ObserverKit

Privacy policy

Last updated: 21 May 2026

1. Introduction

ObserverKit is operated by Undefined Computer (full identification in our Legal notice). Undefined Computer operates as both a data controller and a data processor depending on the context. We are the data controller for personal data you provide when creating and managing your ObserverKit account. When you use ObserverKit to collect error events from your own applications, we act as your data processor for any personal data contained in those events. The terms governing that processing are set out in our Data Processing Agreement (DPA), which is incorporated by reference into our Terms of Service.

2. Personal data we collect as controller

  • Account data: email address and display name.
  • Billing data: payment processing is handled by Stripe. We store only your Stripe customer ID; we do not store full card numbers or bank details.
  • Support correspondence: messages you send to us via email or support channels.
  • Server logs: retained for security and abuse prevention only. Logs contain IP address and HTTP request metadata; they are not used for marketing or profiling.

3. Legal bases (RGPD art. 6)

  • Contract (art. 6(1)(b)): account creation, service delivery, and billing.
  • Legitimate interest (art. 6(1)(f)): security logs and fraud prevention.
  • Consent (art. 6(1)(a)): any opt-in marketing or newsletter emails.
  • Legal obligation (art. 6(1)(c)): invoicing and accounting records.

4. Retention

Account data is retained for as long as your account is active. Upon account closure, your personal data is deleted within 30 days. Backup copies are retained for up to 30 days after deletion before being permanently purged.

5. Recipients & subprocessors

We share personal data only with the subprocessors necessary to deliver the Service. A full list of subprocessors, including their country of establishment and the safeguards in place, is available on our Subprocessors page.

6. International transfers

Hosting and database storage are provided by Hetzner Online GmbH (Germany) within the European Economic Area, in a data center located in Helsinki, Finland. Some of our other subprocessors are based outside the European Economic Area: Resend Inc. (email delivery, US) transfers data to the United States under Standard Contractual Clauses. Visitors Now LLC (website analytics, US) processes only anonymous, aggregated data and stores it on EU-hosted infrastructure; no personal data is transferred. Full details are on our Subprocessors page.

7. Your rights under RGPD

Under RGPD articles 15–22, you have the right to: access your personal data (art. 15), rectify inaccurate data (art. 16), request erasure (art. 17), restrict processing (art. 18), receive your data in a portable format (art. 20), and object to processing based on legitimate interest (art. 21).

To exercise any of these rights, contact us at . We will respond within 30 days.

You also have the right to lodge a complaint with the CNIL: Commission nationale de l'informatique et des libertés, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.

8. Cookies & similar technologies

We use only essential and functional cookies:

  • observerkit.session_token — authentication session, duration ~30 days, essential.
  • currentProject — selected project in dashboard, duration 1 year, functional.
  • theme — light/dark mode preference, duration 1 year, functional.
  • locale — language preference, duration 1 year, functional.

We use only essential and functional cookies. Under CNIL guidance, no consent banner is required.

9. Audience measurement

We use Visitors Now (operated by Visitors Now LLC, a Delaware, US company) for privacy-preserving audience measurement. This tool is cookie-less, collects no personally identifiable information, and stores aggregated data on EU-hosted infrastructure. It qualifies for the CNIL exemption applicable to cookie-less audience measurement tools that collect no personal data and do not enable cross-site tracking.

10. Children

The Service is not intended for users under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately so we can delete it.

11. Changes to this policy

We will provide at least 30 days' notice before making material changes to this Privacy Policy. The date of the current version is shown in the header of this page. Continued use of the Service after the effective date of any change constitutes acceptance of the updated policy.