Privacy Policy

Last updated: March 25, 2026

1. Controller

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR) is:

Engin Yildirim

Jägerstrasse 20

78054 Villingen-Schwenningen, Germany

Email: privacy@foundersdeck.dev

2. Data We Collect

2.1 Account Data

When you register for FoundersDeck, we collect:

  • Email address (for login and notifications)
  • Password (stored as an irreversible hash using Argon2)

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

2.2 Monitoring Data

When you create monitors, we process:

  • URLs you configure for monitoring
  • HTTP response status codes and response times
  • Error messages and incident details
  • Timestamps of all checks

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

2.3 Payment Data

Payment processing is handled entirely by Polar.sh as our Merchant of Record. FoundersDeck never receives, processes, or stores credit card numbers, bank account details, or other payment credentials. Polar.sh provides us only with your subscription status and customer ID.

Legal basis: Art. 6(1)(b) GDPR — performance of a contract.

2.4 Server Logs

Our web server automatically collects standard access logs including IP addresses, request timestamps, HTTP methods, and user agent strings. These logs are retained for a maximum of 7 days for security and debugging purposes, then automatically deleted.

Legal basis: Art. 6(1)(f) GDPR — legitimate interest in security and service stability.

3. Data We Do NOT Collect

  • We do not use cookies for analytics or tracking
  • We do not use any third-party analytics tools (no Google Analytics, no Mixpanel, no Plausible)
  • We do not track user behavior across pages
  • We do not collect or process data of your end users visiting your public status pages
  • We do not sell, share, or otherwise monetize your data

4. Where Your Data Is Stored

All data is stored and processed exclusively on servers operated by Netcup GmbH in Nuremberg, Germany. Your data never leaves the European Union. We do not use any US-based cloud providers (no AWS, no Google Cloud, no Azure).

For a complete list of our sub-processors, see our Trust & Transparency page.

5. Data Retention

Monitoring data (checks, incidents) is retained according to your plan:

  • Free: 30 days
  • Starter: 90 days
  • Pro: 180 days
  • Scale: 365 days

After the retention period, check data is automatically and permanently deleted. Account data is retained for the duration of your account and deleted within 30 days of account deletion.

6. Email Communications

We send transactional emails via Resend for the following purposes only:

  • Alert notifications (when your monitors detect incidents)
  • Password reset emails (when you request one)
  • Critical account notifications (security-related)

We do not send marketing emails, newsletters, or promotional content unless you explicitly opt in.

7. Third-Party Alert Channels

If you configure Slack, Discord, or webhook alert channels, FoundersDeck sends incident notifications to the endpoints you specify. These notifications contain only your monitor name, status (up/down), timestamp, and error type. You are responsible for the data processing that occurs at your chosen endpoints.

8. Public Status Pages

Public status pages display aggregated, non-personal monitoring data (uptime percentages, incident history). Status pages are served with:

  • Zero cookies
  • Zero tracking scripts
  • Zero third-party requests

Visitors of your status page are not tracked, fingerprinted, or profiled in any way.

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

  • Access (Art. 15) — Request a copy of all personal data we hold about you
  • Rectification (Art. 16) — Correct inaccurate data via your account settings
  • Erasure (Art. 17) — Delete your account and all data (automated, self-service)
  • Restriction (Art. 18) — Restrict processing of your data
  • Portability (Art. 20) — Export all data in JSON/CSV format
  • Objection (Art. 21) — Object to data processing

To exercise any of these rights, contact us at privacy@foundersdeck.dev or use the self-service options in your account settings.

10. Supervisory Authority

You have the right to lodge a complaint with a data protection supervisory authority. The competent authority for FoundersDeck is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)

Promenade 18, 91522 Ansbach, Germany

Website: lda.bayern.de

11. Changes to This Policy

We may update this privacy policy from time to time. Changes will be posted on this page with an updated "Last updated" date. For material changes, we will notify registered users by email.

12. Contact

For privacy-related questions or to exercise your rights:

Email: privacy@foundersdeck.dev