AtomPing
LoginStart Free

GDPR Compliance

Detailed information about your data protection rights under the General Data Protection Regulation (GDPR) and how AtomPing ensures compliance.

Last Updated: January 15, 2025

1. GDPR Compliance Overview

The General Data Protection Regulation (GDPR) is a European Union regulation that governs how personal data of EU/EEA residents must be collected, processed, stored, and protected.

Atomix Apps, LLC ("AtomPing") is committed to full GDPR compliance. This page explains how we process your data, your rights as an EU data subject, and the legal basis for our processing activities.

Scope: This policy applies to all users located in the European Union (EU) or European Economic Area (EEA), regardless of where AtomPing infrastructure is hosted.

3. GDPR Data Protection Principles

We adhere to the six GDPR data protection principles (Article 5):

1. Lawfulness, Fairness, Transparency

  • We process data only on valid legal grounds (contract, consent, legitimate interest)
  • We clearly explain what data we collect and why (Privacy Policy)
  • No hidden data collection or deceptive practices

2. Purpose Limitation

  • Data collected for specific, explicit purposes (service delivery, billing, security)
  • No repurposing data for incompatible uses without consent

3. Data Minimization

  • We collect only data necessary to provide the service
  • Example: No phone numbers or physical addresses required for basic service

4. Accuracy

  • You can update account information anytime via dashboard
  • Right to rectification ensures inaccurate data is corrected

5. Storage Limitation

  • Data retained only as long as necessary for service provision
  • Retention periods: Free 30 days, Pro 90 days, Business 1 year (configurable)
  • Deleted account data purged within 30 days (except legal/financial records)

6. Integrity & Confidentiality

  • Encryption in transit (TLS 1.3) and at rest (AES-256)
  • Access controls, audit logging, regular security testing
  • See Security Page for details

4. Your GDPR Rights

As an EU/EEA resident, you have the following rights under GDPR:

Right to Access (Art. 15)

  • Request a copy of all personal data we hold about you
  • Receive details on processing purposes, categories, recipients, retention periods
  • How to exercise: Email support@atomping.com with subject "GDPR Access Request"
  • Response time: Within 30 days (free of charge for first request)

Right to Rectification (Art. 16)

  • Correct inaccurate or incomplete personal data
  • How to exercise: Update via dashboard settings, or email support

Right to Erasure / "Right to be Forgotten" (Art. 17)

  • Request deletion of your account and all associated personal data
  • Exceptions: Legal/financial records retained for 7 years (tax compliance)
  • How to exercise: Account Settings → Delete Account, or email support
  • Timeline: Account deleted within 30 days, backups purged within 30 days

Right to Restriction of Processing (Art. 18)

  • Limit how we process your data while disputing accuracy or lawfulness
  • Data stored but not actively processed (e.g., monitoring paused but account retained)

Right to Data Portability (Art. 20)

  • Export your data in machine-readable format (JSON, CSV)
  • Included data: Targets, incidents, check results, alert configurations
  • How to exercise: Dashboard → Export Data, or email support for bulk export

Right to Object (Art. 21)

  • Object to processing based on legitimate interests or direct marketing
  • Marketing: Unsubscribe link in emails or account settings
  • Analytics: Opt-out of non-essential tracking via cookie preferences

Right to Withdraw Consent (Art. 7(3))

  • Revoke consent for marketing emails, non-essential cookies, optional features
  • Does not affect lawfulness of prior processing based on consent

Right to Lodge a Complaint (Art. 77)

5. How to Exercise Your Rights

Email Requests

  • Send email to: support@atomping.com
  • Subject line: "GDPR Request - [Type]" (e.g., "GDPR Request - Access")
  • Include: Your account email, description of request, preferred response format

Identity Verification

  • For security, we must verify your identity before processing requests (to prevent unauthorized access)
  • Verification method: Confirm via email link sent to registered account email
  • If email inaccessible: Provide government-issued ID (redacted except name/photo)

Response Timeline

  • Standard response: Within 30 days
  • Complex requests: Up to 60 days (you will be notified of extension)
  • Urgent requests (e.g., data breach): Within 72 hours

Fees

  • First request: Free
  • Excessive/repetitive requests: May charge reasonable administrative fee (you will be notified)

6. International Data Transfers

AtomPing is operated from the United States. When you use our service, your data may be transferred outside the EU/EEA to our infrastructure.

