GDPR Compliance

The General Data Protection Regulation (GDPR) is a European Union regulation that governs how personal data of EU/EEA residents must be collected, processed, stored, and protected.

Atomix Apps, LLC ("AtomPing") is committed to full GDPR compliance. This page explains how we process your data, your rights as an EU data subject, and the legal basis for our processing activities.

Scope: This policy applies to all users located in the European Union (EU) or European Economic Area (EEA), regardless of where AtomPing infrastructure is hosted.

Under GDPR Article 6, we process your personal data based on the following legal grounds:

1. Contract Performance (Art. 6(1)(b))

• Purpose: Provide uptime monitoring services you subscribed to
• Data: Account information, monitoring targets, check results, alerts
• Justification: Processing is necessary to fulfill our contractual obligations (Terms of Service)

2. Legitimate Interests (Art. 6(1)(f))

• Purpose: Service improvement, security, fraud prevention, analytics
• Data: Usage analytics, IP addresses, error logs, performance metrics
• Justification: We have a legitimate interest in maintaining service quality, security, and operational efficiency
• Balancing Test: Minimal data collection, anonymization where possible, security benefits outweigh privacy impact

3. Consent (Art. 6(1)(a))

• Purpose: Marketing communications, non-essential cookies, third-party integrations
• Data: Email address (for newsletters), preference cookies, optional analytics
• Withdrawal: You may withdraw consent anytime via account settings or email

4. Legal Obligation (Art. 6(1)(c))

• Purpose: Tax records, financial reporting, law enforcement compliance
• Data: Payment records, invoices, account creation date
• Justification: Required by US tax law and Delaware corporate law

We adhere to the six GDPR data protection principles (Article 5):

1. Lawfulness, Fairness, Transparency

• We process data only on valid legal grounds (contract, consent, legitimate interest)
• We clearly explain what data we collect and why (Privacy Policy)
• No hidden data collection or deceptive practices

2. Purpose Limitation

• Data collected for specific, explicit purposes (service delivery, billing, security)
• No repurposing data for incompatible uses without consent

3. Data Minimization

• We collect only data necessary to provide the service
• Example: No phone numbers or physical addresses required for basic service

4. Accuracy

• You can update account information anytime via dashboard
• Right to rectification ensures inaccurate data is corrected

5. Storage Limitation

• Data retained only as long as necessary for service provision
• Retention periods: Free 30 days, Pro 90 days, Business 1 year (configurable)
• Deleted account data purged within 30 days (except legal/financial records)

6. Integrity & Confidentiality

• Encryption in transit (TLS 1.3) and at rest (AES-256)
• Access controls, audit logging, regular security testing
• See Security Page for details

As an EU/EEA resident, you have the following rights under GDPR:

Right to Access (Art. 15)

• Request a copy of all personal data we hold about you
• Receive details on processing purposes, categories, recipients, retention periods
• How to exercise: Email support@atomping.com with subject "GDPR Access Request"
• Response time: Within 30 days (free of charge for first request)

Right to Rectification (Art. 16)

• Correct inaccurate or incomplete personal data
• How to exercise: Update via dashboard settings, or email support

Right to Erasure / "Right to be Forgotten" (Art. 17)

• Request deletion of your account and all associated personal data
• Exceptions: Legal/financial records retained for 7 years (tax compliance)
• How to exercise: Account Settings → Delete Account, or email support
• Timeline: Account deleted within 30 days, backups purged within 30 days

Right to Restriction of Processing (Art. 18)

• Limit how we process your data while disputing accuracy or lawfulness
• Data stored but not actively processed (e.g., monitoring paused but account retained)

Right to Data Portability (Art. 20)

• Export your data in machine-readable format (JSON, CSV)
• Included data: Targets, incidents, check results, alert configurations
• How to exercise: Dashboard → Export Data, or email support for bulk export

Right to Object (Art. 21)

• Object to processing based on legitimate interests or direct marketing
• Marketing: Unsubscribe link in emails or account settings
• Analytics: Opt-out of non-essential tracking via cookie preferences

Right to Withdraw Consent (Art. 7(3))

• Revoke consent for marketing emails, non-essential cookies, optional features
• Does not affect lawfulness of prior processing based on consent

Right to Lodge a Complaint (Art. 77)

• File a complaint with your local data protection authority if you believe we violated GDPR
• Find your authority: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Email Requests

• Send email to: support@atomping.com
• Subject line: "GDPR Request - [Type]" (e.g., "GDPR Request - Access")
• Include: Your account email, description of request, preferred response format

Identity Verification

• For security, we must verify your identity before processing requests (to prevent unauthorized access)
• Verification method: Confirm via email link sent to registered account email
• If email inaccessible: Provide government-issued ID (redacted except name/photo)

Response Timeline

• Standard response: Within 30 days
• Complex requests: Up to 60 days (you will be notified of extension)
• Urgent requests (e.g., data breach): Within 72 hours

Fees

• First request: Free
• Excessive/repetitive requests: May charge reasonable administrative fee (you will be notified)

AtomPing is operated from the United States. When you use our service, your data may be transferred outside the EU/EEA to our infrastructure.

