, and enforce our termsAccount, authentication, technical, security, API, and monitoring dataOur legitimate interests in keeping Sitepulse secure and reliable; legal obligations where applicable
Protect app forms against spam and automated abuseTurnstile technical signals (IP address, browser information, TLS fingerprint, and related metadata)Our legitimate interest in protecting our website and support channels from abuse
Improve features, performance, accessibility, and operational processesFeedback, support, technical, and aggregated service-use informationOur legitimate interest in understanding and improving the service
Measure and improve how our public website performs and is usedCookieless website analytics data (page views, referrer, country, browser, and device type)Our legitimate interest in understanding and improving our website
Establish, exercise, or defend legal claims and respond to lawful requestsRelevant account, billing, communications, security, and audit dataLegal obligations and our legitimate interest in protecting our rights

Where we rely on legitimate interests, we consider the necessity of the processing and balance our interests against your rights and reasonable expectations.

Who we share data with

We do not sell personal data or share it with advertisers. We disclose it only where needed to provide the service, follow your instructions, protect Sitepulse, or comply with law. Recipients can include:

  • Infrastructure and security providers, including Laravel Cloud, Amazon Web Services, and Cloudflare, which host, deliver, protect, and monitor the service. In the signed-in app, Cloudflare Turnstile also processes minimal technical signals on forms that use it; see Cloudflare's Turnstile Privacy Addendum.
  • Monitoring providers, including Google PageSpeed Insights and isolated browser-rendering infrastructure, which receive a monitored URL or public page content when the relevant check runs.
  • Payment providers, primarily Stripe, which handles checkout, subscriptions, invoices, and payment methods.
  • Authentication providers, Google and GitHub, when you choose to sign in with them.
  • Analytics providers, currently Pirsch Analytics, which provides privacy-friendly, cookieless analytics for our public website and processes aggregate usage data in the European Union.
  • Customer-directed recipients, such as Slack, Discord, Microsoft Teams, email addresses, or webhook endpoints you configure for alerts.
  • Professional advisers, authorities, or another business where reasonably necessary for legal advice, compliance, a corporate transaction, or the protection of rights and safety.

Our sub-processor list provides more detail on the service providers that process customer data for us. We require processors to protect personal data under appropriate contractual terms.

International transfers

Some providers process data outside the United Kingdom or European Economic Area. Where a restricted transfer is not covered by an adequacy regulation or decision, we use an approved safeguard such as the UK International Data Transfer Addendum or Agreement and, where relevant, the European Commission's Standard Contractual Clauses. Our DPA explains these safeguards in more detail.

How long we keep data

We keep personal data only as long as needed for the purpose for which it was collected, including to provide the service, meet legal and accounting duties, resolve disputes, and maintain security. In particular:

  • account, team, site, and configuration data is generally kept while the relevant account or team remains active;
  • check history is automatically pruned after 30, 90, or 365 days, depending on the active plan;
  • deleting a team removes its sites, checks, issues, invitations, and notification configurations from the active service;
  • a deleted user account remains in a soft-deleted state for 30 days and is then permanently pruned from the active service;
  • billing and transaction records are retained for the period required by tax, accounting, and legal obligations;
  • support communications and security logs are kept only as long as reasonably necessary to resolve the matter, maintain a useful record, prevent abuse, or establish legal claims; and
  • residual copies may remain temporarily in encrypted backups until they rotate out under our normal backup cycle.

We may retain a minimal record for longer where the law requires it or where reasonably necessary to establish, exercise, or defend legal claims. Data retained for those reasons is not used for unrelated purposes.

How we protect data

We use technical and organisational measures designed for the risks involved, including TLS in transit, platform-managed encryption at rest, encrypted integration secrets, salted password hashing, least-privilege access, account separation, backups, a web application firewall, rate limiting, and vulnerability monitoring. Sitepulse also supports two-factor authentication and passkeys.

No online service can promise absolute security. If you believe you have found a problem, please follow the reporting guidance on our security pageor email security@sitepulse.dev.

Your rights

Depending on where you live and the circumstances, you may have the right to:

  • ask for a copy of the personal data we hold about you;
  • correct data that is inaccurate or complete data that is incomplete;
  • ask us to delete personal data in certain circumstances;
  • ask us to restrict how we use personal data in certain circumstances;
  • object to processing based on legitimate interests;
  • receive certain data you provided in a portable format or have it transferred elsewhere; and
  • withdraw consent at any time where processing is based on consent, without affecting earlier processing.

Sitepulse does not use personal data to make solely automated decisions that have legal or similarly significant effects, and we do not use it for behavioural profiling.

To exercise a right, email privacy@sitepulse.dev. We may need to verify your identity and authority before acting. There is normally no fee, and we aim to respond within one month, subject to the extensions and exemptions allowed by law. If Sitepulse processes the data only on behalf of your organisation, we may direct the request to that organisation as controller.

Complaints

Please contact us first so we have an opportunity to resolve your concern. You also have the right to complain to the Information Commissioner's Office, the UK supervisory authority, through the ICO complaints service. If you are elsewhere, you may be able to complain to your local data protection authority.

Children

Sitepulse is a business monitoring service and is not directed at children. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us so we can investigate and remove it where appropriate.

Changes to this policy

We may update this policy when Sitepulse, our providers, or the law changes. We will post the revised version here and change the date above. If a change materially affects how we use personal data, we will provide a more prominent notice through the service or by email where appropriate.

Contact us

Email privacy@sitepulse.dev.

Start monitoringAdd your first site in under a minute. Plans from $12/month.