Security & Compliance

Last updated: February 19, 2026

At Hyperping, the security of your data is a top priority. We implement industry-standard security measures to protect your information and maintain the integrity of our monitoring infrastructure.

Infrastructure Security

Data Center Locations

All primary customer data (databases, application servers, backups) is stored in the European Union, in DigitalOcean's Frankfurt (FRA1) data center in Germany. Our data centers benefit from physical security including 24/7 monitoring, biometric access controls, and redundant power and networking.

Monitoring probe servers are distributed globally across multiple cloud providers (DigitalOcean, Amazon Web Services, and Scaleway) to enable monitoring from 18+ regions worldwide. These probe servers only process transient monitoring data (ping results) and do not store customer account data.

Cloud Providers

  • DigitalOcean: Primary hosting, databases (PostgreSQL, Redis), and object storage. SOC 2 Type II and ISO 27001 certified.
  • Amazon Web Services (AWS): Monitoring infrastructure and S3 object storage. SOC 2, ISO 27001, PCI DSS, and HIPAA certified.
  • Scaleway: EU-based monitoring nodes for additional European redundancy.
  • Vercel: Hosting platform for customer status pages and marketing website. SOC 2 Type II certified.
  • Cloudflare: CDN, DDoS protection, and SSL/TLS termination. SOC 2 and ISO 27001 certified.

Network Security

  • All public-facing traffic is served over HTTPS with TLS 1.2+ encryption
  • DDoS protection provided by Cloudflare
  • Firewall rules restrict access to only necessary ports and services
  • Internal services communicate over private networks
  • Regular monitoring of network traffic for anomalies

Data Security

Encryption

  • In transit: All data transmitted between your browser/applications and our servers is encrypted using HTTPS (TLS 1.2+)
  • At rest: All stored data is encrypted using LUKS disk encryption on our servers and native encryption features of our managed databases
  • Database connections: All connections to our databases use SSL encryption
  • Backups: All backup data is encrypted

Data Stored at Hyperping

Hyperping stores only the data necessary to provide the service:

  • Account data: Name, email address, phone number (for SMS alerts), company name
  • Monitoring data: URLs, response times, uptime logs, SSL certificate information, synthetic check results
  • Status page data: Incident reports, maintenance schedules, subscriber emails, component configurations
  • Integration data: Webhook URLs, channel IDs, and API tokens for configured integrations
  • Billing data: Invoice records and subscription status (credit card details are stored exclusively by Stripe)

Passwords are stored using bcrypt hashing and are never stored in plain text. We do not log any user activity beyond what is necessary for service operation and security.

Access Controls

  • Access to production systems is restricted to authorized personnel on a need-to-know basis
  • All administrative access requires multi-factor authentication
  • SSH access to servers uses key-based authentication only
  • Access permissions are reviewed regularly and revoked promptly when no longer needed
  • All access to customer data is logged and auditable

Authentication for Customers

  • Email/password authentication with secure password hashing
  • Google Single Sign-On (SSO)
  • Enterprise SSO via SAML 2.0 (Microsoft Azure AD, Okta, Google Workspace) through WorkOS — available on Business and Enterprise plans
  • API authentication via API keys with granular permissions

Operational Security

Backup and Disaster Recovery

  • Full automated database backups are taken daily
  • Write-ahead logs (WAL) enable point-in-time recovery within the preceding 7 days
  • Managed databases include automatic failover to standby nodes in the event of primary node failure
  • Backup retention: daily backups for 30 days, weekly for 12 weeks, monthly for 12 months
  • Disaster recovery procedures are documented and tested regularly

Monitoring and Incident Response

  • Our infrastructure is monitored 24/7 using multiple monitoring systems
  • Automated alerting for system anomalies, performance degradation, and security events
  • Defined incident response procedures with escalation paths
  • Error tracking and performance monitoring using Sentry
  • Centralized logging for security analysis and forensic investigations

