Privacy Policy
Cyze AS as a Data Controller, org. no. 932 904 500 (“Cyze”, “we”, “our”), provides the website-monitoring platform SiteWatch.pro (the “Service”). This document explains how we collect, use, share and protect personal data when you visit our websites or use the Service.
1. Who is the Data Controller?
Cyze AS, Norway
Org. No. 932 904 500
2. What Data Do We Collect?
| Category | Data Items | Source | Purpose | Lawful Basis (GDPR) |
|---|---|---|---|---|
| Account Data | Name, email, organisation, role, Login identifiers | User | Create & manage account | Art 6 (1)(b) contract |
| Monitoring Data | Domain names, URLs, DNS records, probe latency & status | User / automated scans | Provide uptime monitoring & alerts | Art 6 (1)(b) contract |
| Billing Data | Stripe customer ID, subscription tier, invoices (no card numbers) | Stripe | Payment processing | Art 6 (1)(b) contract |
| Log & Usage Data | IP addresses, user-agent, authentication tokens, API calls | Service | Security, audit, analytics | Art 6 (1)(f) legitimate interest: to secure our service from threats, to analyze usage to improve performance |
| Marketing Consent | Newsletter opt-in status, timestamps | User | Send product news | Art 6 (1)(a) consent |
| Anonymized Service Data | Aggregated probe results, anonymized uptime logs, statistical reports (non-PII) | Service | Service improvement, analytics, product development, historical trends | Art 6 (1)(f) legitimate interest |
We do not collect special category data as defined in Art 9 GDPR.
3. How Do We Use the Data?
- Operate, secure and improve the Service
- Send incident alerts, invoices, and important service emails
- Provide customer support
- Send marketing updates only if you consent
- Comply with legal obligations (e.g. accounting, tax)
- Improve and develop new features for the Service through statistical analysis and aggregated trends.
4. Sub-Processors
| Vendor | Function | Data Location | Safeguard |
|---|---|---|---|
| Stripe Payments Europe, Ltd. | Billing | EU | Standard PCI-DSS compliance |
| Google (Gmail/Workspace) | E-mail, support & transaction e-mail | EU datacenter | Standard Contractual Clauses (SCCs) |
| Cookiebot | Cookie consent | EU datacenter | Standard Contractual Clauses (SCCs) |
5. International Transfers
Customer account data (e.g., your name, email, billing details) is stored exclusively within the EU/EEA.
For the purpose of performing website monitoring, our probes may run from servers located outside the EEA. When these probes process monitoring targets (such as domain names or URLs) that may constitute personal data (e.g., if they identify a natural person), these transfers are covered by robust safeguards.
Specifically, where we transfer personal data to a country without an EU adequacy decision, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and implement supplementary technical measures (such as encryption in transit and at rest) to ensure the protection of your data.
6. Retention
| Data Set | Retention Period | Deletion Method |
|---|---|---|
| Account & billing | Active subscription + 6 years (Norwegian bookkeeping rules) | Secure erase |
| Probe results | 30 days by default | Automated purge. However, anonymized and/or aggregated derivatives of probe results are retained indefinitely for service improvement and statistical analysis. |
| Logs | 90 days | Automated purge |
| Marketing consent records | Until withdrawn + 2 years | Secure erase |
You may request early deletion at any time (see Section 9).
7. Security
- TLS 1.3 for all data in transit
- AES-256 encryption at rest
- Principle of least privilege, MFA for all admin accounts
- Routine penetration testing & dependency CVE scanning
- 99.9% backup durability across EU availability zones
8. Cookies
We use both technical and analytics cookies. Analytics cookies are disabled by default and are only enabled with your explicit consent. You have control over cookie preferences via the Cookiebot control panel on our website. For more details on the cookies we use, please refer to our cookie declaration.
9. Your Rights
You can, at any time:
- Access your personal data
- Rectify inaccurate data
- Delete your data (right to erasure)
- Restrict or object to processing
- Port your data to another controller
- Withdraw marketing consent
To exercise any right, email . We will respond within 30 days. You may also lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet).
10. Children
The Service is intended for users 18 years and older. We do not knowingly process data of children.
11. Changes to This Policy
Material changes will be announced 30 days in advance via email or in-app banner. All versions are archived and linked at sitewatch.pro/legal/archive for audit purposes.
Questions? Contact our DPO at .
Last updated: 2025-08-31