Privacy Policy

Last updated: March 2026

This is an English translation provided for convenience only. The legally binding version is the German original.

1. Data Controller

Dirk Einecke
Breite Strasse 24
76135 Karlsruhe
Germany
Email: info@latency.watch

2. Overview

Latency Watch is a service for monitoring website response times and availability. This Privacy Policy explains what personal data we collect, how we use it, and what rights you have.

3. Legal Basis

We process personal data in accordance with the General Data Protection Regulation (GDPR), in particular:

Art. 6(1)(b) GDPR – Performance of a contract and pre-contractual measures
Art. 6(1)(c) GDPR – Compliance with a legal obligation
Art. 6(1)(f) GDPR – Legitimate interests

In addition to the GDPR, national data protection regulations apply in Germany, in particular the Federal Data Protection Act (BDSG). The BDSG contains specific provisions on the right of access, the right to erasure, the right to object, and automated decision-making.

4. Data Collected and Purposes

4.1 Registration and Account

When creating an account, we collect only your email address. It is used to:

Identify your account (login via email link)
Send you notifications about your monitors
Send you transactional emails (e.g. welcome email, login links)

When you register or log in, we additionally store your IP address and the timestamp of the action to protect against abuse and unauthorized access. This data is not shared with third parties.

User profiles are not publicly visible.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract), Art. 6(1)(f) GDPR (legitimate interest in abuse prevention)

4.2 Monitor Data

When using the service, we store the URLs you configure and the results of automated checks (HTTP status, response time, SSL information). This data is used exclusively to provide the agreed service.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

4.3 Payment Data

Paid subscriptions are processed through Paddle.com Market Limited ("Paddle"), 15 Briery Close, Broughton, Skipton, BD23 3FX, United Kingdom. Paddle acts as Merchant of Record and is an independent data controller for your payment data (credit card details, billing address, etc.). We receive from Paddle only a customer ID and a subscription ID to assign your plan.

Paddle's Privacy Policy is available at: https://www.paddle.com/legal/privacy

As Paddle is based in the United Kingdom, this may constitute a transfer to a third country. The United Kingdom currently holds an adequacy decision from the European Commission pursuant to Art. 45 GDPR.

Legal basis: Art. 6(1)(b) GDPR (performance of a contract)

4.4 Server Logs

Our hosting provider Hostinger automatically generates server-side access logs. These contain the following data:

Timestamp of the request
IP address of the visitor
Requested URL and HTTP method (e.g. GET, POST)
HTTP status code (e.g. 200, 404, 500)
User agent (browser, operating system, device)
Country (determined via IP geolocation; may differ when using a VPN)

This data is used exclusively for technical security and error diagnosis and is not merged with other data. Processing is carried out on the basis of a Data Processing Addendum, which forms part of Hostinger's terms of service (https://www.hostinger.com/legal/dpa).

Legal basis: Art. 6(1)(f) GDPR (legitimate interest) · Retention period: 7 days

4.5 Rate Limiting

To protect against abuse (e.g. automated login attempts), we temporarily store an anonymized hash derived from the IP address and request context. This data is automatically deleted after a maximum of 60 minutes.

Legal basis: Art. 6(1)(f) GDPR (legitimate interest)

5. Retention Periods

Email address: until account deletion
Monitor data and check results: until deletion of the monitor or account; check results are automatically deleted after 30 days
Login tokens: maximum 15 minutes
Payment-related IDs (Paddle customer ID, subscription ID): until account deletion, provided no active subscription exists

As invoicing is handled by Paddle as Merchant of Record, tax-relevant documents are held by Paddle and not by us.

6. Disclosure to Third Parties

We do not share your data with third parties, except for:

Paddle.com Market Limited, 15 Briery Close, Broughton, Skipton, BD23 3FX, United Kingdom (payment processing, see section 4.3) — independent data controller
HOSTINGER operations, UAB, Švitrigailos str. 34, Vilnius 03230, Lithuania (hosting and server infrastructure, server location: Germany) — data processor pursuant to Art. 28 GDPR

No data is shared with any other third parties, in particular for advertising purposes.

Our service may contain links to external websites. We are not responsible for the privacy practices of those sites and recommend reading their respective privacy policies.

7. Cookies and Session Data

We use only technically necessary session cookies to maintain your logged-in session. No tracking, analytics, or advertising cookies are used. Consent is not required for technically necessary cookies.

8. Your Rights

You have the following rights regarding your personal data:

Right of access (Art. 15 GDPR)
Right to rectification (Art. 16 GDPR)
Right to erasure ("right to be forgotten", Art. 17 GDPR)
Right to restriction of processing (Art. 18 GDPR)
Right to data portability (Art. 20 GDPR)
Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your data based on our legitimate interest (Art. 6(1)(f) GDPR). This applies to the processing of server logs and rate-limiting data.

To exercise your rights, please contact: info@latency.watch

You can delete your account and all associated data at any time via the account settings at app.latency.watch/account/.

You also have the right to lodge a complaint with a data protection supervisory authority. The competent authority for us is:

Der Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg
Postfach 10 29 32, 70025 Stuttgart, Germany
https://www.baden-wuerttemberg.datenschutz.de

9. Automated Decision-Making

No automated decision-making including profiling within the meaning of Art. 22 GDPR takes place.

10. Data Security

All data transmitted between your browser and our service is encrypted via HTTPS. No passwords are stored — login is handled exclusively via one-time, time-limited links sent by email. Login tokens are stored as SHA-256 hashes.

We implement appropriate technical and organizational measures to protect your personal data against loss, misuse, and unauthorized access. However, no method of transmission over the internet and no electronic storage is completely secure. Absolute security cannot be guaranteed.

11. Business Transfers

Should latency.watch be sold, transferred, or otherwise conveyed to a third party in whole or in part — including as part of a merger or acquisition — personal data may be among the transferred assets. In such a case, you will be informed by email and/or by a prominent notice on the website before your data passes to a new controller or becomes subject to a different privacy policy.

12. Changes to This Privacy Policy

We reserve the right to update this Privacy Policy as needed. The current version is always available at https://latency.watch/privacy/. Registered users will be notified by email of any material changes.