Privacy Policy

Last updated: March 2026

1. Introduction

PerkyDash ("we", "us", "our"), operated by Teamlab S.r.l. (P.IVA IT03992200133), is a monitoring platform designed to help individuals, agencies, and SaaS owners track uptime, performance, and incidents of their online services.

PerkyDash offers individual accounts as well as agency accounts with white-label capabilities, including custom domains, branded dashboards, and client user access. This Privacy Policy explains how we collect, use, store, and protect personal information when you use perkydash.com or any white-label instance of the Service ("Service").

By signing up, accessing, or using the Service — whether directly or through an agency's white-label instance — you agree to this Privacy Policy.

2. Data Controller

PerkyDash — a product by Teamlab S.r.l.
P.IVA: IT03992200133
Email: support@perkydash.com

We operate in compliance with the EU General Data Protection Regulation (GDPR). For details on when we act as Data Controller versus Data Processor, see Section 3.

3. Data Controller vs. Data Processor

Our role under GDPR depends on the type of account and the data involved.

3.1. Individual Accounts (Pro Plans)

Teamlab S.r.l. is the Data Controller. We determine the purposes and means of processing your personal data to provide the Service.

3.2. Agency Accounts (White-Label Plans)

For the agency's own data (agency owner account, team member accounts, billing information): Teamlab S.r.l. is the Data Controller.

For agency client data (client users invited by the agency, monitored endpoints configured by or on behalf of clients, workspace-scoped monitoring data): the agency is the Data Controller and Teamlab S.r.l. acts as Data Processor on behalf of the agency.

As Data Controller for their clients, the agency is responsible for:

  • Obtaining appropriate consent or legal basis from its clients for data processing
  • Maintaining its own privacy policy that discloses the use of a third-party monitoring platform
  • Responding to data subject requests from its clients (we will assist upon request)
  • Ensuring that client data is processed in accordance with applicable data protection laws

A Data Processing Agreement (DPA) is available upon request at support@perkydash.com.

4. What Data We Collect

4.1. Account Data

When you sign up, we may collect:

  • Email address
  • Authentication provider details (Google, GitHub, Magic Link)
  • Authentication metadata provided by providers
  • Optional profile information (if you choose to add it)

We do not store your password when signing up with Google or GitHub.

4.2. Service Data (Monitoring)

PerkyDash monitors endpoints only after you explicitly configure them.

We collect technical data required to perform uptime and performance checks, including:

  • URL/endpoint monitored
  • HTTP status code
  • Response time
  • SSL certificate data (expiry date, issuer, etc.)
  • Domain expiry information
  • Error messages (truncated/technical only)
  • Timestamp of checks

We do NOT store page content, headers containing sensitive data, cookies, or HTML bodies.

4.3. Logs and IP Addresses

We collect:

  • IP address at login (security)
  • IP used when performing API requests
  • IP of your monitored endpoint (server IP)

These are technical data needed to operate the Service and ensure security.

4.4. Payment Data

For paid plans, payments are processed via Stripe. We do not store credit card details.

Stripe receives:

  • Email
  • Name (if provided)
  • Billing information
  • VAT (if applicable)

See Stripe's privacy policy: https://stripe.com/privacy

4.5. Email Communication Data

We use Brevo to send transactional and onboarding emails.

Brevo may process:

  • Email address
  • Send/open event metadata

4.6. Analytics

We use Google Analytics on the perkydash.com marketing site to understand site usage and improve the Service. Google Analytics collects pseudonymized device, usage, and event data.

4.7. Client User Data (Agency Plans)

When an agency invites client users to access a workspace, we collect:

  • Client user email address
  • Client user name (if provided)
  • Authentication credentials (hashed password)
  • Login timestamps and IP addresses
  • Actions performed within the workspace (audit trail)

This data is processed on behalf of the agency (Data Controller). The agency determines the retention and purpose of this data. See Section 3.2 for details on our role as Data Processor.

