Effective 10 June 2026 · Drafted for compliance with the Digital Personal Data Protection Act, 2023 (India)
StatusMirror (“we”, “us”) monitors the status of third-party services (Stripe, Slack, AWS, GCP, GitHub and others) and alerts your team when they go down. For the purposes of India's Digital Personal Data Protection Act, 2023 (“DPDP Act”), StatusMirror is the Data Fiduciary and you are the Data Principal.
Contact / Grievance Officer: ayushjaiswal1204@gmail.com (responses within 7 working days, resolution within 30 days as required by the DPDP Rules).
Account data: your email address (used for one-time-passcode sign-in — we never store passwords) and the workspace/organization name you choose.
Configuration data: which providers you monitor and the email addresses you nominate to receive outage alerts.
Billing metadata: if you subscribe to a paid plan, Razorpay processes your payment. We never see or store your card, UPI, or bank details — we store only Razorpay customer and subscription identifiers.
Technical data: standard server logs, error reports (Sentry) and product analytics events (PostHog, EU region) used to keep the service working and improve it.
To authenticate you (consent — Section 6, DPDP Act): sending the sign-in code to your email is the core of how login works.
To deliver the service you signed up for (legitimate use — Section 7(a)): monitoring your selected providers and emailing outage alerts to addresses you configured.
To bill paid subscriptions, secure the service against abuse, and debug failures.
We do not sell personal data, do not use it for behavioural advertising, and do not process it for any purpose beyond those listed here.
Right to access (Section 11): ask us for a summary of the personal data we hold about you and how it has been processed.
Right to correction and erasure (Section 12): ask us to correct inaccurate data or delete your account and all associated personal data. Erasure requests are completed within 30 days using an automated deletion pipeline that removes your user record, sessions, organization, monitoring configuration, and alert logs.
Right to grievance redressal (Section 13): if you are unhappy with our response, escalate to our Grievance Officer (contact above). If still unresolved, you may complain to the Data Protection Board of India.
Right to nominate (Section 14): you may nominate another individual to exercise these rights on your behalf in case of death or incapacity.
To exercise any right, email ayushjaiswal1204@gmail.com from your registered email address with the subject “DPDP request”.
By creating an account you consent to the processing described in this notice. You may withdraw consent at any time by requesting account deletion — withdrawal is as easy as giving consent (Section 6(4)). After withdrawal we stop processing your data except where retention is required by law.
We use vetted Data Processors under contract: Convex (database & backend, USA), Netlify (hosting/CDN, USA), Resend (transactional email, USA), Razorpay (payments, India), PostHog (analytics, EU), Sentry (error monitoring, USA/EU), and Arcjet (bot protection, USA).
Personal data may therefore be stored outside India. Section 16 of the DPDP Act permits such transfers except to countries restricted by the Central Government; we will comply with any future restriction notifications.
Reasonable security safeguards (Section 8(5)) include: TLS encryption in transit, encrypted storage at rest by our processors, signed RS256 session tokens in HttpOnly Secure cookies, hashed one-time codes (never stored in plaintext), rate-limited sign-in attempts, webhook signature verification, a strict Content-Security-Policy, and bot/abuse protection on every request.
In the event of a personal data breach we will notify the Data Protection Board of India and each affected Data Principal as required by Section 8(6) of the DPDP Act and the DPDP Rules, without unreasonable delay.
Account and configuration data is kept while your account is active and deleted within 30 days of a verified deletion request. Alert delivery logs are kept for 90 days for debugging and dedup. Aggregated, non-personal status history (which provider was up or down) contains no personal data and may be retained indefinitely.
StatusMirror is a business tool and is not directed at persons under 18. We do not knowingly process children's personal data (Section 9).
We will update this notice when our practices change and note the effective date below. Material changes will be announced by email to registered users.