Privacy Policy

Outaged is designed with privacy in mind. We do not require user accounts, we do not collect personal information, and we do not track you across the web. This policy explains exactly what data we handle and why.

Problem reports. When you submit a problem report, we store the service you reported, the type of problem, an optional comment, and geographic information (country, region, city) derived from Cloudflare request headers. This geographic data is approximate and is used to show where outages are being reported from.

IP hash. Your IP address is run through a one way SHA-256 hash with a server side salt before anything is stored. This hash is used solely for rate limiting (one report per service per five minutes). We never store, log, or have access to your raw IP address.

Probe data. Our automated probes collect response status codes and response times from the services we monitor. This data is about the monitored services, not about you.

We do not collect names, email addresses, phone numbers, payment information, or any other personally identifiable information. We do not use analytics tracking scripts, advertising pixels, or fingerprinting techniques. We do not build user profiles. There are no accounts to create and no personal data to hand over.

Outaged uses a single cookie for administrator authentication only. If you are not an administrator, no cookies are set by our application. The admin cookie is httpOnly, secure, and used solely to maintain an authenticated session for site management. We do not use cookies for tracking, advertising, or analytics.

We use the following third party services to operate Outaged:

Cloudflare provides DNS, CDN, and DDoS protection. Cloudflare may process your IP address and request headers as part of its standard operation. Cloudflare also provides the geographic data (country, region, city) attached to reports. See Cloudflare's Privacy Policy.

Vercel hosts our web application. Vercel may collect standard server logs including IP addresses as part of its infrastructure. See Vercel's Privacy Policy.

Supabase provides our database infrastructure, hosted in the EU region. Report data (with hashed IPs, never raw) is stored in Supabase. See Supabase's Privacy Policy.

Upstash provides Redis for rate limiting. The hashed IP is temporarily stored in Redis to enforce rate limits. No raw IPs are sent. See Upstash's Privacy Policy.

All data collected by Outaged is stored and processed on European servers. Our database is hosted on Supabase in the EU region. Our probing infrastructure runs on Hetzner servers in Frankfurt, Germany. All user data, including reports, probe results, and service records, is stored exclusively in the EU. Traffic is routed via Cloudflare for performance and DDoS protection. Cloudflare is a US based company, so web traffic may pass through non European infrastructure during transit. However, all persistent data is stored and processed solely on European servers.

Problem reports are retained indefinitely as part of our aggregate monitoring data. IP hashes used for rate limiting expire automatically after five minutes in our Redis cache. Probe results are retained for historical analysis. No personal data is retained because no personal data is collected.

Since we do not collect personal data or maintain user accounts, there is no personal data to access, correct, or delete. If you believe we hold any information related to you and would like to inquire, contact us at [email protected].

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated date. Continued use of the Service after changes are posted constitutes acceptance of the revised policy.

For privacy related questions, contact us at [email protected].