← Back to postmortem.so

Privacy Policy

Last updated: March 2026

This Privacy Policy explains how postmortem.so ("we", "us", or "our") collects, uses, and protects your personal data when you use our service at postmortem.so.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

1. Who We Are

postmortem.so is an AI-powered incident monitoring and post-mortem generation service. For the purposes of GDPR, we are the data controller for personal data collected through our service.

Contact: support@postmortem.so

2. What Data We Collect

Account data

  • Name and email address (collected when you sign up via email or Google)
  • Authentication tokens managed by Clerk (our authentication provider)

Usage data

  • Projects, endpoints, and monitoring configurations you create
  • Incident records and post-mortem content generated for your projects
  • Check history and uptime data for your monitored endpoints

Billing data

  • Subscription plan and billing status
  • Payment processing is handled entirely by Stripe — we do not store credit card numbers or payment details

Technical data

  • Cookies set by Clerk for authentication and session management

Email subscriber data

  • Email addresses voluntarily submitted by visitors to your public status pages to receive incident notifications

3. How We Use Your Data

We use your data to:

  • Provide and operate the postmortem.so service
  • Monitor your endpoints and detect incidents
  • Generate AI-powered post-mortems using Anthropic's Claude API
  • Send you incident alert emails and resolved notifications
  • Process your subscription payments via Stripe
  • Send transactional emails via Resend
  • Communicate with you about your account

Legal basis (GDPR)

  • Contract performance — processing necessary to provide the service you signed up for

4. AI-Generated Content

When an incident is detected, we send check history data to Anthropic's Claude API to generate post-mortem reports. This data includes endpoint paths, status codes, latency values, and timestamps. We do not send personally identifiable information to the Claude API.

Anthropic's privacy policy applies to data processed by their API: anthropic.com/privacy

5. Data Sharing

We share your data only with the following third-party service providers, solely to operate the service:

ProviderPurposePrivacy Policy
ClerkAuthenticationclerk.com/privacy
NeonDatabase hostingneon.tech/privacy
VercelApplication hostingvercel.com/legal/privacy-policy
StripePayment processingstripe.com/privacy
ResendTransactional emailresend.com/privacy
AnthropicAI post-mortem generationanthropic.com/privacy
UpstashJob scheduling (QStash)upstash.com/privacy

We do not sell your personal data to third parties. We do not share your data for advertising purposes.

6. Data Retention

  • Account data: retained for the duration of your account, deleted within 30 days of account deletion
  • Check history: retained for 30 days (Free plan) or 90 days (Pro/Team plans), then automatically deleted
  • Incident and post-mortem data: retained for the duration of your account
  • Email subscriber data: retained until unsubscribed or your account is deleted

7. Cookies

We only use essential cookies required for authentication and session management (set by Clerk). We do not use advertising or analytics cookies.

8. Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights:

  • Access — request a copy of your personal data
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data
  • Portability — request your data in a machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request restriction of processing in certain circumstances

To exercise any of these rights, contact us at support@postmortem.so. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encrypted connections (HTTPS/TLS) for all data in transit
  • Authentication and access controls
  • Regular security reviews

10. International Transfers

Our service providers may process data outside the European Economic Area. Where this occurs, we ensure appropriate safeguards are in place (such as Standard Contractual Clauses).

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. The date at the top of this policy indicates when it was last updated.

12. Contact

For privacy-related questions or to exercise your rights: