Data Compliance

downdetectordowndetectordowndetector.com is owned and operated by Hasher Technologies LLC and is committed to protecting your privacy and complying with applicable data protection regulations. This page outlines the main frameworks that may apply.

For users in the European Economic Area (EEA), our practices are designed to align with key General Data Protection Regulation (GDPR) requirements where applicable:

• Lawful bases: legitimate interests (service operations/security), performance of a contract (account features), and consent where applicable
• Data minimization: we collect only data needed to provide and protect the service
• Access and correction: you may request access to and correction of your personal data
• Erasure: you may request deletion, subject to legal/operational exceptions
• Objection/restriction: you may object to or request restriction of certain processing where applicable

For California residents, our practices are designed to align with the California Consumer Privacy Act as amended by CPRA:

• Right to know/access: you may request disclosure of personal information categories and sources
• Right to delete: you may request deletion of personal information, subject to exceptions
• Right to correct: you may request correction of inaccurate personal information
• Right to opt out of sale/share: we do not sell personal information or share it for cross-context behavioral advertising
• Non-discrimination: We will not discriminate against you for exercising your rights

We do not sell your personal information. This site has no advertising and does not participate in data broker networks.

Categories of data processed:

• Server logs (IP addresses, browser information, timestamps)
• First-party web-vitals and client-error telemetry (page path, performance metrics, error messages, and timestamps; query strings are stripped before browser error reports are sent)
• Contact form submissions (name, email, message content)
• Account data (email address, password hash, verification state)
• Optional MFA data (encrypted TOTP secrets and related security flags when MFA is enabled or pending setup)
• Authentication data (httpOnly cookies used to keep sessions and refresh tokens)
• Account preferences (for example, whether incident email alerts are enabled)
• Historical account or support metadata from prior versions of the product, if any, retained only when needed for support or compliance
• System configuration chosen by administrators (for example, incident webhook endpoints and optional SMS destinations for operational notifications)
• Administrative/audit data for privileged actions (actor email, request ID, and IP where available)
• Operational monitoring history (status snapshots and incident records about our checks of downdetector.com)

Purposes of processing:

• Providing and maintaining the service
• Responding to inquiries
• Providing login and account-related features
• Handling questions that depend on historical records, if any, from prior versions of the product
• Sending operational incident notifications to users who explicitly opt in
• Security and abuse prevention

This site is hosted on infrastructure that may transfer data internationally. Where personal data crosses borders, we rely on provider safeguards made available for those services (for example, contractual protections published by providers).

• Server logs: retained for a limited period for operational and security purposes
• Account records: retained until you request deletion
• Email verification tokens: expire automatically after 24 hours
• Password reset tokens: expire automatically after 1 hour
• Underlying status snapshots: stored with automatic expiry (currently up to about 90 days). Queryable history for users is limited to the current access baseline (currently up to 7 days). Incident records may be retained longer for transparency.
• Contact form messages: delivered by email; not stored in a database (email retention depends on provider policies)
• Historical support or account records, if any: retained only as needed for support, fraud prevention, or legal compliance
• Administrative audit entries: retained for security, abuse prevention, and accountability

To exercise any of your data protection rights, please use our contact form. We respond to verified requests within timelines required by applicable law.

Given the minimal data we collect, most requests can be fulfilled quickly.

This page provides operational information about our current practices and is not legal advice.

This compliance information may be updated to reflect changes in law or our practices. Check this page periodically for updates.