New: Distributed consensus monitoring is here. Learn more →

newuptime

Privacy Policy

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR) — Last updated: March 2026

1. Data Controller

The data controller for personal data collected through the newuptime platform and website is:

newuptime
VAT no. IT03738170780
Certified email (PEC): secmail@pec.it
Email: info@newuptime.com

2. Definitions

For the purposes of this Privacy Policy:

  • Personal data: any information relating to an identified or identifiable natural person ("data subject").
  • Processing: any operation or set of operations performed on personal data, whether or not by automated means.
  • Data controller: the natural or legal person that determines the purposes and means of processing personal data.
  • Data processor: a natural or legal person that processes personal data on behalf of the controller.
  • Consent: any freely given, specific, informed and unambiguous indication of the data subject's agreement.

3. Categories of Data Collected

3.1 Account and registration data

When you create a newuptime account we collect: your name or display name, email address, password stored as a cryptographic hash (bcrypt), optional company or organization name, chosen subscription plan, and registration date.

3.2 Monitoring data configured by you

To provide the service, you enter the endpoints you want monitored: URLs, IP addresses, hostnames, TCP ports, DNS records, keywords, and response thresholds. This data is used solely to execute monitoring checks and is not analyzed for any other purpose. You are responsible for configuring only endpoints you own or are authorized to monitor.

3.3 Billing data

Payment details (card number, etc.) are processed exclusively by our payment provider (Stripe Inc. or PayPal Holdings, Inc.) and never pass through our servers. We retain only non-sensitive billing information: amount, currency, transaction date, provider-issued transaction ID, and any invoicing details required by applicable tax law.

3.4 Technical and usage data

Our systems automatically collect certain data whose transmission is implicit in the use of Internet communication protocols: IP address, browser type, operating system, pages visited, access date and time, HTTP response codes, and data transferred. This data is not collected for identification purposes but could allow identification through cross-referencing with third-party data.

3.5 Data you provide voluntarily

Messages sent through the contact form or by email result in the collection of your contact details and any personal information included in those communications.

4. Purposes and Legal Basis for Processing

We process personal data for the following purposes, each based on a specific legal ground under Article 6 GDPR:

  • Providing the monitoring service (Art. 6(1)(b)): performance of the contract established when you register. Includes account management, executing monitoring checks, sending notifications and alerts, API access, and dashboard access.
  • Payment processing and invoicing (Art. 6(1)(b) and (c)): fulfillment of contractual and legal obligations under applicable tax law.
  • Platform security and fraud prevention (Art. 6(1)(f)): our legitimate interest in protecting infrastructure from unauthorized access, abuse, and fraudulent activity.
  • Customer support (Art. 6(1)(b)): handling support requests and resolving technical issues you report.
  • Service communications (Art. 6(1)(b)): sending technical notices, platform updates, account-related communications, and notifications of changes to these legal documents.
  • Legal compliance (Art. 6(1)(c)): retaining accounting and fiscal records for legally required periods.
  • Aggregate analytics and service improvement (Art. 6(1)(f)): processing anonymized statistics on platform usage to improve features. Data is aggregated and does not allow identification of individual users.
  • Cookies and tracking (Art. 6(1)(a)): for non-essential cookies, processing is based on consent given through the cookie banner. Consent may be withdrawn at any time.

5. How We Process Data

Personal data is processed by automated means for only as long as necessary to achieve the purposes for which it was collected. We apply specific security measures to prevent data loss, unlawful use, and unauthorized access:

  • Encryption in transit using TLS 1.2 or higher on all communication channels.
  • Private encrypted network between probe nodes and the central coordinator.
  • Data access limited to strictly necessary personnel via role-based access control.
  • User passwords stored exclusively as irreversible cryptographic hashes.
  • Encrypted backups with controlled access.
  • Regular security audits of the infrastructure.

6. Retention Periods

Personal data is retained only for as long as necessary for the purposes for which it was collected, in accordance with the minimization and storage limitation principles of Article 5 GDPR:

  • Active account data: for the duration of the contractual relationship.
  • Data after account closure: 30 days to allow recovery in case of accidental closure, after which data is permanently and irreversibly deleted.
  • Monitoring and heartbeat data: according to your active subscription plan (7 days on the Free plan, up to 2 years on advanced plans).
  • Tax and accounting documents: 10 years from the date of issue, as required by applicable law.
  • Technical security logs: 12 months.
  • Email and contact form communications: 24 months from the date of last communication.

7. Sharing Data with Third Parties

Personal data is not sold, transferred, or disclosed to third parties for their own commercial purposes. Data may be shared with the following categories of parties, to the extent strictly necessary:

  • Cloud infrastructure providers: platform servers are hosted with infrastructure providers (European data centers). These providers act as data processors under Article 28 GDPR and are bound by specific data processing agreements.
  • Payment providers: Stripe Inc. (Standard Contractual Clauses) or PayPal Holdings, Inc., for secure payment processing.
  • Transactional email providers: for sending alerts, notifications, and service communications.
  • Competent authorities: where required by judicial or administrative authorities in cases provided for by law.

An up-to-date list of data processors is available on request by emailing info@newuptime.com.

8. International Data Transfers

Some service providers to whom data may be disclosed are located outside the European Economic Area (EEA). In such cases, transfers take place only to countries that ensure an adequate level of protection under Article 45 GDPR, or on the basis of appropriate safeguards under Article 46 GDPR (in particular, the Standard Contractual Clauses adopted by the European Commission). Contact us for information on the transfer mechanisms used for specific transfers.

9. Your Rights

Under Articles 15-22 GDPR, you have the right to:

  • Access (Art. 15): obtain confirmation of whether personal data concerning you is being processed and, if so, access to that data and related processing information.
  • Rectification (Art. 16): obtain correction of inaccurate personal data and completion of incomplete personal data.
  • Erasure ("right to be forgotten", Art. 17): obtain deletion of your personal data where the conditions provided by the regulation are met.
  • Restriction of processing (Art. 18): obtain restriction of processing in cases provided for by the regulation.
  • Data portability (Art. 20): receive personal data you have provided in a structured, commonly used, machine-readable format, and transmit it to another controller without hindrance.
  • Objection (Art. 21): object at any time, on grounds relating to your particular situation, to processing based on our legitimate interests.
  • Withdrawal of consent: withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
  • Lodge a complaint: lodge a complaint with the competent supervisory authority. In Italy, this is the Garante per la protezione dei dati personali (www.garanteprivacy.it).

To exercise your rights, send a written request to info@newuptime.com or by certified email to secmail@pec.it. We will respond within 30 days of receipt, or within a further 60 days in particularly complex cases, with prior notice to you.

10. Cookies

This website uses cookies and similar technologies. For detailed information on the types of cookies used, their purposes, and how to manage your preferences, please see our Cookie Policy.

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. Changes will be published on this page and, for material changes, communicated directly to your registered email address. The updated version will always be available here with the date of last update. We recommend checking this page periodically.

12. Contact Us

For any questions, requests, or concerns regarding the processing of your personal data: