Privacy Policy

Last updated: 6 June 2026 · Effective for the AreTheyUp web app, iOS app, and Android app.

This Privacy Policy explains how OSD Consulting (“we”, “us”, “our”) collects, uses, stores and protects information when you use AreTheyUp — including the website at aretheyup.dev, the console at console.aretheyup.dev, the iOS application distributed through the Apple App Store, and the Android application distributed through Google Play (collectively, the “Service”).

The short version. AreTheyUp is an uptime monitoring tool. We collect the minimum needed to run your account, monitor the URLs you add, and send you alerts. We do not sell your data. We do not run third-party advertising trackers in our apps. We do not store the response bodies returned by the endpoints you monitor.

1. Who we are

The Service is operated by OSD Consulting, based in Côte d’Ivoire. For any privacy-related question, request, or complaint, contact us via the contact form on aretheyup.dev or by email at privacy@aretheyup.dev.

2. Data we collect

We collect only what is necessary to provide the Service. We group it into four categories:

Category	What it includes	Why
Account data	Email address, hashed password, display name, account language, plan tier, and subscription status. Pro subscriptions are purchased through the Apple App Store or Google Play — we never see your card details.	Create and authenticate your account, send transactional email, apply your plan.
Monitoring data	The URLs, hostnames, IP/port pairs, headers and check intervals you configure; HTTP response status codes, response time (ms), TLS metadata, and incident timestamps.	Run the checks you asked us to run and show their history.
Notification data	Push notification tokens (Apple Push Notification service for iOS, Firebase Cloud Messaging for Android), optional Telegram chat ID, optional alert email address.	Deliver alerts to the channels you enable.
Technical data	App version, OS version, device model (no advertising ID, no IDFA), language, IP address at the time of request, basic crash reports.	Diagnose bugs, prevent abuse, secure the Service.

What we deliberately do not collect

The response bodies returned by the URLs you monitor — we record only status code, latency and incident metadata.
Your contacts, photos, microphone, camera, location, calendar, health, or HomeKit data.
The Apple IDFA or any cross-app advertising identifier.
Behavioural profiles for advertising or resale.

3. How we use your data

Provide the Service. Run the checks you configure, show dashboards, send the alerts you enable.
Account & billing. Authenticate you, manage plans, and validate App Store / Google Play subscription receipts server-side.
Communications. Send transactional emails (password reset, incident alerts, plan changes). We will not add you to a marketing list without explicit opt-in.
Security & reliability. Detect abuse, rate-limit, debug crashes.
Legal. Comply with applicable laws and respond to valid legal requests.

4. Legal basis (GDPR / similar regimes)

Performance of a contract — account, monitoring, alerts, billing.
Legitimate interests — security, fraud prevention, service improvement.
Consent — optional channels (push, Telegram, marketing if ever offered). Withdrawable at any time.
Legal obligation — tax, accounting, lawful requests.

5. How we share data

We do not sell your personal data. We share it only with the processors strictly required to run the Service:

Apple Push Notification service (APNs) — to deliver push alerts to iOS devices.
Firebase Cloud Messaging (Google) — to deliver push alerts to Android devices (see Firebase privacy).
Apple App Store & Google Play — payment processing for Pro subscriptions. We receive subscription status only, never your payment details.
Telegram — only if you connect a chat ID; the alert text is sent to Telegram’s API.
Email provider — to send transactional and alert emails.
Hosting & infrastructure — the cloud provider that hosts our servers and database.
Crash reporting — aggregated, non-identifying crash diagnostics for the mobile apps.

Each processor is bound by its own data processing terms. We do not authorise them to use your data for their own purposes.

6. International transfers

Some of our processors (Apple, Google, Telegram, email and hosting providers) operate in jurisdictions outside Côte d’Ivoire and the EU/EEA, including the United States. Where required, transfers rely on the providers’ Standard Contractual Clauses or equivalent safeguards.

7. Data retention

Account data — kept while your account is active. Deleted within 30 days of account deletion.
Monitoring history — retained according to your plan (Free: 30 days, Pro: 90 days, Enterprise: per agreement). Older points are aggregated or deleted automatically.
Push tokens — deleted when you sign out or uninstall the app, or when the platform reports the token as invalid.
Backups — encrypted backups are rotated within 30 days.
Billing records — retained as required by applicable tax law.

8. Your rights

Subject to your local law (GDPR, CCPA/CPRA, and similar), you can:

Access the personal data we hold about you.
Correct inaccurate data — most fields are editable directly from the app.
Delete your account and associated data from the account settings, or by writing to us.
Export your monitoring data in a portable format on request.
Object to or restrict certain processing.
Withdraw consent for any optional channel.
Lodge a complaint with your local supervisory authority.

To exercise any right, email privacy@aretheyup.dev. We respond within 30 days.

9. Account deletion

You can delete your AreTheyUp account at any time:

In the app: Settings → Account → Delete account.
On the web: console.aretheyup.dev → Settings → Delete account.
By email: send a deletion request from your account email to privacy@aretheyup.dev.

Deletion removes your monitors, history, push tokens and profile within 30 days. Anonymised, aggregated metrics may be retained for service-level statistics.

10. Security

Passwords are stored hashed with a modern algorithm (never in plain text).
All traffic between the apps and our servers is encrypted with TLS.
Database encryption at rest is provided by our hosting layer.
Sign-in tokens on mobile are stored in the iOS Keychain / Android Keystore; subscription receipts are validated server-side.
Access to production data is restricted to a small set of administrators on a need-to-know basis.

No system is 100% secure; if you discover a vulnerability, please contact security@aretheyup.dev.

11. Children

AreTheyUp is a developer tool and is not directed at children under 13 (or under 16 in jurisdictions where that is the applicable threshold). We do not knowingly collect data from children. If you believe a child has created an account, contact us and we will delete it.

12. Permissions used by the mobile apps

Notifications (iOS & Android) — required to deliver downtime alerts. You can disable it at any time in your OS settings.
Network access — required to talk to the AreTheyUp API.
Foreground Service / Background Refresh — used to keep alerts timely. No background location, no background mic.

The Android app declares only the permissions strictly required for the above. The iOS app uses UIBackgroundModes only for remote notifications.

13. Apple App Store — data linked to you

For App Store privacy labels, the following data is collected and linked to your identity: email address, user content limited to the URLs/hostnames you choose to monitor, and basic diagnostics. No data is used for tracking across apps and websites owned by other companies.

14. Google Play — Data Safety

For the Play Store Data Safety form: we collect Personal info (email), App activity (in-app actions and crash logs) and App info and performance. Data is encrypted in transit. You can request data deletion via the in-app option or by emailing us. We do not share data with third parties for advertising or analytics outside the processors listed in section 5.

15. Cookies & similar technologies

The website and console use a small number of strictly-necessary cookies (session, CSRF, language preference). The mobile apps use a local secure-storage token to keep you signed in. We do not use third-party advertising cookies.

16. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest version. Material changes will be announced in-app or by email at least 7 days before they take effect.

17. Contact

OSD Consulting — AreTheyUp
Privacy: privacy@aretheyup.dev
Security: security@aretheyup.dev
General: aretheyup.dev/#contact