← Back to Home

Privacy Policy

Last Updated: October 21, 2025

1. Introduction

This Privacy Policy explains how Outage Review ("we", "us", or "our") collects, uses, and protects your personal information when you use our root cause analysis platform ("the Service"). We are committed to protecting your privacy and handling your data transparently.

2. Information We Collect

2.1 Information You Provide

When you use our Service, you provide:

  • Account Information: Name, email address, password, and organization name
  • Incident Data: Incident reports, root cause analyses, action items, comments, and attachments you create
  • Profile Information: Display name, notification preferences, and role within your organization
  • Billing Information: Payment method details processed securely through Stripe (we do not store full credit card numbers)

2.2 Automatically Collected Information

We automatically collect:

  • Usage Data: Features used, pages visited, time spent, and interaction patterns
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Data: Access times, error logs, and system activity

3. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Send you service-related notifications and updates
  • Respond to your support requests and communications
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address security issues or fraudulent activity
  • Comply with legal obligations and enforce our Terms of Service
  • Send marketing communications (with your consent, where required)

4. Data Sharing and Disclosure

4.1 Within Your Organization

Your incident data is shared with other members of your organization based on their role and permissions within the Service.

4.2 Service Providers

We share data with trusted third-party service providers who help us operate the Service:

  • Stripe: Payment processing
  • Resend: Email delivery
  • Cloud hosting providers: Infrastructure and data storage

These providers are contractually obligated to protect your data and use it only for providing services to us.

4.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety, or that of our users or the public.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in transit using TLS/SSL
  • Encryption at rest for sensitive data
  • Secure password hashing (bcrypt)
  • Regular security audits and updates
  • Access controls and authentication
  • Automated backups

However, no method of transmission over the Internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. After account deletion, we may retain certain data for legal, backup, or archival purposes for a limited period. You can request complete data deletion by contacting us.

7. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data
  • Correction: Update or correct inaccurate information
  • Deletion: Request deletion of your account and data
  • Export: Download your data in a portable format
  • Opt-out: Unsubscribe from marketing emails
  • Restrict Processing: Limit how we use your data

To exercise these rights, please contact us at the email address below.

8. Cookies and Tracking

We use cookies and similar technologies to:

  • Keep you signed in
  • Remember your preferences
  • Understand how you use the Service
  • Improve performance and security

You can control cookies through your browser settings, but disabling them may affect functionality.

9. International Data Transfers

Your data may be stored and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If we learn we have collected such data, we will delete it immediately.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use after changes constitutes acceptance of the updated policy.

12. Data Processing Addendum (DPA)

For customers subject to GDPR or other data protection regulations, we can provide a Data Processing Addendum upon request. Enterprise customers can contact us for custom DPA terms.

13. Contact Us

If you have questions about this Privacy Policy or want to exercise your rights, please contact us:

Email: [email protected]

Support: [email protected]

This Privacy Policy is effective as of the date stated above and applies to all users of Outage Review.