Privacy Policy

Your data is yours. This Privacy Policy explains what we collect, why we collect it, how we use and protect it, and what rights you have.

We do not, nor we will, sell your data.

Get started Get started arrow Start Free Trial

Last updated: September 7, 2025

Privacy Policy

Your data is yours. This Privacy Policy explains what we collect, why we collect it, how we use and protect it, and what rights you have. We never sell your personal data.

Privacy-First Approach: As a privacy-friendly service, we do not store IP addresses in plain text. All IP addresses are hashed using SHA256 before storage, making them irreversible and unreadable to humans.

This policy applies to all products and services offered as Hosted Status Page, a service of Brka OÜ (Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia) (“we”, “us”, “our”).

Table of Contents

We follow the principle of data minimization—collect only what we need to provide and improve the service.

Identity & access

When you create an account, we collect your name (or alias), email address, and optionally a company name. We use this to create and personalize your account, and to send invoices, service updates, and essential notices. You may upload a profile picture; we do not analyze profile images.

We do not sell personal data and we will not use your name or company in marketing without your permission.
Billing information

Payments are handled by our payment processor (e.g., Stripe, 2Checkout, Paddle, etc.). Your payment card data is sent directly to the processor and does not pass through or get stored on our servers. We store transaction records (e.g., transaction ID, timestamp, amount) for billing, invoicing, support, and tax purposes.

Access logs & IP addresses

We do not store IP addresses in plain text. As a privacy-friendly service, we log account access by IP address using a one-way cryptographic hash (SHA256) to help detect and investigate unauthorized access. This means we cannot reconstruct or view your actual IP address from our logs. These hashed logs are retained while your account is active and are deleted within 90 days after account closure.

Web analytics

We use Plausible, a privacy-friendly, cookie-free analytics tool compliant with GDPR, CCPA, and PECR. Our public stats are available at plausible.io/hostedstatus.page.

Cookies & Do Not Track

We use minimal first-party cookies for login sessions and preferences only. You can manage or delete cookies in your browser. Our sites respect Do Not Track signals sent by browsers and plugins.

Voluntary correspondence

When you contact support, we keep your messages (including email address) to help with your request and future follow-ups. If we conduct interviews or user research, we record only with your explicit consent.

Information we do not collect

We do not intentionally collect sensitive categories such as age, race, religion, sexual orientation, gender identity or expression, or biometric data. You may voluntarily share information (e.g., pronouns), but we do not request or process it.

  • Contract: To create and maintain your account, provide features, process payments, and deliver support.
  • Legitimate Interest: To secure the service (e.g., fraud prevention, access logs), improve performance, and communicate essential updates.
  • Consent: Where required (e.g., optional interviews, certain communications). You may withdraw consent at any time.
  • Legal Obligation: To comply with tax, accounting, and regulatory requirements.

Our default is not to access your content. Exceptions:

Service Providers

Trusted subprocessors may process limited personal data to run the service (hosting, payment, email delivery, analytics). See our current list of subprocessors.

Support Troubleshooting

Only with your explicit written consent if account access is required to resolve an issue.

Abuse & Restricted Uses

As a last resort, to investigate or prevent misuse; see our restricted uses. We may report serious abuse to authorities.

Important: We never share or sell personal data for advertising or marketing by third parties.

We operate from the European Union (Estonia). Some subprocessors may be located outside the EU/EEA (e.g., the United States).

Where personal data is transferred internationally, we implement appropriate safeguards such as the European Commission Standard Contractual Clauses (SCCs) and carry out transfer impact assessments where required.

For more information about international data transfers, please contact us.

We extend the following rights to all users, regardless of location, subject to applicable law:

Access

Request a copy of your personal data and information about how it's used.

Rectification

Request correction of inaccurate personal data.

Erasure

Request deletion of your personal data in certain circumstances.

Restriction

Request limitation of processing in certain circumstances.

Portability

Receive your personal data in a structured, machine-readable format.

Objection

Object to processing based on legitimate interests.

To exercise these rights, please contact us using the information provided below.

We take the security of your data seriously and implement appropriate technical and organizational measures:

Transport Security

All data is encrypted in transit using TLS (Transport Layer Security).

Access Controls

Access to personal data is restricted to authorized personnel only.

Encryption at Rest

Data is encrypted when stored using industry-standard encryption.

We regularly audit our systems and processes for security vulnerabilities.

We retain your personal data only as long as necessary for the purposes outlined in this policy:

  • Trashed data: Items you delete are placed in trash for up to 30 days, then deleted from active servers within 30 days. Limited backups may persist for up to an additional 30 days.
  • After account cancellation: Your data is purged from active systems within 60 days.
  • Access logs: IP-address logs (hashed using SHA256, not stored in plain text) are deleted within 90 days after account closure.
  • Billing records: Retained as required by tax and accounting laws.
Retrieving partial data from backups is not feasible; please restore any accidentally deleted data before the purge windows.

Our services are not directed to children under 16, and we do not knowingly collect personal information from them.

If you believe a child has provided us with personal information, please contact us so we can delete it.

We operate our products and web properties in the European Union, primarily from Estonia.

All customer data is stored and processed within the European Economic Area (EEA) or with providers that comply with EU data protection standards.

We may update this policy to reflect changes in law or our practices. We will post updates here and, for material changes, notify account owners via email in advance of the effective date.

Significant changes will also be announced on our company blog.

The current version of this policy is effective as of September 7, 2025.

For questions or requests about this policy or your personal data, email privacy@hostedstatus.page or write to:

Email

privacy@hostedstatus.page

Address

Brka OÜ
Harju maakond, Tallinn
Lasnamäe linnaosa, Sepapaja tn 6
15551, Estonia

Response Time

We aim to respond to privacy-related inquiries within 30 days.

Data Protection Officer

For GDPR-related matters, contact our Data Protection Officer at dpo@hostedstatus.page

Controller: Brka OÜ. If applicable, we will act as processor for customer content where we process on your documented instructions.