UptimeCall
App

Privacy Policy

Last updated: November 27, 2025

1. Introduction

Welcome to UptimeCall ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our uptime monitoring service.

Important Legal Compliance Notice

This Privacy Policy is compliant with:

  • India DPDP Act 2023 - Digital Personal Data Protection Act and Rules 2025
  • GDPR - General Data Protection Regulation (EU)
  • CCPA - California Consumer Privacy Act (USA)
  • Payment Provider Requirements - Stripe and Razorpay compliance standards
  • Telecom Compliance - Voice and SMS provider regulations (Twilio, Telnyx, 46elks)

Age Restriction (India DPDP Act 2023)

You must be 18 years or older to use this service. We do not knowingly collect data from individuals under 18 years of age. If you are under 18, you may not create an account or use our services. Parental consent is required for individuals between 13-18 years of age (where applicable by law).

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

  • Account Information: Email address, name (optional), password (encrypted)
  • Contact Information: Primary and secondary phone numbers for alert notifications
  • Payment Information: Processed securely through our payment provider (we do not store credit card details)

2.2 Monitoring Data

  • URLs and endpoints you configure for monitoring
  • Monitor check results (response times, status codes, uptime percentages)
  • Incident history and acknowledgment records

2.3 Communication Data

  • Phone call logs (timestamps, duration, status)
  • SMS message logs (timestamps, delivery status)
  • Webhook delivery logs

2.4 Technical Data

  • IP addresses
  • Browser type and version
  • Device information
  • Usage analytics and performance metrics

3. How We Use Your Information

We use your information for the following purposes:

  • Service Delivery: Monitor your configured endpoints and send alerts via phone calls and SMS
  • Account Management: Create and manage your account, process payments, provide customer support
  • Communication: Send service notifications, security alerts, and important updates
  • Improvement: Analyze usage patterns to improve our service and user experience
  • Security: Detect and prevent fraud, abuse, and security incidents
  • Legal Compliance: Comply with legal obligations and enforce our terms

4. Data Sharing and Disclosure

4.1 Service Providers

We share data with trusted third-party service providers:

  • Supabase: Database hosting and authentication
  • Twilio/46elks: Phone call and SMS delivery
  • Vercel: Application hosting and delivery
  • Stripe/Razorpay: Secure payment processing

4.2 Legal Requirements

We may disclose your information if required by law, legal process, or government request.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

4.4 What We Don't Do

  • We do NOT sell your personal information to third parties
  • We do NOT share your data for advertising purposes
  • We do NOT use your monitored endpoints for any purpose other than providing you the service

5. Data Security

We implement industry-standard security measures:

  • End-to-end HTTPS encryption for all data transmission
  • Encrypted password storage using industry-standard hashing
  • Row-Level Security (RLS) policies in our database
  • Regular security audits and updates
  • Rate limiting and DDoS protection
  • Secure API authentication and authorization

While we strive to protect your information, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your data only as long as necessary for the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for 30 days after account deletion
  • Monitor Data: Check results retained for 90 days, statistics aggregated monthly and retained for 1 year
  • Incident History: Retained for 1 year for analysis, compliance, and debugging purposes
  • Call/SMS Logs: Retained for 90 days for billing verification, debugging, and telecom compliance
  • Payment Records: Retained for 7 years as required by Indian tax laws and payment provider regulations
  • Email Logs: Retained for 90 days for delivery tracking and compliance
  • Deleted Accounts: Personal data deleted within 30 days of account deletion (except as required by law)
  • Legal Compliance Data: Retained as required by applicable laws (tax records, fraud investigations)

Right to Request Deletion: You can request deletion of your data at any time by contacting privacy@uptimecall.com. We will respond within 72 hours and complete deletion within 30 days, subject to legal retention requirements.

7. Your Rights

You have the following rights regarding your personal information:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information via your account settings
  • Deletion: Request deletion of your account and associated data
  • Export: Download your monitoring data in standard formats
  • Opt-out: Unsubscribe from marketing communications (service notifications remain required)
  • Portability: Receive your data in a machine-readable format

To exercise these rights, contact us at privacy@uptimecall.com or use the account settings in your dashboard.

8. Cookies and Tracking

We use the following types of cookies:

  • Essential Cookies: Required for authentication and session management
  • Analytics Cookies: Track usage patterns to improve our service (anonymized)
  • Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings, but disabling essential cookies may affect functionality.

9. International Data Transfers (Cross-Border Processing)

Your information may be transferred to and processed in countries other than your country of residence, including servers located in the United States and Europe. We ensure appropriate safeguards are in place for international transfers, including:

  • Standard Contractual Clauses (SCCs): Approved by regulatory authorities for EU-India transfers
  • Data Processing Agreements: With all service providers handling your data
  • Service Provider Certifications: SOC 2, ISO 27001, and GDPR compliance
  • Adequacy Decisions: Transfer only to countries approved by Indian government for cross-border data transfer
  • Compliance with DPDP Act 2023: All cross-border transfers comply with Section 16 requirements

🌍 Data Processing Locations

Your data is processed in the following locations:

  • Primary Storage: Supabase (AWS, United States - covered by EU-US Data Privacy Framework)
  • Payment Processing: Stripe (USA), Razorpay (India)
  • Voice/SMS Delivery: Twilio (USA), Telnyx (USA), 46elks (Sweden)
  • Application Hosting: Vercel (Edge Network, USA and global CDN)
  • Email Delivery: Resend (USA)

10. Children's Privacy

Our service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware of data collected from a child, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via:

  • Email notification to your registered email address
  • Prominent notice in the application dashboard
  • Updated "Last modified" date at the top of this page

Continued use of our service after changes constitutes acceptance of the updated Privacy Policy.

