Privacy Policy

Effective Date: February 7, 2026
Last Updated: February 4, 2026

1. Introduction

TENbase Labs ("we", "us", or "our") operates PingRoot (the "Service"), an API monitoring platform.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

By using PingRoot, you consent to the data practices described in this policy.

If you do not agree with our policies and practices, do not use the Service.

2. Information We Collect

2.1 Information You Provide

Account Information:

Email address (required for authentication)
Password (hashed and encrypted)
Name (optional)
Profile picture (optional)

Monitoring Configuration:

Endpoint URLs you wish to monitor
HTTP methods (GET, POST, PUT, DELETE, PATCH)
Expected status codes
Custom headers (e.g., API keys, authentication tokens)
Check intervals

Payment Information:

Billing details (processed by Stripe, not stored by us)
Stripe customer ID (for subscription management)

2.2 Automatically Collected Information

Monitoring Logs:

Timestamp of each check
HTTP status code received
Response time (latency)
Error messages (if applicable)

Usage Data:

IP address
Browser type and version
Device type
Operating system
Pages visited
Time and date of access
Referring URLs

Cookies & Tracking:

Session cookies (authentication)
Preference cookies (UI settings)
Analytics cookies (usage statistics)

We do NOT collect:

Content of API responses (we only record status codes and response times)
Personal data from monitored endpoints
Payment card details (handled by Stripe)

3. How We Use Your Information

We use your information to:

3.1 Provide the Service

Monitor your configured endpoints
Display monitoring results in your dashboard
Send notifications when endpoints go down
Calculate uptime and latency statistics

3.2 Account Management

Authenticate users
Process payments and subscriptions
Send service-related emails (welcome, password reset, subscription changes)

3.3 Improve the Service

Analyze usage patterns to improve features
Debug issues and fix bugs
Develop new features based on user needs

3.4 Communicate with You

Respond to support requests
Send important service announcements
Send marketing emails (with your consent, opt-out available)

3.5 Legal Compliance

Comply with legal obligations
Enforce our Terms of Service
Protect against fraud and abuse

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), our legal basis for processing your data is:

Contract Performance: Providing the Service you signed up for
Legitimate Interest: Improving the Service, preventing fraud
Consent: Marketing emails (opt-in), optional features
Legal Obligation: Complying with laws and regulations

5. Data Retention

We retain your data for as long as necessary to provide the Service:

Account Data: Until you delete your account
Monitoring Logs:
- Free Plan: 7 days
- Pro Plan: 30 days
Payment Records: Up to 7 years (legal requirement)
Deleted Account Data: Deleted within 30 days of account closure

You can request immediate deletion by contacting support@pingroot.com.

6. How We Share Your Information

We do NOT sell your personal data. We may share your information with:

6.1 Service Providers

We use third-party services to operate PingRoot:

Supabase (Database Hosting): Stores account data, monitors, and logs
Stripe (Payment Processing): Processes subscription payments
Vercel (Hosting): Hosts the application
Resend (Email Delivery): Sends transactional emails
cron-job.org (Monitoring Scheduler): Triggers monitoring checks

These providers are bound by confidentiality agreements and GDPR compliance.

6.2 Legal Requirements

We may disclose your information if required by law, such as:

In response to a subpoena or court order
To comply with legal processes
To protect our rights, property, or safety
To prevent fraud or security threats

6.3 Business Transfers

If PingRoot is acquired or merged, your data may be transferred to the new entity. We will notify you before any such transfer.

7. International Data Transfers

Your data may be transferred to and processed in countries outside your country of residence, including the United States and European Union.

We ensure adequate safeguards through:

Standard Contractual Clauses (SCCs) for EEA transfers
GDPR-compliant service providers
Encryption in transit and at rest

8. Data Security

We implement industry-standard security measures to protect your data:

8.1 Technical Measures

Encryption in transit: HTTPS/TLS for all connections
Encryption at rest: Database encryption
Password hashing: bcrypt with salt
SSRF protection: Blocks monitoring of private networks

8.2 Organizational Measures

Access controls (role-based permissions)
Regular security audits
Employee training on data protection
Incident response plan

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Your Rights (GDPR & CCPA)

If you are in the EEA or California, you have the following rights:

9.1 Right to Access

Request a copy of your personal data we hold.

