Privacy Policy

Last updated: 25 February 2026

In short: We collect only what is necessary to provide the monitoring service. We do not sell your data. We do not send marketing emails without your consent.

1. Who We Are

MWS Monitor is operated by MattWServices, a sole trader based in the United Kingdom. For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), we are the data controller.

Contact: [email protected]

2. What Data We Collect

Account Information

When you register, we collect your name, email address, company name, phone number, and postal address. This information is required to create and manage your account.

Server and Infrastructure Data

When you connect servers or monitors, we collect and store:

  • Server metrics (CPU, memory, disk, network, load averages, processes, services).
  • URL monitoring results (response times, status codes, SSL certificate details).
  • DNS records and resolution results.
  • Proxmox cluster events, node status, and backup information.
  • Docker container and systemd service states.
  • Security advisory and package vulnerability data.

This data relates to your infrastructure, not to individuals, and is collected solely to provide the monitoring service.

Server and probe IP addresses may be sent to third-party geolocation services (see Section 5) to determine approximate location, timezone, and ISP information for display in the dashboard.

Authentication and Security Data

We record login timestamps, IP addresses, and user agent strings to protect your account and detect unauthorised access. Two-factor authentication (TOTP) secrets are stored in encrypted form.

Technical Data

We automatically collect standard web server logs, including IP addresses, browser type, and pages visited. This data is used for security monitoring and troubleshooting.

3. How We Use Your Data

We use your data for the following purposes:

  • Service delivery — to operate the monitoring platform, display dashboards, generate reports, and send alerts.
  • Account management — to authenticate you, manage your subscription, and communicate about your account.
  • Notifications — to send incident alerts, digest emails, and service announcements via your configured alert channels.
  • Security — to detect and prevent abuse, unauthorised access, and fraudulent activity.
  • Improvement — to diagnose technical issues and improve the Service.
  • Legal compliance — to comply with applicable laws and respond to lawful requests.

We do not use your data for advertising or profiling. We do not send marketing emails without your explicit consent.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data on the following bases:

  • Contract — processing necessary to provide the Service you have requested (Article 6(1)(b)).
  • Legitimate interests — for security monitoring, fraud prevention, and service improvement (Article 6(1)(f)).
  • Legal obligation — where we are required to process data by law (Article 6(1)(c)).
  • Consent — for optional communications where applicable (Article 6(1)(a)).

5. Data Sharing

We do not sell, rent, or trade your personal data. We share data only with the following categories of third parties, and only to the extent necessary:

Provider Purpose Location
Netcup GmbH Infrastructure hosting Germany
Amazon Web Services (SES) Transactional email delivery EU (Ireland)
Cloudflare (Turnstile) Bot protection on login and registration Global
IPLocate (iplocate.io) IP geolocation lookup for monitored servers and probes United States
IPinfo (ipinfo.io) IP geolocation lookup for monitored servers and probes (fallback) United States

We may also disclose data where required by law, regulation, or valid legal process.

6. International Transfers

Your data is primarily stored and processed on servers located in Germany (EU). Where data is processed outside the UK — for example, IP geolocation lookups processed by US-based providers (see Section 5) — we ensure appropriate safeguards are in place in accordance with UK GDPR requirements.

Distributed monitoring probes may operate in various locations. Probes perform only HTTP/HTTPS requests and ping checks — they do not collect, store, or transfer personal data.

7. Data Retention

  • Account data — retained for the duration of your account and deleted upon account closure, subject to any legal retention requirements.
  • Monitoring metrics — retained according to your plan's data retention settings. Automated pruning removes data beyond the configured retention period.
  • Security and access logs — retained for up to 90 days.
  • Backups — encrypted backups are maintained on a rolling schedule and aged out automatically.

Inactive accounts may be deleted after 12 months of inactivity, with prior notice sent to your registered email address.

8. Security

We take the security of your data seriously and implement appropriate technical and organisational measures, including:

  • Encryption of data in transit (TLS) and at rest where applicable.
  • Hashed API keys and passwords (never stored in plain text).
  • Optional two-factor authentication (TOTP).
  • Role-based access controls and admin approval workflow.
  • Regular software updates and security patching.

No system is completely secure. If you discover a security vulnerability, please report it responsibly to [email protected].

9. Cookies

We use only essential cookies required for authentication and session management. We do not use tracking cookies, analytics cookies, or third-party advertising cookies.

We use Cloudflare Turnstile on registration and login forms to protect against automated abuse. Turnstile may set cookies strictly for bot protection purposes. For details on how Cloudflare processes this data, see Cloudflare's Privacy Policy.

10. Your Rights

Under UK GDPR, you have the following rights regarding your personal data:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — request correction of inaccurate or incomplete data.
  • Erasure — request deletion of your personal data.
  • Restriction — request that we limit processing of your data.
  • Portability — request your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interests.
  • Withdraw consent — where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected]. We will respond within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

11. Children

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice within the Service. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

MattWServices
Email: [email protected]