Velprove

Privacy Policy

Last updated: May 5, 2026

Technologies Velprove Inc., having its registered office at 204 rue du Saint-Sacrement, espace 300, Montréal (Québec) H2Y 1W8, Canada, doing business as Velprove ("Velprove," "we," "us," or "our") operates the uptime monitoring service available at this website. Technologies Velprove Inc. is the data controller for the personal information described in this Privacy Policy. This Privacy Policy explains what information we collect, how we use it, and your rights regarding that information.

1. Information We Collect

Account Information

When you create an account, we collect your name and email address. If you subscribe to a paid plan, your billing information is collected and processed by our payment provider.

Monitor Configuration Data

We store the URLs, monitor intervals, assertion rules, and other configuration details you provide when setting up monitors. This includes HTTP headers, request bodies, and expected response criteria.

Monitoring Results

We collect and store the results of each monitoring run, including response status codes, response times, headers, and body content necessary for assertion validation. This data is used to determine uptime status and trigger alerts.

Browser Monitor Credentials

If you configure a Browser Login Monitor, we collect and store the login credentials (username and password) you provide for the third-party service being monitored. These credentials are encrypted using AES-256-GCM authenticated encryption before storage and are never stored in plain text in our database. Separate encryption keys are used for data at rest and data in transit between our services. They are used solely to execute automated login monitors on your behalf.

Failure Screenshots

When a browser login monitor fails and you have enabled screenshot capture, we may capture and store a screenshot of the login page at the moment of failure. Screenshots are stored securely in cloud storage, accessible only to your account, and automatically deleted based on your plan's retention limit.

Public Status Pages

If you create a public status page, the monitor names, uptime percentages, and response times you choose to display are publicly accessible. If you configure a custom domain for your status page, your domain information is shared with our CDN and certificate provisioning partner for SSL certificate issuance.

Usage Data

We automatically collect basic usage data such as IP addresses, browser type, and pages visited within the application to maintain security and improve the service.

Signup Source Information

When you create an account, we record information about how you arrived at the signup page. This includes the originating website (truncated to scheme and host only, with paths and query parameters discarded), any campaign identifiers present in the signup URL (such as utm_source, utm_medium, and utm_campaign parameters), and the first page of our website you landed on during your visit. This information is used solely to understand which marketing channels bring users to Velprove. It is never shared with third parties for advertising or behavioral profiling. We never set cookies or read browser storage to capture this information before you create an account.

Sign-In Activity

When you sign in or attempt to sign in to your account, we record the event type (success, failure, or sign-out), the time, the IP address from which the request was made, and a truncated user-agent string. We use this information to detect unauthorized access attempts, investigate security incidents, and (where applicable) display recent sign-in activity to you.

All data categories we collect are retained according to the schedules set out in Section 5 (Data Location and International Transfers) and Section 12.6 (Data Retention by Category).

2. How We Use Your Information

  • Providing the service: Running monitors, processing monitoring results, and displaying dashboards.
  • Sending alerts: Delivering notifications via email and the alert channels you configure when your monitors detect issues.
  • Billing and account management: Processing payments, managing subscriptions, and communicating about your account.
  • Service improvement: Analyzing aggregate usage patterns to improve reliability and develop new features.
  • Running browser-based monitoring runs: Launching real browsers to navigate to login pages, enter your provided credentials, and verify login success on third-party services you have configured for monitoring.
  • Security: Detecting and preventing abuse, fraud, and unauthorized access.

3. Third-Party Service Providers

We share information with the following third-party providers only as necessary to operate the service:

  • Infrastructure and hosting providers: Your account data and monitoring results are stored on self-managed PostgreSQL databases hosted on servers located in Canada and France. Data is replicated between these locations for redundancy and disaster recovery.
  • CDN, security, and object storage provider: All web traffic to the Service passes through a CDN and security network for performance and DDoS protection. Failure screenshots from browser login monitors and encrypted database backups are stored with our object storage provider. Screenshots are automatically deleted based on your plan's retention period. Backups are retained for 14 days.
  • Payment processor: Billing and payment details are handled entirely by our payment processor. We do not store any credit card or payment information on our servers.
  • Email delivery service: Your email address is shared with our email delivery provider to send alert notifications and account communications.
  • Notification channels you configure: If you configure alert channels such as Slack, Discord, Microsoft Teams, webhooks, or PagerDuty, we send monitoring notifications to the endpoints you provide through their respective APIs. You control which channels are used and can remove them at any time in your account settings.