9.2 Right to Rectification

Correct inaccurate or incomplete data.

9.3 Right to Erasure ("Right to be Forgotten")

Request deletion of your data (subject to legal obligations).

9.4 Right to Restriction

Request limited processing of your data.

9.5 Right to Data Portability

Receive your data in a structured, machine-readable format.

9.6 Right to Object

Object to processing based on legitimate interests.

9.7 Right to Withdraw Consent

Withdraw consent for marketing emails or optional features.

9.8 Right to Lodge a Complaint

File a complaint with your local data protection authority:

France (CNIL): https://www.cnil.fr/
EU: https://edpb.europa.eu/about-edpb/about-edpb/members_en

To exercise your rights, contact us at privacy@pingroot.com.

We will respond within 30 days.

10. Cookies & Tracking Technologies

We use the following types of cookies:

10.1 Essential Cookies (Required)

Session cookies: Keep you logged in
CSRF tokens: Prevent cross-site request forgery

10.2 Functional Cookies (Optional)

UI preferences: Dark mode, language settings

10.3 Analytics Cookies (Optional)

Usage analytics: Track page views, feature usage (anonymized)

You can disable cookies in your browser settings, but this may affect Service functionality.

Cookie Consent:

Essential cookies: No consent required (necessary for Service)
Optional cookies: Consent requested on first visit

11. Third-Party Links

The Service may contain links to third-party websites (e.g., documentation, integrations). We are not responsible for their privacy practices. Please review their privacy policies.

12. Children's Privacy

PingRoot is not intended for users under 18 years of age. We do not knowingly collect data from minors.

If we discover we have collected data from a minor, we will delete it immediately. If you believe we have collected data from a minor, contact us at privacy@pingroot.com.

13. Do Not Track (DNT)

We do not currently respond to "Do Not Track" browser signals. You can opt out of tracking via:

Browser settings (disable cookies)
Ad blockers
Privacy extensions

14. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

14.1 Right to Know

Request details about the personal data we collect and how we use it.

14.2 Right to Delete

Request deletion of your personal data (subject to exceptions).

14.3 Right to Opt-Out of Sale

We do NOT sell personal data. There is nothing to opt out of.

14.4 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

To exercise your rights, contact us at privacy@pingroot.com.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes will be notified via:

Email to your registered email address
In-app notification
Updated "Last Updated" date at the top of this policy

Material changes (e.g., new data collection practices) will be notified 30 days in advance.

Continued use of the Service after changes constitutes acceptance of the updated policy.

16. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

Email: privacy@pingroot.com
Support: support@pingroot.com
Address: 130 rue cycles Pasquet, Bâtiment D, 13300 Salon de Provence, France

Data Protection Officer (DPO): Leonardo Balland (legal@pingroot.com)

17. Compliance & Certifications

PingRoot complies with:

GDPR (General Data Protection Regulation - EU)
CCPA (California Consumer Privacy Act - USA)
ePrivacy Directive (Cookie Law - EU)

We are committed to:

Privacy by Design: Building privacy into our architecture
Data Minimization: Collecting only necessary data
Transparency: Clear communication about data practices
User Control: Giving you control over your data

18. Security Incident Response

In the event of a data breach:

We will investigate within 24 hours
Affected users will be notified within 72 hours
We will report to relevant authorities (e.g., CNIL) if required by law
We will publish a public incident report (if appropriate)

To report a security vulnerability, email security@pingroot.com.

19. Data Processing Agreement (DPA)

If you are a business user and need a Data Processing Agreement (for GDPR compliance), please contact legal@pingroot.com.

20. Summary (TL;DR)

What we collect:

Email, password (for your account)
Endpoint URLs, headers (for monitoring)
Monitoring logs (status codes, response times)

How we use it:

Provide the monitoring service
Send notifications
Improve the platform

Who we share with:

Service providers (Supabase, Stripe, Vercel) - GDPR compliant
Law enforcement (if required by law)

Your rights:

Access, correct, or delete your data
Opt out of marketing emails
Export your data

We do NOT:

Sell your data
Read your API responses
Track you across websites

Questions? privacy@pingroot.com

By using PingRoot, you acknowledge that you have read and understood this Privacy Policy.

Last Updated: February 4, 2026
Version: 1.0