Incident Response Process

  1. Detection: Automated monitoring detects anomalies and alerts the on-call team
  2. Assessment: The incident is classified by severity and impact
  3. Containment: Immediate steps are taken to contain the incident and prevent further impact
  4. Resolution: Root cause analysis and remediation
  5. Communication: Affected customers are notified as appropriate. Security breaches involving personal data are reported within 72 hours as required by GDPR
  6. Post-mortem: Lessons learned are documented and preventive measures are implemented

Vulnerability Management

  • Dependencies are regularly updated and scanned for known vulnerabilities
  • Security patches are applied promptly
  • Code reviews are performed for all changes to production systems
  • We welcome responsible disclosure of security vulnerabilities (see below)

Compliance

GDPR

Hyperping is fully committed to complying with the European General Data Protection Regulation (GDPR). As a French company with primary data storage in the EU, we are subject to GDPR and assist our customers in their own GDPR compliance:

  • Lawful processing: We process personal data only on lawful bases (contract performance, legitimate interest, consent, or legal obligation)
  • Data Processing Agreement: We offer a DPA to all customers
  • Data subject rights: We support the right to access, rectification, erasure, restriction, portability, and objection
  • Data minimization: We collect and process only the data necessary to provide our services
  • Breach notification: We notify affected customers and authorities within 72 hours of becoming aware of a personal data breach, as required
  • Sub-processor management: We maintain a list of sub-processors and notify customers of changes
  • International transfers: Transfers outside the EEA are protected by Standard Contractual Clauses or equivalent mechanisms

Right to Be Forgotten

If a customer or subscriber requests their information (email, phone number, etc.) to be deleted from your status page, you can do so directly through your dashboard. The data will be fully removed from our application and databases. You may also request full account deletion, and all associated data will be permanently removed within 30 days (90 days for backups).

CCPA/CPRA

For California residents, Hyperping complies with the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). We do not sell personal information. Details about your rights under CCPA are in our Privacy Policy.

Infrastructure Provider Certifications

While Hyperping itself does not hold independent SOC 2 or ISO 27001 certifications at this time, our infrastructure providers maintain extensive certifications:

  • DigitalOcean: SOC 2 Type II, ISO 27001
  • AWS: SOC 2, ISO 27001, PCI DSS, HIPAA, FedRAMP
  • Stripe: PCI-DSS Level 1 (highest level of payment security certification)
  • Cloudflare: SOC 2, ISO 27001, PCI DSS
  • Vercel: SOC 2 Type II

We continuously evaluate our security program and may pursue independent certifications in the future.

Data Retention and Deletion

Data is retained only as long as necessary. Customer accounts and all related data are deleted upon request. Detailed retention periods are documented in our Privacy Policy.

Reporting a Vulnerability

We value the security research community and take all reports seriously. If you discover a security vulnerability, please report it responsibly:

  • Email: hello@hyperping.io
  • Include a detailed description of the vulnerability, steps to reproduce, and potential impact
  • We will acknowledge your report within 48 hours
  • We commit to investigating and addressing confirmed vulnerabilities promptly
  • We will not take legal action against researchers who follow responsible disclosure practices

Questions

For security-related questions, please contact us at hello@hyperping.io. For general inquiries, reach us at hello@hyperping.io.

Hyperping logo
50 Avenue des Champs-Élysées
75008 Paris, France
Product
MonitoringUptime monitoringWebsite monitoringStatus PagePublic status pagesSynthetic monitoringCron job monitoringCron job alertsIncident ManagementSSL monitoringSSL certificatesEscalation policiesPhone call alertsGoogle SSOPricingFeatures
Use Cases
SaaS & StartupsAgenciesEducationCloud & HostingEnterprise
Resources
BlogDocsIntegrationsWhy HyperpingAPI ReferenceCustomersEnterpriseStatus page examplesAlternativesData Processing AgreementSub-processorsService Level Agreement
Tools
SLA calculatorUptime calculatorDowntime cost calculatorCron expression generatorCron monitoringWebsite speed testWhat's my IP addressCompareBadge builder
Socials
socials-twittersocials-producthunt
hello@hyperping.io
Terms of ServicePrivacy PolicyCookie PolicySecurity & GDPR EuropeSLA