Driftly

Privacy Policy

Last updated: 7 April 2025

1. Who we are

Driftly is a division of Tecnov8 Ltd, a technology company registered in England and Wales. Driftly ("we", "us", "our") operates the website at getdriftly.dev and provides an API monitoring service. This policy explains how we collect, use, and protect your personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data controller

Tecnov8 Ltd trading as Driftly is the data controller for the personal data processed through our service. For any data protection enquiries, contact us at privacy@getdriftly.dev.

3. Lawful basis for processing

We process your personal data under the following lawful bases:

  • Contract: processing necessary to provide the Driftly service you signed up for (account management, monitoring, alerts, billing).
  • Legitimate interests: improving the service, preventing abuse, and ensuring security.
  • Consent: non-essential cookies and analytics, which you can accept or decline via our cookie banner.

4. Information we collect

We collect the following data:

  • Account information: email address, name, and hashed password when you sign up, or profile data from GitHub if you use OAuth sign-in.
  • Billing information: payment details are processed securely by Stripe. We do not store your card number — we only retain your Stripe customer ID and subscription status.
  • Monitor configuration: the API endpoint URLs, headers, and check intervals you configure.
  • Check results: HTTP status codes, response times, response body hashes, schema validation results, and diff snapshots generated by our monitoring service.
  • Usage data: cookies and basic analytics to understand how you interact with the application.

5. How we use your data

  • To provide and operate the Driftly monitoring service.
  • To send alerts via email, Slack, or webhooks when your monitors detect changes.
  • To process payments and manage your subscription.
  • To improve the service and fix bugs.
  • To communicate with you about your account or service updates.

6. Data sharing and international transfers

We do not sell your personal data. We share data only with third-party services necessary to operate Driftly:

  • Stripe (US) — payment processing.
  • Resend (US) — transactional email delivery.
  • GitHub (US) — OAuth authentication (if you choose to sign in with GitHub).
  • Amazon Web Services (EU/US) — infrastructure hosting.

Where data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.

7. Cookies

We use essential cookies to maintain your session and authentication state. We may use analytics cookies to understand usage patterns. You can manage your cookie preferences through the consent banner shown on your first visit. Essential cookies cannot be disabled as they are required for the service to function.

8. Data retention

We retain your account data for as long as your account is active. Check results and monitoring data are retained for up to 90 days. If you delete your account, we will remove your personal data within 30 days, except where we are required to retain it by law (e.g. billing records for tax purposes).

9. Your rights under GDPR

Under the UK GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure:request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to withdraw consent: withdraw consent for non-essential cookies at any time.

To exercise any of these rights, email us at privacy@getdriftly.dev. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

10. Security

We use industry-standard measures to protect your data, including encrypted connections (HTTPS), hashed passwords, and secure infrastructure on AWS. However, no method of transmission over the internet is 100% secure.

11. Changes to this policy

We may update this privacy policy from time to time. We will notify you of significant changes by email or through a notice on the website.

12. Contact

If you have questions about this privacy policy or how we handle your data, please contact us at privacy@getdriftly.dev.