Privacy Policy

PingNode (“PingNode”, “we”, “us”) is a web-page change-monitoring service operated at pingnode.app. We are the data controller for the personal data described below. Reach us at privacy@pingnode.app for any privacy question, request, or complaint.

We keep the data set deliberately small. Specifically:

• Account data. Your email address, display name, and (if you sign in with an OAuth provider) the provider’s account identifier and profile photo URL.
• Authentication credentials. Passkey public keys, API key hashes, and session tokens. We never store raw passwords or raw API keys.
• Watches and actions. The URLs you ask us to monitor, your detection rules, action endpoints (Slack/Discord/ntfy/webhook URLs, email recipients), and any names, tags, or notes you attach to them.
• Crawled snapshots. The HTML and extracted text of pages you watch, the diffs between snapshots, AI-generated change summaries, and per-fetch metadata (status code, latency, content hash).
• Delivery records. When an alert was sent to which action, plus any error returned by the destination.
• Billing data. If you upgrade to a paid plan, Stripe stores your payment method on our behalf. We retain a Stripe customer ID and your subscription status; we do not see or store card numbers.
• Server logs. Standard HTTP request logs (IP address, user agent, URL, timestamp) for debugging and abuse prevention. Retained for up to 30 days.

We do not use third-party analytics, advertising trackers, fingerprinting, or session-replay tools.

• To run the service you signed up for — fetching pages, computing diffs, and routing alerts.
• To authenticate you and protect your account from unauthorized access.
• To bill paid plans and prevent fraud (where applicable).
• To diagnose bugs and respond to abuse reports.
• To send transactional email (alerts you configured, billing receipts, security notices). We do not send marketing email without separate, explicit opt-in.

Our legal bases under GDPR are contract (running the service), legitimate interest (security, fraud prevention, debugging), and consent (optional cookies, marketing email — neither currently in use).

PingNode uses a small number of strictly necessary cookies. We do not use advertising, analytics, or tracking cookies.

Because these are strictly necessary, the law (ePrivacy / GDPR) does not require prior consent — but we still tell you they exist via the banner the first time you visit. You can delete them in your browser settings at any time; doing so will sign you out.

We only share what’s required to provide the service. Each processor is bound by a data processing agreement.

• Fly.io — hosting and the SQLite database that stores everything above. Servers run in their data centers.
• Resend — transactional email delivery (alert emails, sign-in links). They see the recipient address and the message contents.
• Stripe — payment processing for paid plans. They see your billing details directly; we do not.
• Google, GitHub — only if you choose to sign in with one of them. They see that you signed in to PingNode; we receive your email and profile basics.
• Anthropic — when you opt into AI-generated change summaries or element suggestions, the relevant page text is sent to Anthropic’s API for inference. Anthropic does not train on this data.
• Your destinations. When you configure a Slack, Discord, ntfy, or webhook action, alert payloads go to those services on your instruction. We are not responsible for what they do with the data once delivered.

We do not sell personal data and we do not share it with advertisers.

Our servers are hosted in the United States and the European Union depending on region. Some processors above (Resend, Stripe, Anthropic) may process data in the United States. Where applicable, transfers rely on the EU Standard Contractual Clauses or an equivalent safeguard.

• Account data is retained while your account is open, plus up to 30 days after deletion to allow recovery.
• Snapshots and change history are retained until you delete the Watch, or until you delete your account.
• Server logs are retained for up to 30 days.
• Billing records are retained for as long as legally required (typically 7 years for tax purposes).

If you’re in the EU/EEA, UK, or California, you have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your account and associated data.
• Export your Watches, actions, and history (available from Settings → Import / Export).
• Object to or restrict certain processing.
• Withdraw consent at any time, where processing relies on consent.
• Lodge a complaint with your local data protection authority.

Most of these you can do yourself from Settings. For anything else, email privacy@pingnode.app and we will respond within 30 days.

We use TLS for everything in transit, hash all secrets we store (passkeys, API keys, session tokens), and keep the database on encrypted volumes. No system is perfectly secure — if you discover a vulnerability, please email privacy@pingnode.app.

PingNode is not directed to children under 16, and we do not knowingly collect data from them. If you believe a child has provided us data, email us and we will delete it.

We’ll update this page when our practices change. The “last updated” date at the top always reflects the current version. Material changes will be flagged in-app or via email before they take effect.