Effective date: March 8, 2026

Privacy Policy

LSN Lab ("we", "us", "our") operates StatusPilot. This Privacy Policy explains what personal data we collect, how we use it, and your rights under applicable data protection law including the EU General Data Protection Regulation (GDPR).

1. Data Controller

The data controller is LSN Lab. Contact: statuspilot@lsnlab.com.

2. Data We Collect

Account data

When you register we collect your name, email address, organisation name, and a hashed password. We never store plain-text passwords.

Monitoring data

We store the URLs you add as monitors, HTTP response codes, response times, SSL certificate expiry dates, and any keyword you configure. This data is necessary to deliver the Service.

Billing data

Payments are processed by Stripe. We store only the Stripe customer ID and subscription ID — never full card numbers or CVVs.

Usage and log data

We collect server logs including IP addresses, browser user-agents, and timestamps when you access the Service. These logs are retained for up to 90 days for security purposes.

Status page subscriber data

If users subscribe to your public status page, we store their email address on your behalf. You are responsible for obtaining their consent before importing subscriber emails.

3. How We Use Your Data

  • To provide, maintain, and improve the Service.
  • To send monitoring alerts and incident notifications you have configured.
  • To process payments and manage subscriptions.
  • To send transactional emails (account verification, password reset).
  • To detect and prevent abuse, fraud, and security incidents.
  • To comply with legal obligations.

We do not sell personal data to third parties. We do not use your monitoring data for advertising purposes.

4. Legal Bases (GDPR)

  • Contract — processing necessary to provide the Service you signed up for.
  • Legitimate interests — security monitoring, fraud prevention, service improvement.
  • Legal obligation — compliance with applicable law.
  • Consent — optional marketing emails (you can unsubscribe at any time).

5. Data Sharing

We share data only with the following categories of sub-processors:

  • Stripe — payment processing.
  • Microsoft Azure Communication Services — transactional email delivery.
  • Cloud infrastructure provider — hosting (servers located in the EU or EEA).

All sub-processors are bound by data processing agreements and required to protect your data.

6. International Transfers

If we transfer personal data outside the EEA, we ensure appropriate safeguards are in place (e.g. Standard Contractual Clauses). Contact us for details.

7. Data Retention

  • Account data — retained while your account is active, deleted within 30 days of account closure.
  • Raw check results — retained 48 hours; aggregated hourly stats retained up to 1 year (plan dependent).
  • Billing records — retained for 7 years as required by financial regulations.
  • Server logs — 90 days.

8. Your Rights

Under GDPR you have the right to:

  • Access — request a copy of your personal data.
  • Rectification — correct inaccurate data.
  • Erasure — request deletion of your data ("right to be forgotten").
  • Restriction — request that we limit processing of your data.
  • Portability — receive your data in a machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — at any time for consent-based processing.

To exercise your rights, email statuspilot@lsnlab.com. We will respond within 30 days. You also have the right to lodge a complaint with your local supervisory authority.

9. Security

We use TLS encryption in transit, bcrypt password hashing, and access controls to protect your data. No system is 100% secure; please use a strong, unique password.

10. Children

The Service is not directed to children under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us and we will delete it.

11. Changes to This Policy

We may update this policy. We will notify you by email and post a notice on the Service at least 14 days before material changes take effect.

12. Contact

Data protection enquiries: statuspilot@lsnlab.com