5. Why We Process Data (Legal Basis)

Purpose Legal Basis
Account creation & authentication Contractual necessity
Performing uptime & performance checks Contractual necessity
Sending transactional emails Contractual necessity
Payment processing Contractual necessity
Client user account management (agency plans) Contractual necessity (agency contract)
White-label branding & custom domain provisioning Contractual necessity
AI-powered summaries and analysis (via OpenAI) Contractual necessity
Fraud prevention & security Legitimate interest
Analytics & product improvement Legitimate interest
Support requests Legitimate interest

6. Data Retention

Monitoring logs and check history are retained based on your plan:

  • Free Trial — 30 days retention
  • Pro / Pro Plus — 90 days retention
  • Agency Starter / Agency Pro / Agency Business — 365 days retention

After the retention period expires, monitoring logs are permanently deleted.

Account data is retained until you delete your account or request deletion.

Client user data (agency plans): retained until the agency removes the client user or terminates their account. When an agency account is deleted, all associated client user data is also deleted.

7. Where Data is Stored

All primary servers and databases operate in OVH Europe (EU region).

  • Monitoring probes operate from multiple regions (EU primary, expanding globally). Probes collect only technical check data — no personal data is stored at probe locations.
  • Custom domain SSL certificates are provisioned via Let's Encrypt.
  • AI-powered monitoring summaries may be processed via the OpenAI API. Only monitoring metadata (uptime statistics, response times, incident counts) is sent to OpenAI — no personal data. See Section 12 for international transfer details.

All personal data is stored in the EU unless explicitly stated otherwise in this policy.

8. Sharing of Data

We share your data only with essential service providers necessary to run PerkyDash:

  • OVH — hosting and infrastructure
  • Stripe — payment processing and billing
  • Brevo — transactional email delivery
  • Google — authentication and analytics
  • GitHub — authentication
  • Let's Encrypt — SSL certificate provisioning for custom domains
  • OpenAI — AI summary generation (only monitoring metadata is shared, no personal data)

Agency white-label accounts: monitoring data and client user data within a workspace are shared only with the agency that owns that workspace. We do not share agency client data with other agencies or third parties beyond the service providers listed above.

We do not sell or rent your data.

9. Data Security

We use industry-standard security measures including:

  • HTTPS encryption for all connections
  • Data-in-transit encryption
  • Encrypted session tokens
  • Role-based access control (agency owner, team member, workspace client)
  • Workspace isolation — client data is logically separated per workspace
  • Isolated databases
  • Server-level firewalls
  • Continuous infrastructure monitoring

However, no online service can guarantee absolute security. We encourage you to use strong, unique passwords and to enable secure authentication methods.

10. User Rights (GDPR)

Under the GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and associated data
  • Export your data (data portability)
  • Restrict processing of your data
  • Object to certain types of processing
  • File a complaint with your local Data Protection Authority

To exercise any of these rights, contact us at support@perkydash.com.

If you are a client user of an agency: please contact the agency directly to exercise your data rights. The agency is your Data Controller. We will assist the agency in fulfilling your requests in accordance with our obligations as Data Processor.

11. Cookies

PerkyDash uses a limited number of cookies:

  • Session cookies — essential for authentication and maintaining your logged-in state. These cannot be declined as they are required for the Service to function.
  • Google Analytics cookies — used on the perkydash.com marketing site for analytics purposes. These can be declined or blocked via your browser settings.

We do not use advertising cookies or third-party tracking cookies.

12. International Data Transfers

Our primary data storage and processing takes place within the European Union (OVH Europe).

  • OpenAI processing: AI-powered monitoring summaries may involve data transfer outside the EU. Only monitoring metadata is sent (no personal data). These transfers are covered by Standard Contractual Clauses (SCCs) or equivalent safeguards.
  • Monitoring probes: probes may operate from non-EU regions to provide accurate global monitoring. Probes handle only technical check data (HTTP responses, response times) — no personal data is processed at probe locations.

13. Children

PerkyDash is not intended for users under 16. We do not knowingly collect personal data from children. If we become aware that a user under 16 has provided personal data, we will delete it promptly.

14. Changes to This Policy

We may update this policy to reflect changes in the Service, legal requirements, or our data practices. Updates will be posted on this page with a new "Last updated" date.

Material changes will be communicated via email to active users before they take effect.

15. Contact

For any questions about this Privacy Policy, your data, or to request a Data Processing Agreement, contact us at:

support@perkydash.com