We take the security of your data seriously. Here's exactly how we protect your account, your monitors, and your information.
Security controls built into every layer of the platform.
All data between your browser, our API, and our monitoring workers is encrypted using TLS 1.2+. We enforce HTTPS everywhere — no exceptions.
Passwords are hashed using bcrypt before storage. Even in the unlikely event of a database breach, your password is never exposed.
Sessions are managed with JSON Web Tokens. Tokens are validated on every API request and cannot be forged without our signing secret.
We only store the HTTP status code, response time, and error message from each check. We never store or inspect the content of your web pages.
Monitor checks are logically isolated per user — no check can access another user's configuration or data. Each check is a one-way outbound probe — nothing is written back from your server.
We actively monitor and patch our dependencies for known CVEs. Security updates are applied within 48 hours of a critical disclosure.
A snapshot of the controls in place today.
Account data
Name, email, hashed password. Used to authenticate you and send alerts.
Monitor configuration
URLs, check intervals, alert settings. Stored to run your checks.
Check results
HTTP status code, response time in ms, error message. Used to show uptime history and trigger alerts.
Billing data
Managed entirely by Razorpay. We store only your plan tier and subscription ID — never raw card details.
Login timestamp
We record the time of your last login. Not shared with third parties.
We appreciate responsible disclosure. If you discover a security issue, please contact us privately before making it public. We commit to acknowledging your report within 48 hours and resolving critical issues within 7 days.
Report a vulnerability →5 monitors, email alerts, setup in 60 seconds.