Privacy policy

gochron (“we”, “us”) operates the observability service available at gochron.com. This policy explains what information we collect, why we collect it, and what choices you have. Questions go to [email protected].

Account data. Your email address, the name of your organization, and the team members you invite. We do not ask for a name or phone number to sign up.

Billing data. If you upgrade to a paid tier we ask Stripe to collect your payment method. We never see or store your card number. We do retain the last four digits, brand, and expiry that Stripe shares with us so we can display it back to you.

Monitor data. The URLs, hosts, schedules, heartbeat tokens, and incident histories you configure. We treat these as your data. They are scoped to your project and not shared across customers.

Probe and ping logs. When we probe your endpoints or receive a heartbeat, we record the timestamp, response code, latency, and a truncated copy of response headers and body up to 4 KiB. This is the raw material the dashboard renders.

Communication data. Emails you send us, support tickets, and the chat transcripts that follow.

Usage telemetry. Page views and feature usage inside the dashboard. We do not place advertising trackers.

• Run the monitoring service you signed up for.
• Bill you and prevent payment fraud.
• Send transactional emails (incident alerts, magic link sign in, billing receipts).
• Reply to support questions.
• Diagnose and fix bugs you report or that we detect on our side.
• Improve the product based on aggregated, non identifying usage data.

We do not sell or rent your data. We do not use it to train AI models, ours or anyone else’s.

We use a small set of vendors to operate the service. Each is bound by a data processing agreement that requires the same protections you receive from us.

• Fly.io — application hosting and probe egress (United States).
• Neon — primary Postgres database (United States).
• Stripe — payment processing and billing data storage (United States, with EU data residency for EU customers).
• Resend — transactional email delivery (United States).
• Twilio — SMS delivery (United States).
• Cloudflare — CDN and DDoS protection (global edge).

Account, billing, and configuration data is kept for the life of your account. After you delete an account we hard delete records within 30 days, except where we are required to keep them for legal or tax reasons (typically up to 7 years for invoices).

Probe and ping history is bounded by your plan tier. Free tier keeps 30 days. Pro keeps 90 days. Team keeps 1 year. Older rows are pruned daily.

If you are in the European Economic Area, the United Kingdom, or California, you have the right to access, correct, export, or delete your personal data. Most of these are self serve from the dashboard. For anything you cannot do yourself, email [email protected] and we will respond within 30 days.

We treat all such requests equally regardless of your jurisdiction. Asking us to delete your data is never going to invoke a fee or a penalty.

Our infrastructure is currently in the United States. If you are in another region, your data may be transferred to and processed in the US. We rely on the EU Standard Contractual Clauses for transfers from the European Economic Area.

All traffic to the API, dashboard, and status pages is TLS only. Passwords are not stored (we use magic link authentication). API tokens are hashed with bcrypt before being written to the database. Probe response bodies are capped at 4 KiB so we never persist a full page of customer content.

We use a small number of strictly necessary cookies to keep you signed in and remember your active project. We do not use advertising or third party tracking cookies. We do not need a cookie banner.

The service is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

When this policy changes, we will update the date at the top and email anyone whose change in rights is material. The current version is always at gochron.com/privacy.

Privacy questions go to [email protected]. For security disclosures use [email protected].