Privacy Policy

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when using the Service:

• Account Information: Name, email address, password, and profile photo
• Organization Information: Company name, team member details, and roles
• Contact Information: Phone number (for SMS alerts), email addresses for notifications
• Payment Information: Billing address and payment method details (processed securely by Stripe; we do not store full card numbers)
• Configuration Data: Monitor settings, integrations, status page content, and incident information
• Communications: Messages sent to our support team, feedback, and survey responses

1.2 Information Collected Automatically

When you access the Service, we automatically collect:

• Device Information: Browser type, operating system, device type, and screen resolution
• Log Data: IP address, access times, pages viewed, and actions taken
• Usage Data: Features used, monitors created, alerts triggered, and performance metrics
• Location Data: Approximate location derived from IP address

1.3 Information from Third Parties

We may receive information from third-party services you connect:

• OAuth Providers: When you sign in with Google, GitHub, or other providers, we receive your name, email, and profile photo
• Integrations: When you connect Slack, Discord, or other services, we receive necessary tokens and workspace information

2. How We Use Your Information

We use the information we collect for the following purposes:

2.1 Providing the Service

• Create and manage your account
• Perform uptime and heartbeat monitoring
• Send alerts and notifications through your configured channels
• Process payments and manage subscriptions
• Enable collaboration with your team members

2.2 Improving the Service

• Analyze usage patterns to improve features
• Debug issues and optimize performance
• Develop new features based on user behavior
• Conduct research using aggregated, anonymized data

2.3 Communication

• Send transactional emails (account verification, password resets, alerts)
• Provide customer support
• Send product updates and announcements (with opt-out option)
• Respond to your inquiries and feedback

2.4 Security and Compliance

• Detect and prevent fraud, abuse, and security incidents
• Enforce our Terms of Service and Acceptable Use Policy
• Comply with legal obligations
• Protect the rights and safety of our users

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA) and UK, we process personal data based on:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Processing for our legitimate business purposes (analytics, security, product improvement) where not overridden by your rights
• Consent: Where you have given specific consent for marketing communications
• Legal Obligation: Processing required to comply with applicable laws

4. Information Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

4.1 Service Providers

We share data with third-party vendors who help us operate the Service:

• Stripe: Payment processing
• Clerk: Authentication services
• AWS: Cloud infrastructure and hosting
• Twilio: SMS delivery
• Resend/SendGrid: Email delivery
• PostHog/Mixpanel: Analytics

These providers are bound by data processing agreements and may only use your data to perform services on our behalf.

4.2 Team Members

If you use the Service as part of an organization, your information may be visible to other members of your organization with appropriate access levels.

4.3 Connected Services

When you connect third-party integrations (Slack, Discord, PagerDuty, etc.), necessary data is shared to enable those integrations. This sharing is governed by those third parties' privacy policies.

4.4 Legal Requirements

We may disclose your information when required by law, subpoena, court order, or government request, or when we believe disclosure is necessary to:

• Comply with applicable laws or regulations
• Protect our rights, property, or safety
• Prevent fraud or address security issues
• Protect the rights of our users or the public

4.5 Business Transfers

If Encompass is involved in a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have.

5. Cookies and Tracking Technologies

5.1 Types of Cookies We Use

• Essential Cookies: Required for the Service to function (authentication, security). Cannot be disabled.
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how users interact with the Service.

5.2 Managing Cookies

You can control cookies through your browser settings. Disabling non-essential cookies may affect functionality. We do not use advertising or tracking cookies that follow you across other websites.

5.3 Do Not Track

We do not currently respond to "Do Not Track" browser signals as there is no consistent industry standard for compliance.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256)
• Access Controls: Role-based access to systems and data, following least-privilege principles
• Authentication: Secure password hashing, optional two-factor authentication
• Infrastructure: Hosted on AWS with SOC 2 compliance
• Monitoring: Continuous security monitoring and logging
• Incident Response: Documented procedures for handling security incidents

While we strive to protect your data, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes described in this policy:

• Account Data: Retained while your account is active, plus 30 days after deletion
• Monitoring Data: Retention varies by plan (7 days to 1 year)
• Incident Data: Retained for the duration specified in your plan
• Billing Records: Retained for 7 years for tax and legal compliance
• Log Data: Retained for up to 90 days for security and debugging

You may request deletion of your data at any time by contacting privacy@encompass.gg.

8. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

8.1 Access and Portability

You have the right to request a copy of the personal data we hold about you in a structured, commonly used, machine-readable format.

8.2 Correction

You have the right to request correction of inaccurate personal data. You can update most information directly in your account settings.

8.3 Deletion

You have the right to request deletion of your personal data, subject to certain legal obligations that may require us to retain certain data.

8.4 Restriction and Objection

You have the right to restrict or object to certain processing of your personal data, including processing for direct marketing.

8.5 Withdraw Consent

Where we rely on consent for processing, you have the right to withdraw consent at any time. This will not affect the lawfulness of processing before withdrawal.

8.6 Exercising Your Rights

To exercise any of these rights, please contact us at privacy@encompass.gg. We will respond to your request within 30 days. We may require verification of your identity before processing requests.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States, where our servers and service providers are located.

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• The UK International Data Transfer Agreement where applicable
• Adequacy decisions for countries deemed to provide adequate protection

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: You may request details about the categories and specific pieces of personal information we collect
• Right to Delete: You may request deletion of your personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights
• No Sale of Personal Information: We do not sell personal information to third parties

To make a CCPA request, contact us at privacy@encompass.gg or use the contact form on our website.

11. Children's Privacy

The Service is not intended for children under 16 years of age. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately at privacy@encompass.gg, and we will take steps to delete such information.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last updated" date
• Sending an email notification for significant changes
• Displaying a notice within the Service

We encourage you to review this policy periodically. Your continued use of the Service after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions, concerns, or complaints about this Privacy Policy or our data practices, please contact us:

If you are in the EEA or UK and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.