Privacy Policy

Last updated: February 20, 2026

1. Introduction

UpNest ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal data when you use the UpNest platform ("Service"). This policy applies to all users of the Service, including website visitors, trial users, and paying subscribers.

We comply with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and other applicable data protection laws.

2. Data Controller

The data controller responsible for your personal data is UpNest. For any privacy-related inquiries, please contact us at privacy@upnest.io.

3. Data We Collect

a) Account Data

When you register, we collect your email address, display name, and authentication credentials (managed by Microsoft Entra External ID). If you sign in with Google, we receive your Google profile name and email.

b) Monitoring Data

We store the URLs, domains, IP addresses, and configuration you provide for monitoring targets. We also store check results (response times, status codes, headers) generated by our monitoring infrastructure.

c) Billing Data

Payment processing is handled by Stripe. We store your Stripe customer ID, subscription status, and plan details. We do not store credit card numbers or payment method details — these are handled exclusively by Stripe.

d) Usage & Analytics Data

We collect aggregated usage data such as page views, feature usage patterns, and performance metrics to improve the Service. We use Application Insights for application monitoring and error tracking, which may collect IP addresses, browser type, and device information.

e) Communication Data

We store alert channel configurations (email addresses, webhook URLs, Slack/Discord channel identifiers) that you provide to receive monitoring alerts.

4. Legal Basis for Processing

We process your personal data under the following legal bases (GDPR Article 6):

  • Contract performance — Processing necessary to provide the monitoring Service you subscribed to.
  • Legitimate interests — Improving our Service, preventing fraud, ensuring security, and sending transactional communications.
  • Legal obligations — Complying with tax, accounting, and regulatory requirements.
  • Consent — For optional marketing communications and weekly summary reports (you can opt out at any time).

5. How We Use Your Data

  • Provide and operate the monitoring Service
  • Send downtime alerts, recovery notifications, and SSL/performance warnings
  • Process payments and manage subscriptions
  • Provide customer support
  • Generate uptime reports and analytics
  • Detect and prevent abuse or security threats
  • Improve and develop new features
  • Comply with legal obligations

6. Data Sharing & Sub-processors

We share your data only with trusted third-party service providers necessary to operate the Service:

ProviderPurposeLocation
Microsoft AzureHosting, database, functionsEU (West Europe)
Microsoft EntraAuthenticationEU
StripePayment processingEU/US
VercelFrontend hostingGlobal (Edge)
Azure Communication ServicesEmail deliveryEU

We do not sell your personal data to third parties. We do not share data with advertising networks or data brokers.

7. Data Retention

  • Monitoring data — Retained for your plan's retention period (30/60/90 days), then automatically purged.
  • Account data — Retained as long as your account is active.
  • Billing records — Retained for 7 years as required by tax and accounting regulations.
  • Audit logs — Retained for your plan's audit log retention period (7/30/90 days).
  • After account deletion — All personal data is permanently deleted within 30 days, except billing records required by law.

8. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right of access — Request a copy of your personal data. Use the data export feature in Settings > Security > Your Data.
  • Right to rectification — Update inaccurate data through your account settings.
  • Right to erasure — Delete your account and all associated data through Settings > Security > Danger Zone.
  • Right to data portability — Export your data in a structured, machine-readable format (JSON/ZIP) via the data export feature.
  • Right to restrict processing — Contact us to request restriction of processing in specific circumstances.
  • Right to object — Object to processing based on legitimate interests by contacting us.
  • Right to withdraw consent — Withdraw consent for optional processing (e.g., marketing emails) at any time through notification preferences.

To exercise any of these rights, contact us at privacy@upnest.io. We will respond within 30 days as required by GDPR.

9. Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest
  • Authentication via Microsoft Entra External ID with email OTP verification
  • Role-based access controls for team features
  • Rate limiting and abuse detection
  • Regular security audits and dependency scanning
  • Audit logging for sensitive operations

10. International Data Transfers

Your data is primarily stored in Microsoft Azure's West Europe region. Some sub-processors (Stripe, Vercel) may process data outside the EU/EEA under appropriate safeguards, including Standard Contractual Clauses (SCCs) and adequacy decisions.

11. Cookies

UpNest uses essential cookies required for authentication and session management. We do not use tracking cookies, advertising cookies, or third-party analytics cookies. Our essential cookies include:

  • Session cookie — Maintains your authenticated session (expires on browser close or after inactivity).
  • CSRF token — Protects against cross-site request forgery attacks.

12. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Supervisory Authority

If you believe we have not adequately addressed your data protection concerns, you have the right to lodge a complaint with your local data protection supervisory authority.

15. Contact

For any privacy-related questions, data subject requests, or concerns, please contact:

UpNest Data Protection

Email: privacy@upnest.io

← Back to home