SYSWATCHBack
LEGAL

Privacy Policy

Last updated: 29/05/2026

1. Who We Are

The data controller is StackFloww, based in Romania, European Union. You can contact us at [email protected] for any question related to data processing.

2. Data We Collect

Account data: Email address, password (bcrypt hash, we do not store passwords in plain text), name.

Payment data: Processed exclusively through Stripe. We do not store card data on our servers.

Server technical data: IP addresses, hostnames, performance metrics (CPU, RAM, Disk), SSL certificates. SSH keys are encrypted with AES-256-GCM.

Usage data: Access logs, errors, uptime statistics. Stored for a maximum of 90 days.

Cookies: Session cookie (essential), analytics cookies (with your consent).

3. How We Use Data

  • Providing and improving the monitoring service
  • Sending alerts and notifications (email, WhatsApp)
  • Payment processing through Stripe
  • Generating reports for your clients
  • Compliance with legal obligations

4. Legal Basis (GDPR)

Contract performance (Art. 6(1)(b)): Processing data necessary for service provision.

Consent (Art. 6(1)(a)): Analytics cookies, marketing.

Legal obligation (Art. 6(1)(c)): Invoicing, tax obligations.

5. Data Sharing

Stripe: Payment processor, based in the USA (SCCs mechanism).

Google (Drive API): Backup storage, with your explicit consent.

We do not sell data to third parties for marketing purposes.

6. Your Rights (GDPR)

  • Right of access: You can request a copy of your data.
  • Right to rectification: Correction of inaccurate data.
  • Right to erasure: Deletion of your data ("right to be forgotten").
  • Right to portability: Export data in JSON/CSV format.
  • Right to object: Object to processing for marketing purposes.
  • Right to withdraw consent at any time.

Exercise your rights by email at [email protected]. We respond within 30 days.

7. Data Retention

Account data: for the duration of the contract plus 2 years (fiscal obligation).

Monitoring logs: 90 days.

Backups: according to the configured retention policy (default 30 days).

Upon account deletion, all data is removed within 30 days.

8. Security

Data is encrypted in transit (TLS 1.3) and at rest (AES-256-GCM). SSH keys and database passwords are encrypted with a separate master key. Access to systems is made exclusively through encrypted tunnels.

9. Complaints

You can lodge a complaint with the supervisory authority in your EU member state. In Romania: ANSPDCP (National Supervisory Authority for Personal Data Processing) — www.dataprotection.ro