Privacy Policy

1. Who we are

Observare is a bundled ops-monitoring service for developers, freelancers, and small agencies, operated from the United Kingdom.

In this policy, "we", "us", and "Observare" refer to the operator of the service; "you" means anyone who visits this website, signs up for an account, or uses our product.

The marketing website lives at observare.co.uk. The application, API, and customer control panel live at observare.io. Both are operated by the same data controller and this policy covers both.

2. The data we collect

Account data

When you sign up, we collect your email address and a hashed password. If you give us a name or company name, we store that too.

Billing data

Payments are processed by Stripe. We do not see or store your full card number. We receive and store a Stripe customer identifier, the last four digits of your card, card expiry, billing country, and invoice history.

Monitoring data

When you add a monitor, we store the URL or endpoint you asked us to check, and the results of each check (HTTP status code, response time, TLS certificate details, cron heartbeat timestamps, and similar technical signals).

Website usage

When you visit this website, our servers receive the standard information every web server receives: IP address, browser user-agent, the page you visited, and the time. We retain those logs for a short period (see §5).

Cookies

We use strictly necessary cookies to keep you logged in to your account. We do not use third-party advertising cookies. See §9 for details.

3. Why we collect it (lawful basis)

Under UK GDPR we have to tell you the lawful basis for each type of processing. Here it is:

• Contract: we need account, billing, and monitoring data to provide the service you signed up for.
• Legitimate interest: we use server logs and aggregate usage data to keep the service secure, debug problems, and prevent abuse.
• Legal obligation: we keep invoices and related records for as long as UK tax law requires.
• Consent: if we ever send you marketing emails beyond product updates about a service you already use, we will ask first, and you can withdraw consent at any time.

4. Who we share it with

We do not sell your data. We share it only with sub-processors who help us run the service:

• Stripe — payment processing (billing data)
• Amazon SES (or equivalent transactional email provider) — sending alert emails and account emails
• OVH / VPS hosting provider — running our servers and databases
• Twilio / Meta Cloud API — if you opt in to WhatsApp or SMS alerts

Each sub-processor only receives the minimum data they need to do their job. We will update this list if it changes.

5. How long we keep it

• Account data: for as long as your account is active, plus 30 days after you delete it (to allow recovery from accidental deletion).
• Billing records: at least 6 years, as required by UK tax law.
• Monitoring check results: 30 days by default; older data is aggregated or deleted.
• Web server logs: up to 30 days.
• Support emails: up to 2 years, then deleted.

6. International transfers

Our servers are located in the UK and EU. Some sub-processors (notably Stripe) may process data in the United States. Where data leaves the UK, we rely on the UK's International Data Transfer Agreement, the EU Standard Contractual Clauses, or an equivalent approved safeguard.

7. Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you
• Ask us to correct data that is wrong
• Ask us to delete your data ("right to erasure")
• Ask us to restrict or stop processing your data
• Receive your data in a portable format
• Object to processing based on legitimate interest
• Withdraw consent (where we rely on consent)

To exercise any of these rights, email contact@observare.co.uk. We will respond within one month.

8. How we keep it safe

We encrypt data in transit (HTTPS/TLS) and at rest. Passwords are hashed, not stored. We use the principle of least privilege for access to systems, and we review access regularly. We host on reputable infrastructure providers with industry-standard physical and network security.

No system is 100% secure. If we become aware of a breach that affects your personal data, we will notify you and the ICO within 72 hours as required by law.

9. Cookies

We use two kinds of cookies:

• Session cookie: keeps you logged in to your account. Expires when you log out or your browser session ends.
• CSRF token: a security cookie that prevents cross-site request forgery attacks.

Both are strictly necessary for the service to work, so we do not require consent under the PECR. We do not use advertising, tracking, or analytics cookies.

10. Children

Observare is a B2B tool for developers and businesses. It is not intended for or directed at children under 16, and we do not knowingly collect data from them.

11. Changes to this policy

If we change this policy materially, we will tell you by email and update the "last updated" date at the top. Small clarifications may be made without notice.

12. Complaints

If you are unhappy with how we handle your data, please email us first — we would like the chance to fix it. You also have the right to complain to the UK Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Helpline: 0303 123 1113