GDPR-Compliant Transfer Mechanisms

  • Standard Contractual Clauses (SCCs): We use EU-approved SCCs for data transfers to the US (Article 46(2)(c))
  • Adequate Safeguards: Encryption in transit/rest, access controls, data minimization
  • Third-Party Processors: All sub-processors (Stripe, cloud providers) comply with GDPR transfer requirements

Multi-Region Monitoring Infrastructure

  • Monitoring agents deployed in 25+ regions (including EU: Germany, Netherlands, France)
  • Check results transmitted back to control plane via encrypted API calls
  • You can restrict monitoring to EU-only regions if required for data localization

Data Protection Impact Assessments (DPIA)

  • We conduct DPIAs for high-risk processing activities
  • Available upon request for enterprise customers

7. Sub-Processors & Third Parties

We engage the following sub-processors to provide AtomPing services. All sub-processors are bound by Data Processing Agreements (DPAs) and comply with GDPR.

Payment Processing

  • Stripe, Inc. - Payment processing, subscription management
  • Location: United States (GDPR-compliant via SCCs)
  • Data: Billing email, payment card details (tokenized), transaction history
  • Privacy Policy: https://stripe.com/privacy

Cloud Infrastructure

  • Cloud Providers: AWS, Google Cloud, or Azure (region-dependent)
  • Location: US and EU regions
  • Data: Database storage, application servers, monitoring agents
  • GDPR Compliance: All providers certified under EU-US Data Privacy Framework

Email Delivery

  • Transactional email service for alerts and notifications
  • Data: Email addresses, notification content

Sub-Processor Changes

  • We will notify you 30 days before adding new sub-processors
  • Enterprise customers: Right to object to new sub-processors in DPA

8. Data Breach Notification

In the event of a personal data breach, we comply with GDPR Article 33 and 34 notification requirements:

Notification to Supervisory Authority (Art. 33)

  • Timeline: Within 72 hours of becoming aware of the breach
  • Information provided: Nature of breach, affected data categories, likely consequences, mitigation measures

Notification to Affected Users (Art. 34)

  • Threshold: If breach likely results in high risk to rights and freedoms
  • Method: Email to registered account address
  • Information: Nature of breach, recommended actions, contact point for questions

Security Incident Response

  • Dedicated incident response team
  • Breach containment, forensic analysis, remediation
  • Post-incident review and control improvements

Report Security Issues

9. Automated Decision-Making

GDPR Article 22: You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.

AtomPing Automated Systems:

  • Incident Detection: Automated checks determine if targets are up/down (triggers alerts)
  • Rate Limiting: Automated throttling based on plan limits
  • Fraud Detection: Automated flagging of suspicious activity

Human Oversight:

  • No legal decisions (account termination, payment disputes) made without human review
  • You can contest automated decisions via support@atomping.com

10. Data Processing Agreements (DPA)

For Business and Enterprise customers, we offer Data Processing Agreements to formalize GDPR compliance responsibilities.

DPA Includes:

  • Scope of processing (purposes, data categories, data subjects)
  • Controller-Processor relationship clarification
  • Sub-processor list and notification obligations
  • Security measures and audit rights
  • Data subject rights assistance procedures
  • Data breach notification process
  • International data transfer mechanisms (SCCs)
  • Data deletion upon contract termination

Request a DPA:

11. Contact & Supervisory Authority

Data Controller:

  • Company: Atomix Apps, LLC
  • Jurisdiction: Delaware, United States
  • Email: support@atomping.com
  • GDPR Requests: Subject line "GDPR Request"

EU Representative (if required):

  • If our processing activities require an EU representative under Article 27, contact details will be posted here

Supervisory Authority:

  • If you are dissatisfied with our handling of your data or GDPR request, you have the right to lodge a complaint with your local data protection authority.
  • Find your authority: European Data Protection Board - Members

Related Policies:

Questions?

If you have any questions about this document, please contact us.

support@atomping.com

We use cookies

We use Google Analytics to understand how visitors interact with our website. Your IP address is anonymized for privacy. By clicking "Accept", you consent to our use of cookies for analytics purposes.

Privacy PolicyCookie Policy