[ 4.9 (70) ](https://www.capterra.com/p/190028/Oh-Dear/ "Oh Dear on Capterra") [ 4.7 (31) ](https://www.g2.com/products/oh-dear/reviews "Oh Dear on G2") # Privacy Policy **Last updated:** January 19th, 2026 This privacy policy explains how Oh Dear collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and Belgian data protection law. ## 1. Data Controller The data controller responsible for your personal data is: **Immutable VOF** Hemelshoek 277 2590, Berlaar, Belgium VAT number: BE 0699.594.682 Email: ## 2. What Personal Data We Collect We collect and process the following categories of personal data: - **Account Information:** Name, email address, company name, billing address - **Usage Data:** Website monitoring data, uptime statistics, performance metrics - **Technical Data:** IP addresses, browser information, device identifiers - **Communication Data:** Support tickets, feedback, correspondence - **Payment Data:** Billing information (processed by our payment providers) ## 3. Legal Basis for Processing We process your personal data based on the following legal grounds: - **Contract Performance:** To provide our monitoring services and fulfill our contractual obligations - **Legitimate Interest:** To improve our services, ensure security, and communicate about service updates - **Legal Obligation:** To comply with tax, accounting, and legal requirements - **Consent:** For marketing communications (where required) and optional features ## 4. How We Use Your Data We use your personal data to: - Provide website monitoring and uptime services - Process payments and manage your account - Provide customer support and respond to inquiries - Send service-related communications and important updates - Improve our services and develop new features - Ensure security and prevent fraud - Comply with legal and regulatory requirements ## 5. Data Sharing and Third Parties We may share your personal data with: - **Service Providers:** Payment processors, cloud hosting providers, email services - **Legal Requirements:** When required by law, court order, or regulatory authority - **Business Transfers:** In case of merger, acquisition, or sale of assets We ensure adequate protection through Data Processing Agreements (DPAs) with all third-party processors. All our subprocessors are SOC 2 or ISO 27001 certified. Your primary data stays in the EU - stored in Belgium with Combell, an ISO 27001 certified hosting provider. ### Subprocessors Complete list of third-party processors and their certifications [ View List ](https://ohdear.app/subprocessors) ## 6. International Data Transfers Some of our service providers may be located outside the European Economic Area (EEA). When transferring data internationally, we ensure adequate protection through: - European Commission adequacy decisions - Standard Contractual Clauses (SCCs) - Other appropriate safeguards as required by GDPR ## 7. Data Retention We retain your personal data only as long as necessary: - **Account Data:** For the duration of your account plus 5 years for legal/tax purposes - **Monitoring Data:** According to your subscription plan (typically 1-2 years) - **Communication Records:** 3 years from last interaction - **Technical Logs:** Maximum 12 months ## 8. Your Rights Under GDPR As a data subject, you have the following rights: ### Right of Access You can request access to your personal data and information about how we process it. ### Right to Rectification You can request correction of inaccurate or incomplete personal data. ### Right to Erasure ("Right to be Forgotten") You can request deletion of your personal data when it's no longer necessary or you withdraw consent. ### Right to Restrict Processing You can request limitation of processing in certain circumstances. ### Right to Data Portability You can request your data in a structured, machine-readable format to transfer to another service. ### Right to Object You can object to processing based on legitimate interests or for direct marketing purposes. ### Right to Withdraw Consent Where processing is based on consent, you can withdraw it at any time. ## 9. Exercising Your Rights To exercise any of your rights, please contact us at or use our [contact form](/contact). We will respond within one month of receiving your request. You also have the right to lodge a complaint with the Belgian Data Protection Authority (Gegevensbeschermingsautoriteit/Autorité de protection des données) if you believe we have not handled your personal data properly. ## 9a. Your Data, Your Control We believe you should always have control over your data: - **Export anytime:** Use our API to export all your monitoring data whenever you need it - **Delete on request:** Request deletion of your account and all associated data at any time - **No data selling:** We never sell your data to third parties. Ever. - **Transparent processing:** We only use your data to provide the service you signed up for ## 10. Security Measures We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction: - **Data location:** Primary data stored in Belgium with [Combell](https://www.combell.com) (ISO 9001, ISO 27001, ISO 27701 certified) - **Performance metrics:** Stored in [ClickHouse Cloud](https://clickhouse.com/cloud) (SOC 2 Type II, ISO 27001) - **Encryption:** TLS 1.2+ for all data in transit - **Access controls:** Multi-factor authentication required, principle of least privilege - **Background checks:** Completed for all team members - **Incident response:** Documented procedures with 24-hour response commitment ### Security How we protect your data and earn your trust [ Read More ](https://ohdear.app/security) ## 11. Data Breach Notification In case of a personal data breach that poses a high risk to your rights and freedoms, we will notify you within 72 hours of becoming aware of the breach, as required by GDPR. To date, Oh Dear has never experienced a data breach requiring notification. ## 12. Cookies and Tracking We do not use tracking cookies. We do use cookies for technical purposes such as session management. ## 13. Changes to This Policy We may update this privacy policy from time to time. We will notify you of significant changes by email or through our service. The current version is always available on our website. ## 14. Contact Us If you have any questions about this privacy policy or our data practices, please contact us: - Email: - Contact form: [ohdear.app/contact](/contact) - Mail: Immutable VOF, Hemelshoek 277, 2590 Berlaar, Belgium ## 15. Data Processing Agreement For customers who process personal data through our services, we provide a GDPR-compliant Data Processing Agreement. ### Data Processing Agreement GDPR-compliant DPA with EU Standard Contractual Clauses [ Read DPA ](https://ohdear.app/data-processing-agreement)