Privacy Notice

Last updated: 4 February 2026

This Privacy Notice explains how Driftmark (“we”, “us”) processes personal data when you use Driftmark, visit status pages hosted by Driftmark, or subscribe to notifications for a status page. We aim to be transparent, minimise data collection, and build the service according to privacy by design and by default (GDPR Article 25).

This notice is written with the GDPR in mind. If you have questions, contact support@driftmark.eu (this is also the channel for privacy enquiries).

Roles and scope (who is responsible for what)

Driftmark is the data controller for:

• account, administration, and service-operation data for users who create/manage status pages; and
• subscriber data for people who subscribe to notifications for a status page (see “Subscribers” below).

For content that a status page creator chooses to publish on a status page (for example, incident text that may include personal data), the status page creator is normally the data controller, and Driftmark acts as a data processor by hosting and displaying that content on their behalf. This distinction matters because the creator decides what personal data (if any) is published in their status messages, while we provide the technical platform.

Privacy by design: our baseline approach

We design Driftmark to:

• collect only what is needed to operate the service;
• avoid third-party tracking and behavioural advertising;
• avoid selling or sharing personal data for marketing purposes;
• isolate subscriber data from status page creators (aggregate metrics only);
• store and process data within the EU/EES using EU/EES-based infrastructure and providers; and
• apply appropriate security controls (see “Security” below).

Personal data we process

A. If you create/manage status pages (account holders)

We typically process:

• Account data: name, email address, authentication identifiers, organisation and workspace information.
• Service usage data: audit logs related to administration actions (for example, creating a status page, publishing an incident), and technical logs needed for security and troubleshooting.
• Communications: messages you send to support@driftmark.eu.

If you publish content on a status page, you control what you include. We recommend avoiding publishing personal data unless it is genuinely necessary.

B. If you subscribe to notifications (subscribers)

We process:

• Subscription data: email address or equivalent communication channel identifiers (and, where relevant, language or notification preferences).
• Subscription events: confirmation, unsubscription, delivery status, and basic interaction events needed to operate notifications (for example, bounce handling).
• Minimal technical data: logs required to prevent abuse and to maintain service integrity.

Important: subscriber details are not shared with the status page creator. The creator may see only aggregated metrics such as subscriber counts and trends over time.

C. If you visit a public status page (visitors)

We process limited technical data to deliver the page securely and reliably (for example, standard server logs). We also use privacy-friendly analytics (see below).

Purposes and legal bases (GDPR Article 6)

Account holders

We process personal data in order to:

• Provide the service and administer your account (legal basis: contract, Article 6(1)(b)).
• Secure and maintain Driftmark, prevent fraud/abuse, and debug issues (legal basis: legitimate interests, Article 6(1)(f)).
• Handle support requests and communications (legal basis: contract or legitimate interests, depending on context).
• Comply with legal obligations where applicable (legal basis: legal obligation, Article 6(1)(c)).

Subscribers

We process subscriber personal data in order to:

• Send notifications you request for a specific status page and manage your subscription (legal basis: usually consent, Article 6(1)(a), and/or contract, Article 6(1)(b), depending on how the subscription is implemented).
• Maintain deliverability and prevent abuse (legal basis: legitimate interests, Article 6(1)(f)).

You can withdraw consent at any time by unsubscribing using the link included in notifications (or by contacting support@driftmark.eu).

Visitors and analytics

We process limited usage data to:

• Understand service usage and improve Driftmark without intrusive tracking (legal basis: legitimate interests, Article 6(1)(f)).

Analytics (Fathom)

We use Fathom Analytics to understand general usage of Driftmark and public status pages. We use it in a privacy-oriented configuration and do not use it for advertising, cross-site tracking, or building personal profiles. We do not use third-party cookies for analytics.

Even privacy-friendly analytics can involve personal data under the GDPR (for example, online identifiers). We therefore treat analytics data carefully, minimise what is collected, and rely on legitimate interests, balanced against your rights and expectations.

Data sharing and recipients

We do not sell personal data.

We share personal data only with:

• EU/EES-based cloud and storage providers that host and operate the Service on our behalf (processors).
• Service providers necessary to run Driftmark (for example, email infrastructure for notifications), acting as processors and bound by data processing agreements.
• Public authorities where we are legally required to do so.

Subscriber data is not disclosed to status page creators, except in aggregated form (counts/statistics).

International transfers

To the extent technically possible, we restrict processing to within the EU/EES.

Data retention

We keep personal data only for as long as necessary for the purposes described:

• Account data is generally retained for the duration of the account and a limited period thereafter to handle deletion requests, disputes, security, and backups.
• Subscriber data is retained for as long as you remain subscribed. If you unsubscribe, we delete or irreversibly anonymise the subscription data within a reasonable period, except where limited retention is needed for suppression lists (to ensure we respect your opt-out) or for legal/security reasons.
• Logs are kept for a limited period appropriate for security and troubleshooting.

You may request deletion as described below.

Security

We apply appropriate technical and organisational measures designed to protect personal data, such as access controls, least-privilege practices, encryption in transit, and separation of environments. No system is perfectly secure, but we aim to reduce risk proportionately to the nature of the data we process.

Your rights

Depending on your situation and subject to the conditions in the GDPR, you have the right to:

• request access to your personal data;
• request rectification (correction);
• request erasure (deletion);
• request restriction of processing;
• object to processing based on legitimate interests;
• request data portability (where processing is based on contract or consent and carried out by automated means); and
• withdraw consent at any time (where processing is based on consent).

To exercise your rights, contact support@driftmark.eu. We may need to verify your identity before fulfilling a request.

You also have the right to lodge a complaint with the Swedish supervisory authority, Integritetsskyddsmyndigheten (IMY), or with the authority in the EU/EEA country where you live or work.

Children

Driftmark is not intended for children, and we do not knowingly collect personal data from children.

Changes to this notice

We may update this Privacy Notice to reflect changes in Driftmark, legal requirements, or how we process data. The date above shows when it was last revised. Where changes are material, we will take reasonable steps to inform account holders through the Service or other appropriate means.