Privacy Policy

Traxo ("we," "us," or "our") operates the uptime monitoring platform available at traxo.dev. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service. Please read this policy carefully. By accessing or using Traxo, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

Account Information

When you create an account, we collect information that identifies you, including:

• Your full name and email address
• A securely hashed version of your password (we never store plaintext passwords)
• Organization name and details you provide during onboarding
• Profile information from third-party OAuth providers (e.g., Google) if you choose to sign in that way

Service Data

When you use Traxo to monitor your services, we collect and process:

• Monitor configuration data, including target URLs, IP addresses, hostnames, and check parameters
• Check results, including response times, status codes, SSL certificate details, DNS records, and error messages
• Incident history, including timestamps, duration, and resolution details
• Alert channel configurations (email addresses, Slack webhook URLs, phone numbers for SMS, PagerDuty routing keys)
• Status page content and configuration
• API key metadata (we store only a hashed version of the key; the prefix is retained for identification)

Billing Information

Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVC, or expiration date on our servers. We retain only your Stripe customer ID, subscription details, and plan type for account management purposes.

Automatically Collected Information

When you access Traxo, we automatically collect certain technical information:

• IP address and approximate geolocation
• Browser type, version, and operating system
• Pages visited, time spent on pages, and navigation patterns
• Referring URL and exit pages
• Device type and screen resolution

2. How We Use Information

We use the information we collect for the following purposes:

• Providing the Service: Running uptime checks, delivering alerts, generating reports, and displaying status pages
• Account Management: Authenticating users, managing subscriptions, and enforcing plan limits
• Communication: Sending transactional emails (account verification, password resets, billing receipts), alert notifications, and service announcements
• Service Improvement: Analyzing usage patterns to improve performance, fix bugs, and develop new features
• Security: Detecting, preventing, and responding to fraud, abuse, and security incidents
• Legal Compliance: Fulfilling our legal obligations and enforcing our Terms of Service

3. Data Storage & Security

Your data is stored in PostgreSQL databases with encrypted connections (TLS/SSL). We use industry-standard security measures to protect your information, including:

• Encryption in transit via TLS for all connections
• Passwords hashed using bcrypt with appropriate salt rounds
• API keys stored as cryptographic hashes with only the prefix visible
• Role-based access control (Owner, Admin, Member) within organizations
• Isolated worker processes for probe execution
• Redis used for job queues and caching with secured connections

While we implement robust security measures, no method of electronic storage or transmission over the Internet is 100% secure. We cannot guarantee absolute security of your data.

4. Cookies & Tracking

Traxo uses cookies and similar technologies for the following purposes:

• Essential Cookies: Required for authentication, session management, and security. These cannot be disabled.
• Preference Cookies: Store your theme preference (light/dark mode) and other UI settings.
• Analytics Cookies: Help us understand how users interact with Traxo so we can improve the product. These are anonymized.

You can control cookies through your browser settings. Disabling essential cookies may prevent you from using certain features of Traxo.

5. Third-Party Services

We use the following third-party service providers to operate Traxo. Each processor has access only to the data necessary to perform their function:

• Stripe (San Francisco, USA) — Subscription and payment processing. Stripe manages your billing information. See Stripe's Privacy Policy.
• Google (Mountain View, USA) — OAuth authentication. If you sign in with Google, we receive your name, email, and profile picture. See Google's Privacy Policy.
• Resend (USA) — Transactional email delivery. Resend processes email addresses and email content for alert notifications and account emails.
• Twilio (San Francisco, USA) — SMS alert delivery. Twilio processes phone numbers and SMS message content for alert notifications.

Our infrastructure relies on PostgreSQL for data storage and Redis for job queue management and caching. These services are self-hosted within our infrastructure.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the service:

• Account data: Retained until you delete your account
• Check results: Retained for 90 days on Free plans, 1 year on Pro plans, and 2 years on Business/Enterprise plans
• Incident history: Retained for the lifetime of your account
• Billing records: Retained for 7 years as required by tax and accounting regulations
• Server logs: Automatically deleted after 30 days

When you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain certain records.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you
• Rectification: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data ("right to be forgotten")
• Portability: Request a machine-readable export of your data
• Restriction: Request that we limit how we process your data
• Objection: Object to processing of your data for certain purposes
• Withdraw Consent: Where processing is based on consent, you can withdraw it at any time

To exercise any of these rights, please contact us at support@traxo.dev. We will respond to your request within 30 days.

8. Children's Privacy

Traxo is not directed at individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information immediately. If you believe we may have collected information from a child, please contact us at support@traxo.dev.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. For significant changes, we will also send an email notification to the address associated with your account. We encourage you to review this policy periodically.

10. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

• Email: support@traxo.dev
• Website: https://traxo.dev