Privacy Policy
Effective date: 14 March 2026 Last updated: 14 March 2026
Seabhac.io ("we", "us", "our") is a company registered in Ireland. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our infrastructure monitoring service at seabhac.io ("Service").
We process personal data in accordance with the EU General Data Protection Regulation (GDPR) and the Irish Data Protection Act 2018. We are the data controller for the purposes of this policy.
1. Data We Collect
1.1 Account and Registration Data
When you create an account we collect:
- Name
- Email address
- Password (stored as a one-way hash; we never store plaintext passwords)
- Organisation name
1.2 Billing Data
Paid plan subscriptions are processed by Stripe, Inc. We do not store payment card numbers or full card details. We receive and store:
- Billing name and address (for tax/VAT purposes)
- Stripe customer ID and subscription status
- Payment history (amounts, dates, plan type)
1.3 Monitor Configuration Data
Endpoints, hostnames, IP addresses, port numbers, custom headers, and other configuration data you enter to define your monitoring checks.
1.4 Check Result Data
Results generated by our probe nodes when running checks on your configured endpoints, including response codes, latency measurements, certificate details, and DNS records.
1.5 Usage and Technical Data
- Log data: IP address, browser type, pages visited, timestamps
- Session tokens (stored as secure cookies)
- Error and diagnostic logs
2. How We Use Your Data
| Purpose | Legal Basis |
|---|---|
| Providing and operating the Service | Performance of contract (Art. 6(1)(b) GDPR) |
| Processing payments | Performance of contract (Art. 6(1)(b) GDPR) |
| Sending transactional emails (alerts, invoices, account notices) | Performance of contract (Art. 6(1)(b) GDPR) |
| Security, fraud prevention, and abuse detection | Legitimate interests (Art. 6(1)(f) GDPR) |
| Complying with legal obligations (e.g. tax records) | Legal obligation (Art. 6(1)(c) GDPR) |
| Service improvement and analytics (aggregated/anonymised) | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing communications (where you have opted in) | Consent (Art. 6(1)(a) GDPR) |
3. Third-Party Processors
We share personal data with the following sub-processors solely to provide the Service:
| Processor | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | USA (EU SCCs in place) |
| Amazon Web Services (Amazon SES) | Transactional email delivery | EU (Ireland region) |
We do not sell your personal data to third parties.
4. Cookies
We use a minimal set of cookies:
- Session cookie (
auth_token): Required for authentication. This is a strictly necessary cookie and does not require consent. - Preference cookies: Used to remember UI preferences (e.g. theme). You can disable these in your browser.
We do not use third-party advertising or tracking cookies.
5. Data Retention
| Data type | Retention period |
|---|---|
| Account data | For the duration of your account, plus 30 days after deletion |
| Check result data | Per your plan's history limit (30 days on Free, up to 2 years on Enterprise) |
| Billing records | 7 years (Irish tax law requirement) |
| Server access logs | 90 days |
6. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including:
- Encryption of data in transit (TLS 1.2+)
- Encryption of data at rest
- Hashed password storage (bcrypt)
- Access controls limiting staff access to personal data
No method of transmission over the internet is 100% secure. In the event of a personal data breach we will notify affected users and the Data Protection Commission (DPC) as required by GDPR.
7. International Transfers
Your data is primarily stored and processed within the EU (Ireland). Where data is transferred to processors outside the EEA (e.g. Stripe in the USA), we rely on Standard Contractual Clauses (SCCs) approved by the European Commission to ensure an adequate level of protection.
8. Your Rights
Under GDPR you have the following rights in relation to your personal data:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate data.
- Erasure: Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Portability: Receive your data in a structured, machine-readable format.
- Restriction: Request that we restrict processing of your data in certain circumstances.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing.
To exercise any of these rights, contact us at legal@seabhac.io. We will respond within 30 days. You will not be charged for making a request.
You also have the right to lodge a complaint with the Irish Data Protection Commission (DPC) at dataprotection.ie or with the supervisory authority in your EU member state.
9. Children
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have done so, please contact us and we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you by email or via the Service at least 14 days before material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
11. Contact and Data Controller
Seabhac.io
Ireland
Email: legal@seabhac.io