Legal
Privacy Policy
What we collect, why, and where it lives. The short version: the public site needs no account and sets no tracking cookies, and payment details go to Paddle — our merchant of record — never to us.
Last updated: July 6, 2026
1. What this policy covers
This policy explains what data OutageDeck collects when you visit outagedeck.com, use the JSON API, or purchase a subscription, and how that data is used. The Service is operated by Kerolos Atallah, doing business as OutageDeck; contact kerolosmalak@gmail.com for anything privacy-related.
2. What we collect
- Hosting logs. Our host (Vercel) keeps standard server logs — IP address, user agent, requested URL, and timestamp — used for security, abuse prevention, and debugging, and retained only briefly.
- Aggregate analytics. We use Vercel Web Analytics, a cookieless, privacy-friendly counter of page views. It builds no cross-site profiles and stores no identifiers in your browser.
- API usage. For keyed API access we record the key used, request counts, and timestamps so we can enforce quotas.
- Purchase data. Checkout is operated by Paddle, our merchant of record. Paddle collects your name, email, billing country, and payment details under its own privacy policy. We receive your email address, plan, billing country, and subscription status — never your full card details.
- Email. If you write to us, we keep the correspondence for as long as it stays relevant.
4. How we use data
We use the data above to operate and secure the Service, enforce API quotas, provision subscriptions and provide support, meet tax and accounting obligations (via Paddle), and understand — in aggregate — which pages are useful. We do not sell personal data, and we do not share it with third parties for their marketing.
5. Where data lives
- Vercel — website hosting and CDN; logs may be processed in the US and EU.
- Supabase — our primary database, hosted in the EU (AWS eu-west-1, Ireland).
- Paddle — payment processing and billing records, as merchant of record.
Each processor handles only what it needs for its role. Beyond these, we disclose personal data only if the law requires it.
6. Retention
Hosting logs are rotated on our providers’ standard short schedules. API usage data is kept in aggregate form. Billing records are retained for as long as tax and accounting rules require. Everything else is kept only as long as it is needed for the purpose it was collected for.
7. Your rights
You can ask us to access, correct, export, or delete the personal data we hold about you, or object to how it is used, by emailing kerolosmalak@gmail.com. If you are in the EU or UK, this includes your GDPR rights, and you may also lodge a complaint with your local supervisory authority. For data held by Paddle as merchant of record, we will help route your request or you can contact Paddle directly.
8. Children
The Service is not directed at children under 16, and we do not knowingly collect their personal data.
9. Changes to this policy
When this policy changes, the “Last updated” date above changes with it, and material changes will be announced on the site. Questions? Email kerolosmalak@gmail.com.