Legal

Privacy Policy

Last updated: September 2025

TL;DR

  • We use your data only to run fivenines.io, support you, and comply with the law.
  • We don't sell your data and share it only with essential service providers.
  • You can delete your account and associated data at any time.

Questions? Email: privacy@fivenines.io

Who we are

fivenines.io (the "Service") is an infrastructure monitoring platform operated from France, with users worldwide. This policy explains what we collect, why, how we use it, and your choices.

Data Controller

fivenines.io (France)

Privacy Inquiries

privacy@fivenines.io

What we collect

We collect information only when we have a reason to do so-primarily to provide and improve the Services, to bill you, and to communicate with you. We collect information you provide directly, information we receive automatically when you use the Services, and information from integrations you enable.

Why we use your information

  • Provide, maintain, and improve the Services (GDPR: Art. 6(1)(b) contract)
  • Secure and troubleshoot - detect/prevent abuse, debug issues (GDPR: Art. 6(1)(f) legitimate interests)
  • Billing and account management - invoicing, receipts, tax compliance (GDPR: Art. 6(1)(b)/(c))
  • Communications - account notices, incident updates, service changes
  • Legal compliance - respond to lawful requests, enforce terms (GDPR: Art. 6(1)(c))

We don't send marketing emails without your consent (GDPR: Art. 6(1)(a)).

What we share and why

We never sell your personal information.

  • Personnel and contractors - Access strictly limited and logged; bound by confidentiality obligations.
  • Sub-processors - For hosting, payments, email delivery. We require appropriate data protection commitments.
  • Legal requests - If required by law or valid legal process, after careful review.
  • With your consent - For example, sending alerts to Slack/Telegram you configured.

Data retention & deletion

  • Account data - Kept while your account is active. Deleted promptly when you delete your account.
  • Metrics & events - Retained while your account is active. May be downsampled over time.
  • Logs - Security/diagnostic logs typically retained ~30 days.
  • Backups - Encrypted backups kept for limited period then purged on rolling schedule.
  • Inactive accounts - May be deleted after 24–36 months of inactivity with reasonable notice.

Security

We take security seriously and employ administrative, technical, and physical measures:

Encryption in transit and at rest
Role-based access controls
Regular patching and hardening
Network segregation
Encrypted backups
Responsible disclosure program

Security vulnerabilities? Contact: security@fivenines.io

Your rights

Depending on your location, you have rights including: access, rectification, erasure, restriction, portability, and objection. You can exercise many of these through your account settings. For other requests, email privacy@fivenines.io. You also have the right to lodge a complaint with your local supervisory authority (e.g., CNIL in France).

Sub-processors

We use third-party providers to run certain parts of the Service:

Payments

Stripe

Email Delivery

Brevo

Messaging

Slack, Telegram

Infrastructure

Hetzner

Questions about privacy?

Contact us at

privacy@fivenines.io

Changelog

2025-09-06: Initial public draft.

Note: This document is provided for informational purposes and does not constitute legal advice.