12. Data Breach Notification (India DPDP Act 2023 - Section 8)

Data Breach Protocol

In the unlikely event of a data breach that may harm your rights and freedoms, we will:

  • Within 72 hours: Notify the Data Protection Board of India (if the breach meets reporting thresholds)
  • Within 72 hours: Notify all affected users via email and in-app notification
  • Immediate action: Take steps to contain and remediate the breach
  • Transparency: Provide clear information about what data was affected and what actions you should take

What We'll Tell You in a Breach Notification:

  • Nature of the personal data breach (what happened)
  • Categories and approximate number of individuals affected
  • Categories and approximate number of personal data records affected
  • Likely consequences of the breach
  • Measures taken or proposed to address the breach
  • Recommended actions you should take to protect yourself
  • Contact details of our Data Protection Officer / Grievance Officer

Your Rights After a Breach:

  • Request detailed information about the breach
  • Request immediate account suspension or deletion
  • File a complaint with the Data Protection Board of India
  • Seek compensation if you suffered harm due to the breach

13. Grievance Officer & Data Protection Officer (India DPDP Act 2023)

👤 Grievance Officer Details

As required by India DPDP Act 2023, we have appointed a Grievance Officer to address your privacy concerns:

  • Name: Priyansh Khodiyar
  • Designation: Data Protection Officer & Grievance Officer
  • Email: privacy@uptimecall.com
  • Alternate Email: hello@uptimecall.com
  • Response Time: Within 72 hours of receiving your complaint
  • Resolution Time: Within 30 days from the date of complaint

How to File a Complaint:

  1. Email your complaint to privacy@uptimecall.com with subject line "Privacy Complaint - DPDP Act 2023"
  2. Include your account email, description of the issue, and desired resolution
  3. You will receive an acknowledgment within 72 hours
  4. We will investigate and respond with resolution within 30 days
  5. If unsatisfied, you may escalate to the Data Protection Board of India

14. Contact Us

For privacy-related questions or concerns, contact us:

  • Privacy Email: privacy@uptimecall.com
  • Grievance Officer: privacy@uptimecall.com (Priyansh Khodiyar)
  • General Support: hello@uptimecall.com
  • Business Address: SHREE SHYAMJEE GARMENTS, Purunabasti Road, Basti Road, Vedanta Jharsuguda, Jharsuguda, Odisha - 768202, India
  • GSTIN: 21IMJPK3476F1ZZ

15. Voice & SMS Provider Compliance (Telecom Regulations)

📞 Telecom Compliance Notice

We use third-party voice and SMS providers to deliver critical alerts. Our compliance with telecom regulations:

  • Twilio (USA): TCPA compliance, CTIA guidelines, GDPR, SOC 2 Type II certified
  • Telnyx (USA): TCPA compliance, STIR/SHAKEN, SOC 2, HIPAA compliant infrastructure
  • 46elks (Sweden): GDPR compliance, Swedish PTS regulations

Your Phone Number Rights:

  • Explicit Consent: By providing your phone number, you explicitly consent to receive monitoring alerts via voice calls and SMS
  • No Marketing Calls: We will NEVER use your phone number for marketing, sales, or promotional purposes
  • Service-Only Communication: Phone calls and SMS are strictly limited to incident alerts and account security notifications
  • Easy Opt-Out: You can remove your phone number or pause alerts anytime in your account settings
  • Carrier Charges: Standard carrier message and data rates may apply for SMS and phone calls
  • International Calls: We support international phone numbers with proper E.164 formatting

Telecom Provider Data Sharing:

We share the following data with voice/SMS providers to deliver alerts:

  • Your phone number (encrypted in transit)
  • Call content (pre-recorded alert messages specific to your incidents)
  • SMS message content (alert notifications)
  • Call/SMS metadata (timestamps, delivery status, duration)

Provider Selection: We automatically route calls through the most reliable provider based on your location and network conditions. You can view which provider handled each call in your dashboard logs.

16. GDPR Compliance (EU Users)

If you are located in the European Economic Area (EEA), you have additional rights:

  • Right to object to processing based on legitimate interests
  • Right to lodge a complaint with your local data protection authority
  • Right to withdraw consent at any time (where processing is based on consent)
  • Right to restrict processing of your data
  • Right to data portability in machine-readable format

Legal Basis for Processing (GDPR Article 6):

  • Contract Performance: Providing monitoring services and sending alerts (Article 6(1)(b))
  • Legitimate Interests: Service improvement, fraud prevention, security (Article 6(1)(f))
  • Legal Compliance: Data retention for tax, legal, and regulatory requirements (Article 6(1)(c))
  • Consent: Marketing communications (if you opt-in) (Article 6(1)(a))

EU Representative: For GDPR matters, contact our Data Protection Officer at privacy@uptimecall.com

17. CCPA Compliance (California Users)

California residents have the right to:

  • Know: What personal information is collected, used, shared, and sold
  • Access: Request a copy of your personal information (up to twice per year)
  • Delete: Request deletion of personal information (subject to legal exceptions)
  • Opt-Out: Opt-out of the sale of personal information (we do NOT sell your data)
  • Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

California Privacy Rights: Email privacy@uptimecall.com with subject "California Privacy Rights Request" to exercise your CCPA rights. We will respond within 45 days.