Privacy, in plain English.

What StatiBeat Is

StatiBeat is a hosted status-page and incident-communication platform. Teams use it to run public or private status pages, model service hierarchies, publish incidents and maintenance updates, manage subscribers, run Beats synthetic monitoring, connect Slack, and use AI-assisted workflows with human confirmation.

This Privacy Policy explains how we collect and use personal data across the marketing site, self-serve trial, managed workspaces, status pages, subscribers, integrations, and support conversations.

Our default is practical minimization: collect what we need to run the product, protect the platform, deliver notifications, support customers, and make the features you enable work.

Data We Collect

The exact data depends on how you use StatiBeat. It may include:

• Website, trial, and support details: name, work email, company, messages you send us, requested page name, selected region, account details, and basic security or request-log information.
• Workspace and page details: workspace name, admin and viewer access settings, status-page names, domains, components, custom views, incidents, maintenance windows, reports, branding, and update text your team adds.
• Subscriber and notification details: subscriber email addresses, names, phone numbers if SMS is enabled, subscription preferences, verification state, unsubscribe state, and delivery history.
• Beats and automation details: monitor names, target URLs or hostnames, checks you configure, recent results, timing data, error summaries, and optional evidence such as screenshots when that feature is enabled.
• Integration details: the configuration and metadata needed to connect services such as Slack, SSO, webhooks, AI providers, Terraform, email, SMS, and RSS. We only receive this where you configure or use the integration.
• Billing details for paid plans: plan, subscription state, checkout or customer-portal identifiers, billing contact details supplied through checkout, invoice state, and limited payment-method labels returned by the payment processor. The self-serve trial form does not collect payment details.

How We Use Data

• Provision and operate managed workspaces, including trial workspaces in the managed EMEA region.
• Authenticate admins and viewers, enforce workspace and page permissions, support SSO, issue sessions, and validate scoped API tokens.
• Publish public and private status pages, render hierarchy and custom-view pages, deliver RSS feeds, and show incident, maintenance, metrics, and history views.
• Send subscriber notifications, verification emails, management links, Slack notifications, webhook deliveries, reminders, and trial-ready or deletion-approval emails.
• Run Beats synthetic monitoring, store bounded evidence where enabled, create internal alerts, and support customer-facing automation when you configure it.
• Power AI-assisted workflows, such as incident drafting, Beat investigation, hierarchy creation, and Slack or admin-agent planning, while keeping write actions confirmation-first.
• Process paid subscriptions, plan changes, cancellations, billing-portal links, account lifecycle events, and related billing communications.
• Detect abuse, investigate security or reliability issues, rate-limit risky flows, debug errors, keep appropriate records, and respond to support, sales, security, or legal requests.

Legal Bases

Where data protection law requires a legal basis, we rely on the basis that fits the purpose. This may include performing a contract or taking steps before entering one, our legitimate interests in running and protecting StatiBeat, consent where we ask for it, and legal obligations we need to meet.

You can object to processing based on legitimate interests by contacting us. We will review the request and respond based on the context and applicable law.

Sharing

We do not sell personal data. We share data only when it is needed to run StatiBeat, when a workspace admin enables an integration, when a public page or subscriber workflow intentionally publishes or sends content, or when required for legal or security reasons.

• Infrastructure providers for hosting, databases, storage, logging, monitoring, email delivery, certificates, DNS, and security operations.
• Lemon Squeezy or another payment processor when you deliberately choose paid checkout or manage a paid subscription.
• Slack when you install the StatiBeat Slack app or use Slack workflows, including the workspace, channel, user, message, and thread context needed for the requested workflow.
• Identity providers when you configure OIDC, SAML, viewer SSO, or organization SSO.
• AI providers when you enable Platform Provided AI or page-scoped BYOK AI. StatiBeat sends the context needed for the task you request, such as your prompt and relevant page, incident, maintenance, Beat, Slack, or analytics context.
• Email, SMS, webhook, and RSS delivery systems when StatiBeat sends subscriber or operational notifications.
• Professional advisers, regulators, law enforcement, or courts when required or appropriate.
• A successor organization if StatiBeat is involved in a merger, acquisition, financing, or sale of assets.

