Skip to main content

Privacy Policy

Last updated: February 28, 2026

Ionhour, Inc. (“Ionhour”, “we”, “us”, or “our”) is committed to protecting your personal information. This Privacy Policy explains what information we collect, why we collect it, how we use it, and the rights you have with respect to it. By using our Service, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information in three ways:

Information You Provide Directly

  • Account information: name, email address, and password when you create an account
  • Organisation information: company name, team size, and workspace settings
  • Billing information: billing address and payment card details (processed and stored by Paddle, our merchant of record; we do not store raw card numbers)
  • Communications: messages you send to our support team or through our feedback form

Information Collected Automatically

  • Usage data: features used, pages visited, dashboard interactions, and time spent
  • Log data: IP addresses, browser type and version, operating system, referring URLs, and access timestamps
  • Signal data: HTTP ping metadata sent by your cron jobs, including timestamps, HTTP method, response latency, and optional request bodies you include

Information from Third Parties

  • If you sign in via OAuth (e.g., GitHub, Google), we receive your name, email, and profile picture from that provider
  • Payment status and billing events are received from Paddle

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Ionhour platform
  • Send monitoring alerts, incident notifications, and account-related transactional emails
  • Process payments and manage your subscription
  • Respond to your support requests, questions, and feedback in a timely manner
  • Detect, investigate, and prevent fraudulent activity, abuse, and security incidents
  • Analyse usage patterns and product performance to improve our Service (using aggregated, anonymised data wherever possible)
  • Send product update announcements and occasional marketing communications — you can opt out of marketing emails at any time via the unsubscribe link
  • Comply with applicable laws and legal obligations

We never sell your personal data to third parties for advertising or any other commercial purpose.

3. Cookies and Tracking

We use cookies and similar technologies to:

  • Essential cookies: maintain your authenticated session and store your preferences (e.g., colour theme)
  • Analytics cookies: understand how visitors use our public landing pages, using privacy-preserving analytics (Fathom Analytics) that do not track individuals across sites

We do not use advertising cookies, cross-site tracking cookies, or behavioural profiling cookies. You can disable non-essential cookies through the cookie banner or your browser settings. Disabling essential cookies may affect your ability to log in or use the Service.

4. Data Sharing and Disclosure

We share your information only in the following limited circumstances:

  • Service providers: trusted sub-processors who help us run the platform — including Paddle (payments), AWS and Hetzner (cloud infrastructure), Postmark (transactional email), and Fathom (analytics). Each is bound by data processing agreements
  • Your team members: within a shared workspace, your name and email address are visible to other members of the same workspace
  • Legal obligations: we may disclose information if required by law, court order, or to protect the rights, property, or safety of Ionhour, our users, or the public
  • Business transfers: in the event of a merger, acquisition, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you via email and a prominent notice before your data is transferred and becomes subject to a different privacy policy

5. Data Security

We take the security of your data seriously and implement industry-standard safeguards:

  • All data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256
  • Access to production systems is restricted to authorised personnel on a need-to-know basis
  • We conduct periodic security reviews and penetration tests
  • Passwords are never stored in plain text; authentication is delegated to Keycloak with industry-standard hashing

Despite these measures, no method of transmission over the Internet or electronic storage is 100% secure. If you discover a security vulnerability, please report it responsibly to [email protected].

6. Data Retention

We retain your personal information for as long as your account is active or as necessary to provide the Service and comply with our legal obligations:

  • Account data is retained for the lifetime of your account and deleted within 30 days of account termination
  • Signal history is retained according to your plan’s limits: 3 days (Free), 30 days (Pro), or 365 days (Business)
  • Billing records are retained for 7 years to comply with tax and accounting regulations
  • Support communications are retained for 3 years unless you request deletion

You may request the deletion of your personal data at any time (see Your Rights below). Certain data may be retained longer where required by applicable law.

7. Your Rights (GDPR / CCPA)

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Right of access: obtain a copy of the personal data we hold about you
  • Right to rectification: correct inaccurate or incomplete personal data
  • Right to erasure: request deletion of your personal data (“right to be forgotten”), subject to legal retention requirements
  • Right to restriction of processing: request that we restrict processing of your data in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on our legitimate interests
  • Right to opt out of sale (CCPA): we do not sell your personal information; no opt-out is needed

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

8. Children’s Privacy

The Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information as promptly as possible. If you believe we may have such information, please contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and notify registered users via email at least 14 days before the changes take effect. We encourage you to review this policy periodically to stay informed about how we protect your information.

Your continued use of the Service after any changes become effective constitutes your acceptance of the revised Privacy Policy.

10. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact our privacy team: