Privacy Policy

PageCalm ("we," "us," "our") provides AI-powered status pages and incident communication tools at pagecalm.com. This policy explains how we collect, use, and protect your information.

Account Information

When you create an account, we collect your email address and password (hashed, never stored in plain text).

Status Page Content

Content you create — status pages, components, incidents, and incident updates — is stored to provide the service. Public status pages are visible to anyone with the URL.

Subscriber Information

When visitors subscribe to your status page, we collect their email address to send incident notifications. Subscribers can unsubscribe at any time via the link in every email.

Payment Information

Payments are processed by Stripe. We do not store credit card numbers. Stripe may collect information as described in their privacy policy.

AI-Processed Content

When you use the AI incident writer, the text you provide (alert descriptions, incident details) is sent to OpenAI to generate communications. We do not use your content to train AI models. See OpenAI's privacy policy for details on their data handling.

API Keys

If you create an API key to integrate monitoring tools with PageCalm, we store a cryptographic hash of the key — never the key itself. We also store a short prefix for display purposes and the date the key was last used. Data sent to our API (incident titles, alert descriptions, component IDs) is processed the same way as content created through the dashboard.

Chat Integration Webhook URLs

If you connect a chat integration (Slack today; we may add others over time), we store the webhook URL you paste, encrypted at rest. The URL is decrypted only at send-time to deliver notifications. We do not log it, and it is never returned in an API response.

Usage Data

We use Vercel Web Analytics to collect anonymous, aggregated usage statistics (pages visited, referral source, device type). No cookies or personal identifiers are collected — visitors cannot be individually identified. We do not use third-party tracking or advertising cookies.

Account Administration Records

We keep internal records of administrative actions taken on your account — for example, plan changes, or complimentary plan access granted for support or goodwill reasons. Each record includes the action taken, the date, and a short free-text note explaining the context, which is sent to you in a notification email at the time of the action (so the note itself is not hidden from you). These records support accounting, support, and auditing needs. They are accessible to you in your account data export.

• Provide and maintain the PageCalm service
• Send incident notifications to subscribers
• Process payments and manage subscriptions
• Generate AI-powered incident communications
• Send service-related emails (account verification, billing receipts)
• Improve the service based on usage patterns

We do not sell your data. We do not send marketing emails unless you opt in. We do not show advertisements.

Lawful Basis for Processing (GDPR)

If you are in the European Economic Area (EEA), UK, or Switzerland, we process your personal data on the following legal bases:

• Contract — processing your account data, status page content, and payment information is necessary to provide the service you signed up for.
• Legitimate interest — anonymous usage analytics and service improvements, where our interest in improving PageCalm does not override your rights.
• Consent — subscriber email notifications. Subscribers explicitly opt in by entering their email and confirming via email link. They can withdraw consent at any time by unsubscribing.
• Legal obligation — retaining billing records as required by tax and accounting law.

We share data only with the following service providers (sub-processors), solely to operate PageCalm:

• Supabase (US) — database hosting and authentication
• Vercel (US) — application hosting
• Stripe (US) — payment processing
• OpenAI (US) — AI content generation
• Resend (US) — transactional email delivery, including team-invitation emails sent to the addresses you invite
• Cloudflare (US) — DNS, CDN, edge workers, and status page failover caching
• Slack (US) — incident update delivery, only when you configure a Slack integration. We transmit incident metadata (title, severity, update text, link to your public status page) at your direction; subscriber email addresses are never shared with Slack.

Visibility Within an Account Team

When the account owner invites additional members, each member's email address is visible to other members of the same account in the team-management interface. The owner can see all members and any pending invitations. Members can see other members.

Activity records on incidents (for example, "who changed the incident status at 14:15") identify the team member who took the action and are visible to every member of the account. If a member later deletes their login, the activity records remain on the account but no longer identify them.

Account-wide data such as status pages, incidents, billing information, and the AI-generation usage counter is shared by the account itself rather than by individual members — every member of the same account sees the same account-level data.

We do not share your data with anyone else unless required by law.

Data Processing Role

When you use PageCalm to operate a status page, we act as a data processor on your behalf for subscriber email addresses — you (our customer) are the data controller. For your own account data, we are the data controller.

All sub-processors listed above are based in the United States. Data transferred from the EEA/UK to the US is protected under the EU-US Data Privacy Framework where applicable, and by standard contractual clauses in our agreements with sub-processors.

We retain your account data and content for as long as your account is active. If you delete your account, we will delete your data within 30 days, except where retention is required by law (e.g., billing records).

Subscriber email addresses are deleted when a subscriber unsubscribes or when the associated status page is deleted.

Account administration records (plan changes, complimentary plan access, and similar actions) are retained for two years after the action is taken, then archived or deleted. These records are kept for support, accounting, and auditing purposes.

We use industry-standard security measures including encrypted connections (TLS), hashed passwords, hashed API keys, encrypted integration webhook URLs, row-level security policies on our database, rate limiting on all endpoints, and CSRF protection. API requests are authenticated via Bearer tokens and rate limited per user. However, no method of transmission over the internet is 100% secure.

You can:

• Access your data through the dashboard at any time
• Update your account information
• Delete your account and all associated data
• Export your incident data (contact support)
• Unsubscribe from any status page notifications

Additional Rights for EEA/UK Residents

Under the GDPR, you also have the right to:

• Data portability — receive your personal data in a structured, commonly used format
• Restriction of processing — request that we limit how we use your data
• Object to processing — object to processing based on legitimate interest
• Lodge a complaint — with your local data protection authority if you believe your rights have been violated

To exercise any of these rights, email support@pagecalm.com. We will respond within 30 days.

We use essential cookies only — strictly necessary for authentication and session management. These cookies are required for the service to function and do not require consent under GDPR (Article 5(3) of the ePrivacy Directive).

Vercel Web Analytics uses no cookies and collects no personal identifiers. We do not use advertising, analytics, or third-party tracking cookies. Because we only use strictly necessary cookies, no consent banner is required.

PageCalm is not directed at children under 13. We do not knowingly collect information from children under 13.

We may update this policy from time to time. We'll notify you of significant changes via email or a notice on our website. Your continued use of PageCalm after changes constitutes acceptance of the updated policy.

Questions about this policy? Email support@pagecalm.com.