Privacy Policy
Last updated: 08 June 2026
Short version: We collect only what's necessary to run AmAzE Uptime for you. We do not sell your data, use advertising trackers, or install any third-party analytics. The only cookies we set are for keeping you logged in and preventing form abuse (CSRF). Payment processing is handled by Mollie; email delivery by Mailjet. Both are GDPR-compliant EU-based or EU-processing services.
1. Who we are
AmAzE Uptime is a website uptime monitoring service operated by AmAzE Security B.V., a company registered in the Netherlands.
- Website: uptime.amaze-apps.com
- Parent company: amaze-security.nl
- Contact: [email protected]
As the controller of your personal data, we are responsible for how it is collected, stored, and used in accordance with the General Data Protection Regulation (GDPR) and applicable Dutch law.
2. What data we collect and why
Account data
When you register, we store your email address and a bcrypt-hashed password (we never see or store your plain-text password). We use your email address to send alerts, recovery notifications, and important account messages. We do not send marketing emails unless you explicitly opt in.
Monitor configuration
The URLs you add to monitor, their friendly names, check intervals, and other settings you configure. This data is necessary to deliver the monitoring service.
Check results and incident data
For every check our system performs, we record: timestamp, HTTP status code, response time in milliseconds, response headers, a portion of the response body (on failure), and any SSL certificate details. This data is what powers your incident log, uptime charts, and status pages. We keep this data as long as your account is active.
Payment data
If you subscribe to a paid plan, you are redirected to Mollie B.V. for payment. We do not receive, store, or process your card details - Mollie handles that entirely. We receive a payment status from Mollie (paid/cancelled/expired) and store your current subscription plan and status.
Technical logs
Like any web server, our infrastructure produces access logs (IP address, requested URL, timestamp, HTTP method). These are used only for security monitoring and debugging and are retained for a maximum of 30 days.
3. Cookies
We use only the minimum cookies required for the service to function. We do not use advertising cookies, analytics cookies, or any third-party tracking.
| Cookie name | Type | Purpose | Duration |
|---|---|---|---|
amaze_uptime_session |
Session / functional | Keeps you logged in between page loads. HTTP-only, SameSite=Lax, first-party only. | Until browser close (or 2 hours of inactivity) |
XSRF-TOKEN |
Security / functional | Cross-Site Request Forgery (CSRF) protection. Required for all form submissions. Cannot be disabled. | Session |
| Remember-me token | Functional | Only set if you tick "Remember me" on the login form. Keeps your session alive across browser restarts. | 30 days |
Because all cookies we set are strictly necessary for the service to function, we do not require a cookie consent banner under GDPR Article 5(3) and the ePrivacy Directive. No consent is needed for cookies that are technically required to deliver a service you have explicitly requested.
You can delete cookies at any time through your browser settings. Deleting the session cookie will log you out.
4. Third-party data processors
We work with the following carefully selected third parties who process personal data on our behalf under data processing agreements:
Mailjet (Mailgun Technologies Inc.)
We use Mailjet to send transactional emails: uptime alerts, SSL warnings, and recovery notifications to your registered email address. When we send you an email, your email address is transferred to Mailjet's servers for delivery. Mailjet operates under standard contractual clauses for GDPR compliance. Mailjet's privacy policy →
Mollie B.V.
Payments for Pro and Max subscriptions are processed by Mollie, a Dutch payment service provider regulated by De Nederlandsche Bank. When you subscribe, you are redirected to Mollie's hosted payment page. We do not receive or store any card or bank account information. We receive only a payment status. Mollie's privacy policy →
We do not share your data with any other third parties. We do not sell data. We do not use Google Analytics, Facebook Pixel, Hotjar, or any other tracking or advertising technology.
5. How we protect your data
- All data is transmitted over HTTPS/TLS. Unencrypted connections are rejected.
- Passwords are hashed using bcrypt - we cannot see or recover them.
- Database access is restricted to application servers only; no public database endpoint exists.
- Session cookies are set with
HttpOnlyandSameSite=Laxflags to reduce XSS and CSRF risk. - Webhook payloads are signed with HMAC-SHA256 so recipients can verify authenticity.
- Per-monitor status page URLs use randomly generated 20-character tokens - not guessable from your username or monitor ID.
6. Data retention
We keep your data for as long as your account is active. Specifically:
- Account and configuration data - retained until you delete your account.
- Check results and incident logs - retained while your account is active. We may impose a rolling retention window (e.g., 90 days of history) in future for free-plan users.
- Server access logs - maximum 30 days, then automatically deleted.
- Payment records - retained for 7 years as required by Dutch financial record-keeping law.
When you delete your account, all personal data associated with it (email, monitors, check results, incident logs) is permanently deleted within 30 days.
7. Your rights under GDPR
As a resident of the EU/EEA you have the following rights regarding your personal data:
- Right of access - request a copy of the personal data we hold about you.
- Right to rectification - ask us to correct inaccurate data.
- Right to erasure - ask us to delete your data ("right to be forgotten"). You can also delete your account directly from the profile page.
- Right to data portability - receive your data in a structured, machine-readable format.
- Right to restriction - ask us to limit processing in certain circumstances.
- Right to object - object to processing based on legitimate interests.
To exercise any of these rights, email us at [email protected]. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
8. Children's privacy
AmAzE Uptime is intended for use by adults and businesses. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.
9. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page. If the changes are significant, we will notify registered users by email. Continued use of AmAzE Uptime after an update constitutes acceptance of the revised policy.
10. Contact
Questions about this policy or your personal data? We're happy to help.
- Email: [email protected]
- Company: AmAzE Security B.V., Netherlands
- Website: amaze-security.nl