We do not sell your personal information to any third party.

4. Data Retention

We retain different categories of your data for different periods depending on your subscription plan.

Account Information

We retain your account information (name, email address, and account settings) for as long as your account remains active and for up to 30 days after account deletion, except where longer retention is required by applicable law (for example, billing records kept for tax or accounting purposes).

Monitoring Data

Each time we run a monitoring cycle on one of your monitors, we record the result. This data is retained based on your plan:

FreeStarterPro
Detailed monitor results24 hours7 days30 days
Failure logs30 days90 days1 year
Historical summaries1 month1 year2 years
Failure screenshotsLast 1Last 5Last 30
  • Detailed monitor results contain the full technical record of each individual monitoring run (response time, status code, assertion outcomes).
  • Failure logs contain error details and diagnostic information recorded when a monitor detects a problem, including any failure screenshots.
  • Historical summaries are aggregated performance statistics (such as hourly uptime percentages and average response times) that allow you to review trends after detailed results have been removed.

Data After Expiry

When a retention period expires, the corresponding data is permanently deleted through automated processes. Deletion typically occurs within 24 hours for detailed monitor results and failure logs.

Account Deletion

When you delete your account, we remove all of your personal information and monitoring data within 30 days, except where retention is required by law. After deletion, we may retain anonymized, aggregated data that cannot be used to identify you.

Backups

We maintain encrypted daily database backups for disaster recovery purposes. Backups are stored in encrypted cloud storage and automatically deleted after 14 days. When you delete your account, your data may persist in backup copies for up to 14 days after deletion from the live database. Backups are only accessed in the event of a system failure requiring data restoration.

Plan Downgrades

If you downgrade to a lower-tier plan, data that exceeds the retention limits of your new plan will be removed automatically within 24 hours. We recommend reviewing your monitoring history before downgrading.

5. Data Location and International Transfers

Your account data, monitoring configurations, and historical monitoring results are stored in self-managed PostgreSQL databases on servers located in Canada and France. Data is replicated between these two locations for redundancy and disaster recovery.

Monitoring checks are executed by Velprove workers operating in multiple regions: Canada, France, United Kingdom, Singapore, and Australia. When a check runs, personal information associated with that check (for example, the URL being monitored and any credentials required for browser login monitors) is transmitted to the worker in the relevant region for the duration of the check. These workers do not persistently store personal information after a check completes.

Failure screenshots and database backups are stored with our object storage provider, which may use data centers in multiple regions.

If you are located outside any of these jurisdictions, your data will be transferred to and processed in one or more of them. We implement appropriate contractual and technical safeguards for all cross-border data transfers in accordance with applicable data protection laws, including Quebec Law 25, the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and the European Union General Data Protection Regulation (GDPR). For Quebec residents, see Section 10 for the specific Law 25 disclosures and our Privacy Impact Assessment commitment.

For transfers from the EEA to Canada, we rely on the European Commission's adequacy decision for Canadian commercial recipients (Decision 2002/2/EC). For transfers to non-adequate jurisdictions (Singapore, Australia), we rely on the European Commission's Standard Contractual Clauses (Implementing Decision 2021/914/EU). For transfers from the United Kingdom to Canada, we rely on the UK adequacy regulations for Canada and, where required, the UK Addendum to the EU Standard Contractual Clauses.

6. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit (TLS) and encryption at rest. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. For more details on our security practices, see our Security page.

7. Data Breach Notification

In the event of a breach of security safeguards that affects your personal information and presents a real risk of significant harm, we will:

  • Notify affected users as soon as reasonably possible after we become aware of the breach, by email and, where appropriate, by in-product notification.
  • Notify the applicable regulator, including the Commission d'accès à l'information du Québec for Quebec residents, the Office of the Privacy Commissioner of Canada under PIPEDA, and the relevant EU supervisory authority within 72 hours where the GDPR applies.
  • Maintain a record of breaches for at least 24 months as required by PIPEDA's Breach of Security Safeguards Regulations.

