Is Oh Dear GDPR compliant?

Yes, Oh Dear is fully GDPR compliant. We are a Belgian company (Immutable VOF), store primary data in the EU (Belgium), provide Data Processing Agreements, and respect all GDPR rights including access, rectification, erasure, data portability, and the right to object.

Where does Oh Dear store my data?

Primary data is stored in Belgium with Combell (ISO 9001, ISO 27001, ISO 27701 certified). Performance metrics are stored in ClickHouse Cloud (SOC 2 Type II, ISO 27001). All data in transit uses TLS 1.2+ encryption.

Does Oh Dear use tracking cookies?

No, Oh Dear does not use tracking cookies. We only use cookies for technical purposes such as session management. We use Fathom Analytics, a privacy-friendly analytics service that is GDPR compliant.

Can I export or delete my Oh Dear data?

Yes, you can export all your monitoring data anytime using our API. You can also request deletion of your account and all associated data at any time by contacting privacy@ohdear.app. We never sell your data to third parties.

4.9 (70)

4.7 (31)

Privacy Policy

Last updated: January 19th, 2026
This privacy policy explains how Oh Dear collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and Belgian data protection law.

1. Data Controller

The data controller responsible for your personal data is:
Immutable VOF
Hemelshoek 277
2590, Berlaar, Belgium
VAT number: BE 0699.594.682
Email: [email protected]

2. What Personal Data We Collect

We collect and process the following categories of personal data:

Account Information: Name, email address, company name, billing address
Usage Data: Website monitoring data, uptime statistics, performance metrics
Technical Data: IP addresses, browser information, device identifiers
Communication Data: Support tickets, feedback, correspondence
Payment Data: Billing information (processed by our payment providers)

3. Legal Basis for Processing

We process your personal data based on the following legal grounds:

Contract Performance: To provide our monitoring services and fulfill our contractual obligations
Legitimate Interest: To improve our services, ensure security, and communicate about service updates
Legal Obligation: To comply with tax, accounting, and legal requirements
Consent: For marketing communications (where required) and optional features

4. How We Use Your Data

We use your personal data to:

Provide website monitoring and uptime services
Process payments and manage your account
Provide customer support and respond to inquiries
Send service-related communications and important updates
Improve our services and develop new features
Ensure security and prevent fraud
Comply with legal and regulatory requirements

5. Data Sharing and Third Parties

We may share your personal data with:

Service Providers: Payment processors, cloud hosting providers, email services
Legal Requirements: When required by law, court order, or regulatory authority
Business Transfers: In case of merger, acquisition, or sale of assets

We ensure adequate protection through Data Processing Agreements (DPAs) with all third-party processors. All our subprocessors are SOC 2 or ISO 27001 certified. Your primary data stays in the EU - stored in Belgium with Combell, an ISO 27001 certified hosting provider.

Subprocessors

Complete list of third-party processors and their certifications

View List

6. International Data Transfers

Some of our service providers may be located outside the European Economic Area (EEA). When transferring data internationally, we ensure adequate protection through:

European Commission adequacy decisions
Standard Contractual Clauses (SCCs)
Other appropriate safeguards as required by GDPR

7. Data Retention

We retain your personal data only as long as necessary:

Account Data: For the duration of your account plus 5 years for legal/tax purposes
Monitoring Data: According to your subscription plan (typically 1-2 years)
Communication Records: 3 years from last interaction
Technical Logs: Maximum 12 months

8. Your Rights Under GDPR

As a data subject, you have the following rights:

Right of Access

You can request access to your personal data and information about how we process it.

Right to Rectification

You can request correction of inaccurate or incomplete personal data.

Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when it's no longer necessary or you withdraw consent.

Right to Restrict Processing

You can request limitation of processing in certain circumstances.

Right to Data Portability

You can request your data in a structured, machine-readable format to transfer to another service.

Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

9. Exercising Your Rights

To exercise any of your rights, please contact us at [email protected] or use our contact form. We will respond within one month of receiving your request.

You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/Autorité de protection des données) if you believe we have not handled your personal data properly.

9a. Your Data, Your Control

We believe you should always have control over your data:

Export anytime: Use our API to export all your monitoring data whenever you need it
Delete on request: Request deletion of your account and all associated data at any time
No data selling: We never sell your data to third parties. Ever.
Transparent processing: We only use your data to provide the service you signed up for

10. Security Measures

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Data location: Primary data stored in Belgium with Combell (ISO 9001, ISO 27001, ISO 27701 certified)
Performance metrics: Stored in ClickHouse Cloud (SOC 2 Type II, ISO 27001)
Encryption: TLS 1.2+ for all data in transit
Access controls: Multi-factor authentication required, principle of least privilege
Background checks: Completed for all team members
Incident response: Documented procedures with 24-hour response commitment

Security

How we protect your data and earn your trust

11. Data Breach Notification

In case of a personal data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR.

To date, Oh Dear has never experienced a data breach requiring notification.

12. Cookies and Tracking

We do not use tracking cookies. We do use cookies for technical purposes such as session management.

13. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through our service. The current version is always available on our website.

14. Contact Us

If you have any questions about this privacy policy or our data practices, please contact us:

Email: [email protected]
Contact form: ohdear.app/contact
Mail: Immutable VOF, Hemelshoek 277, 2590 Berlaar, Belgium

15. Data Processing Agreement

For customers who process personal data through our services, we provide a GDPR-compliant Data Processing Agreement.

Data Processing Agreement

GDPR-compliant DPA with EU Standard Contractual Clauses

Read DPA