AI and LLM Usage

AI is optional and page-scoped. Page admins can use StatiBeat-managed Platform AI where available, or configure a Bring Your Own Key provider.

AI-assisted write workflows are confirmation-first. The model may help draft, summarize, investigate, answer, or plan, but StatiBeat shows a normalized preview and checks permissions again before a human confirms changes to incidents, maintenance windows, Beats, Beat Groups, hierarchy items, branding, homepage layout, or similar resources.

StatiBeat sends only the context needed for the workflow. Depending on the request, that can include your prompt, recent conversation turns, relevant page configuration, incident or maintenance content, Beat results, Slack thread context, analytics summaries, and similar operational context.

AI action planning stores workflow records in StatiBeat so people can review, answer clarifying questions, confirm, execute, troubleshoot, and audit the request. These records can include prompts, summaries, questions, answers, previews, execution results, related resource references, requester details, and timestamps.

We do not send provider API keys to the model. For BYOK providers, saved keys are encrypted, page-scoped, and not re-shown after save. Third-party AI providers apply their own terms, retention, training, security, and privacy practices to data they receive outside StatiBeat.

If you connect Slack, SSO, webhooks, AI, Terraform, email, SMS, or other third-party services, their own terms and privacy notices also apply to how they handle data outside StatiBeat.

Trial Workspaces

The self-serve trial creates a real managed workspace so you can test a status page, hierarchy, custom views, incidents, maintenance, subscribers, admin access, and evaluation workflows with your own setup.

Trial signup asks for company name, page name, work email, password, and security-check data. We do not ask for payment details, a purchase order, or a billing contact during trial signup.

Trial approval links expire after 24 hours. Standard self-serve trial workspaces run for 30 days unless upgraded, extended, or deleted earlier. When a trial ends, the workspace may become read-only rather than silently becoming a paid subscription.

Trial deletion is an explicit workflow. When requested, StatiBeat sends an approval link to the trial owner email and schedules cleanup after confirmation, giving the owner time to catch a mistaken deletion request.

Retention

We keep personal data only as long as needed for the purposes described in this policy, including product operation, customer communication history, security, legal compliance, billing, and dispute resolution.

Retention depends on the data type. Trial approval links are short-lived. Trial workspaces have a fixed trial period unless changed. Status-page content, incident history, maintenance records, subscriber preferences, AI workflow records, security logs, and billing records may need to be kept longer so the workspace remains useful, accountable, and recoverable.

Workspace admins can remove many resources directly in the product, such as subscribers, incidents, maintenance windows, views, Beats, tokens, and integrations. You can also ask us to delete a trial workspace or review personal data connected to you.

Your Rights

Depending on where you live and the law that applies, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to withdraw consent where processing is based on consent.

You can contact us to exercise these rights. If you are in the UK or EEA, you may also have the right to complain to your local supervisory authority.

Security

StatiBeat uses safeguards designed for a shared managed status-page platform, including scoped roles, page-level authorization, SSO support, scoped API tokens, private-page viewer controls, rate limiting, request validation, encrypted storage for selected integration secrets, security headers, logging, and tenant isolation controls.

No online service can guarantee perfect security. Customers are also responsible for their side of the boundary: choosing appropriate admins, protecting passwords and API tokens, reviewing public updates before publishing, and avoiding secrets in incidents, maintenance updates, public pages, subscriber imports, Beat targets, request headers, or integration payloads unless the workflow is designed for them.

Contact

Questions, rights requests, security concerns, and deletion requests can be sent to hello@statibeat.com or through our contact page.

We may update this policy as the product, providers, or legal requirements change. The date at the top shows the latest version.