We assess "real risk of significant harm" based on the sensitivity of the personal information involved, the probability that it has been or will be misused, and any other relevant factors. Notifications will include a description of the breach, the personal information involved, the steps we are taking to mitigate harm, and recommended steps you can take to protect yourself.

8. Your Rights

You have the following rights regarding your personal data:

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can update your account information at any time through your account settings.
  • Deletion: You can request deletion of your account and all associated data by contacting us or using the account deletion option in your settings.
  • Data Retention: Monitoring data is retained according to your plan's limits. Once the retention period expires, data is automatically removed and cannot be recovered. Contact us at privacy@velprove.com if you need a copy of your data before deletion.
  • Objection: You can object to certain processing of your data where we rely on legitimate interests.

To exercise any of these rights, contact us at privacy@velprove.com.

Canadian Privacy Rights

Technologies Velprove Inc. is incorporated and operated from Quebec, Canada. Your personal information is protected under Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act respecting the protection of personal information in the private sector. The person responsible for the protection of personal information, holding the office of President of Technologies Velprove Inc., can be reached at privacy@velprove.com. You have the right to file a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.

Rights of EU/EEA Residents

If you are in the European Economic Area, we process your data under the following legal bases: contract performance (to provide the monitoring service), legitimate interests (to improve security and prevent abuse), and consent (where explicitly given). You additionally have the right to restrict processing and to lodge a complaint with your local data protection supervisory authority. To request data portability, we will provide your data in a structured, commonly used, machine-readable format.

9. Cookies

We use essential cookies to maintain your authenticated session and remember your preferences. We also load Google Analytics for product analytics, but only after you have explicitly accepted our cookie banner. We do not use advertising or cross-site tracking cookies. You can change your cookie preferences at any time via the cookie settings link in the footer.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the service after changes constitutes acceptance of the updated policy.

11. Notice to Quebec Residents (Law 25)

Technologies Velprove Inc. is established in Quebec. If you are a Quebec resident, Quebec's Act respecting the protection of personal information in the private sector (Law 25) grants you specific rights and requires us to disclose the following.

11.1 Categories of Third Parties Receiving Your Data

  • Infrastructure and hosting providers
  • Payment processors
  • Email delivery services
  • Error tracking and analytics services

Signup attribution data and sign-in activity logs described in Section 1 are processed in-house only and are not communicated to any third party.

11.2 Communication of Personal Information Outside Quebec

Personal information we collect may be communicated outside Quebec, including to service providers and infrastructure in Canada, France, United Kingdom, Singapore, and Australia. Before such transfers, we assess the level of personal information protection in the destination jurisdiction in accordance with Law 25 article 17, and implement appropriate contractual safeguards where required.

11.3 Right to De-Indexing

You have the right to request the cessation of dissemination of personal information, or de-indexing of any hyperlink giving access to that information, where such dissemination contravenes the law or a court order, or causes you serious injury to reputation or privacy that outweighs the public interest. To exercise this right, contact privacy@velprove.com.

11.4 Right to Data Portability

Under section 27 of Law 25, you may request a copy of your personal information in a structured, commonly used technological format. To exercise this right, contact privacy@velprove.com.

11.5 Automated Decision-Making

We do not use your personal information to make decisions about you based exclusively on automated processing. If this changes in the future, we will update this Privacy Policy and notify affected users before implementing any such automated decision-making system.

11.6 Person Responsible and Complaints

In accordance with section 3.1 of Law 25, Technologies Velprove Inc. has designated a person responsible for the protection of personal information. The person responsible holds the office of President of Technologies Velprove Inc. and may be contacted as follows:

  • Email: privacy@velprove.com
  • Postal address: Person Responsible for the Protection of Personal Information, Technologies Velprove Inc., 204 rue du Saint-Sacrement, espace 300, Montréal (Québec) H2Y 1W8, Canada

You may also file a complaint with the Commission d'accès à l'information du Québec.