GDPR-Compliant Transfer Mechanisms

• Standard Contractual Clauses (SCCs): We use EU-approved SCCs for data transfers to the US (Article 46(2)(c))
• Adequate Safeguards: Encryption in transit/rest, access controls, data minimization
• Third-Party Processors: All sub-processors (Stripe, cloud providers) comply with GDPR transfer requirements

Multi-Region Monitoring Infrastructure

• Monitoring agents deployed in 25+ regions (including EU: Germany, Netherlands, France)
• Check results transmitted back to control plane via encrypted API calls
• You can restrict monitoring to EU-only regions if required for data localization

Data Protection Impact Assessments (DPIA)

• We conduct DPIAs for high-risk processing activities
• Available upon request for enterprise customers

We engage the following sub-processors to provide AtomPing services. All sub-processors are bound by Data Processing Agreements (DPAs) and comply with GDPR.

Payment Processing

• Stripe, Inc. - Payment processing, subscription management
• Location: United States (GDPR-compliant via SCCs)
• Data: Billing email, payment card details (tokenized), transaction history
• Privacy Policy: https://stripe.com/privacy

Cloud Infrastructure

• Cloud Providers: AWS, Google Cloud, or Azure (region-dependent)
• Location: US and EU regions
• Data: Database storage, application servers, monitoring agents
• GDPR Compliance: All providers certified under EU-US Data Privacy Framework

Email Delivery

• Transactional email service for alerts and notifications
• Data: Email addresses, notification content

Sub-Processor Changes

• We will notify you 30 days before adding new sub-processors
• Enterprise customers: Right to object to new sub-processors in DPA

In the event of a personal data breach, we comply with GDPR Article 33 and 34 notification requirements:

Notification to Supervisory Authority (Art. 33)

• Timeline: Within 72 hours of becoming aware of the breach
• Information provided: Nature of breach, affected data categories, likely consequences, mitigation measures

Notification to Affected Users (Art. 34)

• Threshold: If breach likely results in high risk to rights and freedoms
• Method: Email to registered account address
• Information: Nature of breach, recommended actions, contact point for questions

Security Incident Response

• Dedicated incident response team
• Breach containment, forensic analysis, remediation
• Post-incident review and control improvements

Report Security Issues

• Email: support@atomping.com (Subject: "Security Report")

GDPR Article 22: You have the right not to be subject to decisions based solely on automated processing that produce legal effects or significantly affect you.

AtomPing Automated Systems:

• Incident Detection: Automated checks determine if targets are up/down (triggers alerts)
• Rate Limiting: Automated throttling based on plan limits
• Fraud Detection: Automated flagging of suspicious activity

Human Oversight:

• No legal decisions (account termination, payment disputes) made without human review
• You can contest automated decisions via support@atomping.com

For Business and Enterprise customers, we offer Data Processing Agreements to formalize GDPR compliance responsibilities.

DPA Includes:

• Scope of processing (purposes, data categories, data subjects)
• Controller-Processor relationship clarification
• Sub-processor list and notification obligations
• Security measures and audit rights
• Data subject rights assistance procedures
• Data breach notification process
• International data transfer mechanisms (SCCs)
• Data deletion upon contract termination

Request a DPA:

• Email: support@atomping.com (Subject: "DPA Request")
• Available for Business and Enterprise plans

Data Controller:

• Company: Atomix Apps, LLC
• Jurisdiction: Delaware, United States
• Email: support@atomping.com
• GDPR Requests: Subject line "GDPR Request"

EU Representative (if required):

• If our processing activities require an EU representative under Article 27, contact details will be posted here

Supervisory Authority:

• If you are dissatisfied with our handling of your data or GDPR request, you have the right to lodge a complaint with your local data protection authority.
• Find your authority: European Data Protection Board - Members

Related Policies:

• Privacy Policy - Comprehensive data practices
• Cookie Policy - Tracking technologies
• Security Page - Technical safeguards