12. GDPR and UK GDPR Rights and Disclosures (EU/EEA and UK Residents)

If you are located in the European Union, European Economic Area, or the United Kingdom, the General Data Protection Regulation (GDPR) and, for UK residents, the UK GDPR grant you specific rights in relation to your personal data. Both regimes are substantively equivalent for the rights described below.

12.1 Legal Basis for Processing

  • Contract (GDPR Art. 6(1)(b)): Processing necessary to provide the Service you signed up for, including account data, monitoring configurations, check execution, and alerts.
  • Legitimate interest (GDPR Art. 6(1)(f)): Operational security (IP logs, sign-in event logs, rate limiting, abuse prevention), product improvement in aggregated or anonymized form, and first-party measurement of which marketing channels bring users to the Service (signup source attribution).
  • Consent (GDPR Art. 6(1)(a)): Marketing emails, if you opt in. You may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

12.2 Your GDPR Rights

You have the right to access, rectify, erase, restrict processing, data portability, and to object to processing. To exercise any of these rights, contact privacy@velprove.com.

12.3 Right to Lodge a Complaint

You have the right to lodge a complaint with your national data protection supervisory authority. EU/EEA residents can find a list of authorities at edpb.europa.eu. UK residents may file a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

12.4 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

12.5 EU Representative

Technologies Velprove Inc. is established in Canada and does not maintain an establishment in the European Union. Our processing of personal data from EU residents is occasional, limited to personal information necessary to deliver uptime monitoring services, and does not involve special categories of data as defined in GDPR Article 9 or data relating to criminal convictions. On that basis, we claim the exemption from the obligation to designate an EU representative under GDPR Article 27(2). If the scale or nature of our EU processing changes, we will designate a representative and update this Privacy Policy accordingly.

12.6 Data Retention by Category

  • Account data (email, encrypted password, plan): retained until account deletion, then deleted within 30 days.
  • Monitoring configurations: retained while active, deleted within 30 days of account closure.
  • Detailed monitor results: retained per your plan's retention schedule (see Section 5 or our Terms of Service).
  • Failure logs and screenshots: retained per your plan's retention schedule.
  • IP logs and security event data: retained for up to 90 days for security and abuse prevention purposes.
  • Sign-in event logs: (success, failure, sign-out, IP, user-agent): retained for up to 90 days for security and abuse prevention purposes.
  • Signup source attribution: (origin website, campaign identifiers, landing page): retained for the lifetime of the account, then deleted within 30 days of account closure.
  • Payment records: retained for 7 years per Canadian tax and accounting law requirements, via our payment processor.

13. Rights and Disclosures for California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants you specific rights in relation to your personal information.

13.1 Categories of Personal Information Collected

  • Identifiers (email address, account ID)
  • Commercial information (plan, billing history, managed through our payment processor)
  • Internet activity (monitor configurations, check results, usage logs)
  • Geolocation data (approximate, derived from IP address for security purposes only)

13.2 Categories of Sources

Directly from you during account creation, directly from your use of the Service, and from service providers that support the Service (for example, payment processor and email delivery).

13.3 Categories of Third Parties

Infrastructure providers, payment processors, email delivery services, and error tracking services, each only to the extent necessary to operate the Service.

13.4 Do Not Sell or Share My Personal Information

We do not sell your personal information and we do not share it for cross-context behavioral advertising. No opt-out is required because we do not engage in these activities.

13.5 Your CCPA/CPRA Rights

  • Right to know what personal information we collect, use, and disclose (including a 12-month lookback)
  • Right to delete personal information
  • Right to correct inaccurate personal information
  • Right to limit use of sensitive personal information
  • Right to opt out of automated decision-making technology (we do not use such technology)
  • Right to non-discrimination for exercising these rights

To exercise any of these rights, contact privacy@velprove.com. We will verify your identity before processing your request. You may also designate an authorized agent to make requests on your behalf.

13.6 Right to Non-Discrimination

We will not deny you the Service, charge you a different price, or provide you with a different level of service because you exercised any of your CCPA rights.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at support@velprove.com.